Update install path of tfm_ioctl_api.h, remove include of tfm_api.h
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
The place where TF-M places its non-secure api header files has changed
Therefore changing it for for all applications that use it.
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
To avoid confusion having both a 'tfm' and a 'trusted-firmware-m' tag,
remove the old 'tfm' tag entirely. Any external test frameworks that are
using the 'tfm' tag will need to be changed to account for this.
Signed-off-by: David Brown <david.brown@linaro.org>
In addition to running the tfm tests when the trusted-firmware-m module
changes, most of the tests also use MCUboot, which comes from our module.
Add the mcuboot tag to each of these tests, except for the single test that
explicitly builds without using MCUboot.
Signed-off-by: David Brown <david.brown@linaro.org>
A recent change #61718, adds support to the twister build to check for
manifest changes, and run tests using tags based on the modules that have
changed. The tfm tests have an existing tag `tfm` to select these tests,
but the above patch uses a tag named after the module, trusted-firmware-m.
To make this work, add `trusted-firmware-m` in addition to the existing tag
`tfm` so that these tests will run whenever the tfm module is updated.
Signed-off-by: David Brown <david.brown@linaro.org>
Twister now supports using YAML lists for all fields that were written
as space-separated lists. Used twister_to_list.py script. Some artifacts
on string length are due to how ruamel dumps content.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
As both C and C++ standards require applications running under an OS to
return 'int', adapt that for Zephyr to align with those standard. This also
eliminates errors when building with clang when not using -ffreestanding,
and reduces the need for compiler flags to silence warnings for both clang
and gcc.
Most of these changes were automated using coccinelle with the following
script:
@@
@@
- void
+ int
main(...) {
...
- return;
+ return 0;
...
}
Approximately 40 files had to be edited by hand as coccinelle was unable to
fix them.
Signed-off-by: Keith Packard <keithp@keithp.com>
Move tfm_merged.hex from <build>/tfm_merged.hex to
<build>/zephyr/tfm_merged.hex.
Use relative path to the runners.yaml hex file.
This makes it possible to move the build folder.
Example would be to copy out the runners.yaml and tfm_merged.hex file
and still be able to call west flash --skip-rebuild.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The AN547 no longer functions with this TF-M sample, and has been
broken since TF-M 1.6.0 without CI catching the issue, since this sample
wasn't modified to cause a CI run on the affected target.
Removing this board from the sample until the board support can be
reworked.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
Signed-off-by: David Brown <david.brown@linaro.org>
Update the sample to be compatible with API changes introduced in
TF-M 1.7.0, adding a new direct call to the PSA Crypto API to generate
random data, and cleaning up existing functions for compatibility
sake.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
Signed-off-by: David Brown <david.brown@linaro.org>
integration_platforms help us control what get built/executed in CI and
for each PR submitted. They do not filter out platforms, instead they
just minimize the amount of builds/testing for a particular
tests/sample.
Tests still run on all supported platforms when not in integration mode.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The current stm32l562_dk_ns has no flash partitions defined. This add
flash partitions following partition sizes that are compatible with
the TF-M platform defined at flash_layout.h and removes the redundant
overlays board files.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
As of today <zephyr/zephyr.h> is 100% equivalent to <zephyr/kernel.h>.
This patch proposes to then include <zephyr/kernel.h> instead of
<zephyr/zephyr.h> since it is more clear that you are including the
Kernel APIs and (probably) nothing else. <zephyr/zephyr.h> sounds like a
catch-all header that may be confusing. Most applications need to
include a bunch of other things to compile, e.g. driver headers or
subsystem headers like BT, logging, etc.
The idea of a catch-all header in Zephyr is probably not feasible
anyway. Reason is that Zephyr is not a library, like it could be for
example `libpython`. Zephyr provides many utilities nowadays: a kernel,
drivers, subsystems, etc and things will likely grow. A catch-all header
would be massive, difficult to keep up-to-date. It is also likely that
an application will only build a small subset. Note that subsystem-level
headers may use a catch-all approach to make things easier, though.
NOTE: This patch is **NOT** removing the header, just removing its usage
in-tree. I'd advocate for its deprecation (add a #warning on it), but I
understand many people will have concerns.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Set the TF-M profile type to none for TF-M integration samples.
If the default profile has been set to something else these samples may
fail.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Adds mps3_an547_ns to certain TF-M samples to improve
testing in CI by including the Arm Cortex-M55 platform.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
Removes lpcxpresso55s69_ns from certain sample.yaml files due
to changes required for TF-M 1.6.0 not being added to the
upstream project before the 1.6.0 release.
The NXP SDK available for download from NXP contains the required
updates, but these will need to be committed to TF-M, then made
available in the Zephyr fork, at which point the yaml files here can
have the LPC added back.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
The goal of this commit is to update existing STM32 boards descriptions
to use these size "DT_SIZE" macros to enhance readability. To realize this
i used a python script, which will detect the STM32 Boards
/zephyr/board/arm, and then will update in the dts files the partition
description using "DT_SIZE_K" and "DT_SIZE_M" macros.
Check manually and modify in .overlay files in samples and tests.
