* github-ci: Add DCO sign-off enforcement workflow

Introduce a `dco-check` job in
`.github/workflows/ci.yml`
that runs on pull request events. The job loops over
every commit in `origin/main..HEAD` and fails immediately
if any commit lacks a properly formatted

    Signed-off-by: <Name> <email>

footer, ensuring full compliance with our Developer
Certificate of Origin (DCO) policy.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* docs: Redirect TF-M links to Read the Docs URLs

Trusted Firmware-M has moved its public documentation
from `tf-m-user-guide.trustedfirmware.org/` to
`trustedfirmware-m.readthedocs.io`. Hence, switching to
the new domain.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* docs: Add the missing development environment requirements

Some of the newly added dependencies are missing in the
development environment requirements document. Hence, adding
these new dependencies.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

---------

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* sign-tfm-image: Refactor the CMake Module

The `SignTfmImage.cmake` module is refactored to
to accept an input binary name and an input signing
layout file.

These modifications are going to be used to sign the
non_secure and the ML Model images separately which
is essential to add the ML Model component OTA update
feature.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* fvp-options: Remove `--fast` option

`--fast` FVP NPU option is removed as it's not
completely supported by all platforms.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* cs-300: Extract the ML model to a separate binary

Eventually, we want the MCUBoot (and the rest of TF-M) to handle the ML
model in the same way as other components. To achieve that, the ML model
component will be kept in flash during boot, for the MCUBoot to validate
the image, and perform the swap operation if needed.

Since the Ethos NPU doesn't have access to flash, the model will be
copied back to DDR at runtime. This is why the model is still kept in
the DDR memory region in the linker script.

Patches for the trusted_firmware-m component:
- Add support for the third image for cs-300 platform.
- Configure the signing layout for the ML model, and reuse the NS key.
- Add a modified flash map for the cs-300, for the MCUBoot to handle the
third image. This is based on the default flash layout used before.

Signed-off-by: Filip Jagodzinski <filip.jagodzinski@arm.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* cs-310: Extract the ML model to a separate binary

Eventually, we want the MCUBoot (and the rest of TF-M) to handle the ML
model in the same way as other components. To achieve that, the ML model
component will be kept in flash during boot, for the MCUBoot to validate
the image, and perform the swap operation if needed.

Since the Ethos NPU doesn't have access to flash, the model will be
copied back to DDR at runtime. This is why the model is still kept in
the DDR memory region in the linker script.

Patches for the trusted_firmware-m component:
- Add support for the third image for cs-310 platform.
- Configure the signing layout for the ML model, and reuse the NS key.
- Add a modified flash map for the cs-310, for the MCUBoot to handle the
third image. This is based on the default flash layout used before.

Signed-off-by: Filip Jagodzinski <filip.jagodzinski@arm.com>
Signed-off-by: default avatarAhmed Ismail <Ahmed.Ismail@arm.com>

* mps4: Extract the ML model to a separate binary

Eventually, we want the MCUBoot (and the rest of TF-M) to handle the ML
model in the same way as other components. To achieve that, the ML model
component will be kept in flash during boot, for the MCUBoot to validate
the image, and perform the swap operation if needed.

Since the Ethos NPU doesn't have access to flash, the model will be
copied back to DDR at runtime. This is why the model is still kept in
the DDR memory region in the linker script.

Patches for the trusted_firmware-m component:
- Add support for the third image for mps4 platforms.
- Configure the signing layout for the ML model, and reuse the NS key.
- Add a modified flash map for the mps4 platforms, for the MCUBoot to
handle the third image. This is based on the default flash layout
used before.

These changes applies to both:
* Corstone-315 Platform.
* Corstone-320 Platform.

Signed-off-by: Filip Jagodzinski <filip.jagodzinski@arm.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* keyword: Extract the ML model as a TF-M component

keyword-detection example:
- Configure the MCUBoot to work with 3 components instead of 2.
- Configure the MCUBoot to use a non-default flash map.
- Set the ML model image version.
- Sign the ML model image using the same key as the NS image.
- Generate an update signature for the ML model image.
- At the ML task init, add a new step, where the ML model is copied from
flash to DDR.
- Update the merge images CMake function in TF-M integration
layer to handle the third component (the ML model image).
- Update the extract_sections_from_axf CMake function.

Patches for the freertos_ota_pal_psa component:
- Add the ML model file path.
- Stop using a global variable to store the NS image version.
- Fix the GetImageVersionPSA to return the version to an output param
for any given component (rather than update the global var).

Patches for the ml_embedded_evaluation_kit component:
- Override EthosU55 NPU default IRQ handler to avoid modifying the
vector table in run-time which alter the non-secure image result in
MCUBoot validation failure.

Additions for the OTA Orchestrator:
- Stop using a global variable to store the NS image version.
- Replace all the uses of the appFirmwareVersion global var with the
appropriate call to the new image version getter.

Signed-off-by: Filip Jagodzinski <filip.jagodzinski@arm.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* ml-update-demo: Update from a faulty model to a working one

Add a modified tflite file that produces no inference results
at runtime. This file can be used to build an application that
is fully functional, but the ML inference is unsuccessful in
detecting any keyword. Applying an OTA ML model update in this
state is very visible since the updated model does work as
expected (detects keywords from audio samples).

Signed-off-by: Filip Jagodzinski <filip.jagodzinski@arm.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* freertos-integration-tests: Remove OTA update dependencies

Since we don't run OTA tests as part of the intgeration tests
anymore, we don't need to sign the update binary and there
is no need to upload the update binary to AWS.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* ci: Add keyword-detection ML Model update nightly test

Add a new nightly test to verify the ML model OTA update,
this is done for Keyword-Detection application compiled with
GNU toolchain only as this is the currently supported combination.
This nightly test runs on all the Corstone platforms.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

---------

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
Signed-off-by: Filip Jagodzinski <filip.jagodzinski@arm.com>
Signed-off-by: default avatarAhmed Ismail <Ahmed.Ismail@arm.com>
Co-authored-by: Filip Jagodzinski <filip.jagodzinski@arm.com>

Gergely Korcsak authored Sep 25, 2024 and Devaraj Ranganna committed Oct 22, 2024

Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>

Top level README.md along with applications' documents
are updated to illustrate how the new PSA Crypto APIs
implementation configuration option can be used, and
mention the available configurations for the new option.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

Currently, the default build toolchain is ARMClang. However, with VS
Code devcontainers, only Arm GNU Toolchain is provided. Therefore, the
default toolchain is changed to GNU. The associated documentation is
also updated. In order to use the Arm Compiler for Embedded (ArmClang),
the toolchain needs to be installed in the devcontainer and an
additional argument `-TARMCLANG` must be passed while building the
example.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

Reuben Cartwright authored Jul 04, 2024 and Devaraj Ranganna committed Aug 22, 2024

The script contains tools used to create, destroy, and manage AWS IoT
Things, Policies, Buckets, Roles, and Jobs. It is intended to
automate the process of creating an OTA update.
The script was previously in a deprecated project.

Documentation for the script was also ported to
`/docs/components/aws_iot/aws_tool.md``.
Modified the aws_tool.md file with the following:
1. Fix paths from total-solutions.
2. Remove deprecated references (e.g. ats.sh)
3. Clarifications added (e.g. where to get AWS API keys).
4. Remove duplicate sections that have been ported already.

This commit links to this documentation in the top-level `README.md`,
under a section called 'Tools'.

Modified createIoTThings.py with the following:
1. comment all functions with Python Docstrings.
2. debug and refactor createIoTThings.py as detailed below.
3. Fix filenames and directories from deprecated total-solutions.

Total-solutions saved all credentials to the same .h file, but build.sh
in this project takes credentials from separate files.
This commit stores generated credentials for new objects in
the `credentials` directory by default, with unique file names per
Thing.
The user can optionally specify the credentials directory.

This commit makes it possible to do any operation except for an OTA
image update if update-signature.txt is not in the correct directory.
A warning is generated if update-signature.txt is not present.

This commit improves --help messages for the script.

This commit places additional user input checks e.g.
permissions_boundary must be of a certain format. Previous error
messages were confusing.

fix: does not forget to pass role name during role creation.
fix: _does_role_exist handles None and "" cases.
fix: cleanup after command failure. Do not delete a role if it already
existed before the script ran.
fix: create-update-only now gets role ARNs correctly.
fix: create-policy-only now passes thing name and policy name correctly.
fix: create-policy-only does not allow empty policy name or thing name.
fix: correct help messages e.g. for create-update-only.
Some other minor fixes also exist.

This script updates
`/applications/<target_application>/configs/aws_config/
aws_clientcredentials.h` once a Thing is created, where
`<target_application>` is specified on the CLI. If the file has been
previously modified, the script asks before overwriting.
This saves the user modifying the file.

Signed-off-by: Reuben Cartwright <Reuben.Cartwright@arm.com>

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

These additions are mainly inherited from this document:
`https://git.gitlab.arm.com/iot/open-iot-sdk/sdk/-/blob/


main/components/trusted-firmware-m/README.md`. However,
some modifications were made to match the FRI's project
use case.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

Add documentation related to the integration and usage
of MbedTLS from within the FRI.

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

The improvements include:

* Correcting spelling mistakes
* Structure of the documents for better readability

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

With all documentation files added under `docs` folder, finding a
relevant document was a time consuming process. Restructure the docs
folder to replicate the FRI source structure for easy navigation and
better user experience.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

David Hazi authored Mar 07, 2024 and Devaraj Ranganna committed Mar 14, 2024

Object detection example is an ML vision
example on the Cortex-M systems.
Currently running only on Corstone-315 to
demonstrate the usage of ISP, NPU, HDLCD
together.