Signed-off-by: TLIG Dhaou <dhaou.tlig-ext@st.com>
In order to bring consistency in-tree, migrate all samples to the use
the new prefix <zephyr/...>. Note that the conversion has been scripted:
```python
from pathlib import Path
import re
EXTENSIONS = ("c", "h", "cpp", "rst")
for p in Path(".").glob("samples/**/*"):
if not p.is_file() or p.suffix and p.suffix[1:] not in EXTENSIONS:
continue
content = ""
with open(p) as f:
for line in f:
m = re.match(r"^(.*)#include <(.*)>(.*)$", line)
if (m and
not m.group(2).startswith("zephyr/") and
(Path(".") / "include" / "zephyr" / m.group(2)).exists()):
content += (
m.group(1) +
"#include <zephyr/" + m.group(2) +">" +
m.group(3) + "\n"
)
else:
content += line
with open(p, "w") as f:
f.write(content)
```
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Use the set of headers that the TF-M build system places in the
install output. Not all public header files are available in the
interface/include directory and the TF-M build system uses the install
mechanism of cmake to include additional headers based on platform
or configuration.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Following the work done to add TFM support on b_u585i_iot02a,
update other STM32 TFM enabled boards to benefit from the
progress made on TFM flashing instructions.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
For functions returning nothing, there is no need to document
with @return, as Doxgen complains about "documented empty
return type of ...".
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Due to a recent change in TFM, some more space should be allocated
to mcuboot flash partition (some space should be allocate for OTP)
(Cf commit db07170a34f ("Platform: Allocate space in flash for OTP")
in trusted-firmware-m repo)
Take this into account and increase mcuboot flash partition for
nucleo_l552ze_q_ns target.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Split the zephyr project maintained repository trusted-firmware-m into
forks of the individual upstream repositories.
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git
Upstream: TF-Mv1.4.1
Additions:
zephyr: module: Add zephyr module file
trusted-firmware-m: platform: lpcxpresso55s69: Update SDK
https://git.trustedfirmware.org/TF-M/tf-m-tests.git
Upstream: 51ff2bdfae043f6dd0813b000d928c4bda172660
Additions:
zephyr: module: Add module file for tf-m-tests
https://github.com/ARM-software/psa-arch-tests.git
Upstream: 60faad2ead1b967ec8e73accd793d3ed0e5c56bd
Additions:
zephyr: module: Add module file for psa-arch-tests
psa-arch-tests: Allow overriding of toolchain file
The organization of folders remain the same with the following
exceptions:
Moved:
root folder moved from modules/tee/tfm to modules/tee/tf-m to avoid
problems with west update.
zephyr/module.yml to trusted-firmware-m/zephyr/module.yml and
${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR} points to what was previously
${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/trusted-firmware-m.
Added:
psa-arch-tests/zephyr/module.yml and ${ZEPHYR_PSA_ARCH_TESTS_MODULE_DIR}
tf-m-tests/zephyr/module/ and ${ZEPHYR_TF_M_TESTS_MODULE_DIR}
Removed:
init-git.sh
README.rst
Fixes: #39353
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Move to CMake 3.20.0.
At the Toolchain WG it was decided to move to CMake 3.20.0.
The main reason for increasing CMake version is better toolchain
support.
Better toolchain support is added in the following CMake versions:
- armclang, CMake 3.15
- Intel oneAPI, CMake 3.20
- IAR, CMake 3.15 and 3.20
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Some devicetre overlays do not reflect the recent rename to make NS
variants of boards with TF-M support have more consistent names; fix
it.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
We add a test variant in tfm_ipc test, to validate the
scenario where TF-M is built without BL2 (MCUboot). We
test this on QEMU only (MPS2 AN521).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Due to changes in flash_layout.h for STM32L562, in the current
TF-M module update, we need to modify the DTS overlay files in
the TF-M samples where the board is supported.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Switch to calling the sys_arch_reboot() API directly,
instead of going through the generic sys_reboot API.
This is to avoid locking the IRQs before the reset is
called, which is breaking the PSA call execution.
Also, align sample code to use the same secure service
(platform reset) to show case the PSA connect and close
APIs, instead of a random one (since the reset service
has to work to ultimately perform the system reset).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the NS board variant from
`nrf9160dk_nrf9160ns` to `nrf9160dk_nrf9160_ns`
to maintain consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit updates the NS board variant from
`nrf5340dk_nrf5340_cpuappns` to `nrf5340dk_nrf5340_cpuapp_ns`
to maintain consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit update the NS board variant from
`v2m_musca_s1_nonsecure` to `v2m_musca_s1_ns` to maintain
consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit update the NS board variant from
`v2m_musca_b1_nonsecure` to `v2m_musca_b1_ns` to maintain
consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit update the NS board variant from `mps2_an521_nonsecure`
to `mps2_an521_ns` to maintain consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit update the NS board variant from `bl5340_dvk_cpuappns`
to `bl5340_dvk_cpuapp_ns` to maintain consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
The README.rst in `samples/tfm_integration/tfm_ipc` was incorrectly
referring to `psa_level_1`. README.rst has been updated to refer to
`tfm_ipc` example.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@linaro.org>
The AUDIT_LOG partition cannot be used in TF-M builds
with the IPC mode (CONFIG_TFM_IPC=y); we have added a
relevant dependency for this. So we can cleanup the
CONFIG_TFM_PARTITION_AUDIT_LOG=n from the configuration
files of the samples.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update overlay file for nucleo_l552ze_q_ns board,
since now the sample does not enable REGRESSION,
and thus regular TF-M flash layout for the board
is used.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Removes the dependency on the external test service from the
CONFIG_TFM_REGRESSION_S test suite, instead
demonstrating how to make direct IPC calls to the CRYPTO
service that is available as a part of standard TF-M builds.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
Instead of exposing publicly the TF-M NS interface include
directories, we include them when we build relevant projects.
This is required, as the TF-M include directories contains
psa crypto sources that are also provided by the mbedtls
crypto module. The downside of this solution is that the
TF-M includes need to be added explicitly in each application
that uses TF-M APIs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add new kconfigs
Include the ns-app built by TF-M build system for regression tests
Update tfm_ipc sample to use new kconfig
Signed-off-by: Andreas Vibeto <andreas.vibeto@nordicsemi.no>
To allow using TFM NS interface without enabling
CMSIS_RTOS V2 support. And to allow using TFM NS
code that uses logging.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