Signed-off-by: Gabor Abonyi <gabor.abonyi@arm.com>

Ahmed Ismail authored Feb 09, 2024 and Devaraj Ranganna committed Feb 28, 2024

`aws-iot-example` is deprecated as `keyword-detection`
and `speech-recognition` applications do all the functionalities
that `aws-iot-example` does. Hence, there is no need to maintain
it anymore.

GitHub CI is modified to build `keyword-detection`
and `speech-recognition` applications instead of `aws-iot-example`.

Building the Ml Embedded Evaluation Kit requires Python 3.10
and the `libsndfile1-dev` library.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* Move supported toolchain information from application docs to
README.md to avoid duplicatiing it on all supported examples.
* Move supported platforms description from docs/prerequisites.md to
README.md to list and describe the supported platforms in one place.
* Add supported versions information to supported targets.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* Add all source and header files to build the application
* Update open-iot-sdk-toolchain version to include the `-fno-rtti` C++
  flag
* Remove no longer needed `--specs=nosys.specs` flag as include
   already in the updated version of open-iot-sdk-toolchain
* Update build and run scripts to support keyword-detection application
* Add documentation for the Keyword Detection application

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* middleware: Restructure external projects integration

* External projects are referred to as `components`
* The components are grouped per category within the `components`
  subdirectory.
* Each component contain a `library` subdir (containing the external
  project)
  and an `integration` subdir (containing additional code to integrate
  the external project).
* The external project used for the BSP is now also located in a
  `library` subdir within the `Bsp` subdir.

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* cmake: Provide components and BSP as part of the FRI

Rather having applications include individual parts of the FRI,
include all of its parts (BSP and components) in the root level
CMakeLists.txt

To build application, point CMake to each application's main
CMakeLists.txt as application should be treated as the root level
CMakeLists.txt. This approach also shows how users who may want to
include the FRI as a dependency to their project can build
applications by treating their applications as the root
level project.

Additionally:
* Raise an error if the minimum CMake version requirement is not met.
* Rename FRI CMake project to match FRI project name.
* Expose Tools/cmake subdir to CMake to find additional modules

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* apps: Do not share configuration files

This allows each application to apply configurations it needs
without changing the behaviour of other applications as was
previously the case since they share configuration files.

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* blinky: Improve CMake support

* Define all CMake variables to be used by the project prior to
  creating the project
* Sort list items alphabetically so they are easier to find
* Add fatal error if minimum CMake version is not used
* Remove unnecessary comments to declutter
* Handle compiler specific configurations in one location
* Move BSP configuration to BSP subdir
* Include only the libraries used by the application

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* apps: Improve Provisioning Python script

* Add type notation
* Wrap long lines
* Clarify variables and function names
* Process CLI arguments with click

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* aws-iot-example: Improve CMake support and organisation

* Define all CMake variables to be used by the project prior to
  creating the project
* Sort list items alphabetically so they are easier to find
* Add fatal error if minimum CMake version is not used
* Remove unnecessary comments to declutter
* Handle compiler specific configurations in one location
* Move BSP configuration to BSP subdir
* Include only the libraries used by the application

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* aws-iot-example: Add FreeRTOS libs integration test app

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* run-script: Fix root path and wrap long string

Improve readability of the string by wrapping it.

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* provisioning: Make provisioning available to all apps that need it

Move the provisioning source code and script to the helpers subdir

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* bsp: Rename `Bsp` subdir to `bsp`

The project is adopting snake case for files
and subdirectories names

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* bsp: Rename CMake script

CMake modules follow the typical naming convention of
VerbWithCamelCase.

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* docs: Rename `Docs` subdir following snake_case

The project is adopting snake case for files and subdirectories names

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* apps: Rename `Projects` subdir to `applications`

Improves the description of the content of the subdir.

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* tools: Rename `Tools` subdir following snake_case

The project is adopting snake case for files and subdirectories names

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* provisioning: Rename CMake script

CMake modules follow the typical naming convention of
VerbWithCamelCase.

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* aws-iot-example: Rename files and subdirs following snake_case

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* blinky: Rename files and subdirs following snake_case

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* docs: Add subdirectory description to README

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* ci: Move tools to `tools` subdir

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* tests: Move conftest.py to `tools/tests/`

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* docs: Add project organisation document

The document describes the various subdirectories
and conventions used througout this project.

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

* ci: Add known words to spellchecker

The added words are valid and therefore added
to the spellchecker dictionary.

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

---------

Signed-off-by: Hugues Kamba-Mpiana <hugues.kambampiana@arm.com>

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

With the addition of support for FreeRTOS TCP/IP stack, in addition to
Arm Virtual Hardware using Amazon Machine Images, Arm FRI can now run
ecosystem FVPs.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

Add detailed introduction and overview of the examples in README.md.
Describe how the components are put together in aws-iot-example.md.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

The blinky example prints `psa_framework_version` by invoking PSA API
from TF-M. In addition, it also prints `LED on` and `LED off` to
simulate LED blinking.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>