diff options
author | Kevin Peng <kevin.peng@arm.com> | 2021-09-08 22:33:33 +0800 |
---|---|---|
committer | Kevin Peng <kevin.peng@arm.com> | 2021-09-18 08:58:53 +0200 |
commit | 23a583c3e4b62b13c51eecb0e84f4c312af51ab4 (patch) | |
tree | 09dd457d0cbfc5e7f5c24f53602523b477018ec7 | |
parent | a04206a06eef51dac0c0486798e3282f09e5e4d9 (diff) | |
download | trusted-firmware-m-23a583c3e4b62b13c51eecb0e84f4c312af51ab4.tar.gz |
Build: Use IPC Model to build by default
The Library Model (TFM_PSA_API=OFF) is not being developed anymore.
It does not support for new FF-M features.
New comers to TF-M should be encouraged to start with the IPC model
to have the better experiences.
Library Model might be replaced by SFN Model in the future.
This patch adds a new TFM_LIB_MODEL configuration and set to OFF by
default to build IPC model by default.
The TFM_PSA_API is not intended for users to choose between library
and IPC model anymore.
To build Library model, please set TFM_LIB_MODEL to ON.
Note:
The test repo version is updated as well for the dependency changes.
Change-Id: I43ec92cd46dbc5a26e3638269cfb6267e24352bd
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
26 files changed, 55 insertions, 79 deletions
diff --git a/config/check_config.cmake b/config/check_config.cmake index 2ac6380fd6..e4e95559dc 100644 --- a/config/check_config.cmake +++ b/config/check_config.cmake @@ -23,11 +23,13 @@ tfm_invalid_config(CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSI set (TFM_L3_PLATFORM_LISTS arm/mps2/an521 arm/musca_b1/sse_200 stm/stm32l562e_dk) +tfm_invalid_config(TFM_LIB_MODEL AND TFM_PSA_API) +tfm_invalid_config(NOT TFM_LIB_MODEL AND NOT TFM_PSA_API) tfm_invalid_config(TFM_ISOLATION_LEVEL LESS 1 OR TFM_ISOLATION_LEVEL GREATER 3) tfm_invalid_config(TFM_ISOLATION_LEVEL EQUAL 3 AND NOT TFM_PLATFORM IN_LIST TFM_L3_PLATFORM_LISTS) -tfm_invalid_config(TFM_ISOLATION_LEVEL GREATER 1 AND NOT TFM_PSA_API) +tfm_invalid_config(TFM_ISOLATION_LEVEL GREATER 1 AND TFM_LIB_MODEL) -tfm_invalid_config(TFM_MULTI_CORE_TOPOLOGY AND NOT TFM_PSA_API) +tfm_invalid_config(TFM_MULTI_CORE_TOPOLOGY AND TFM_LIB_MODEL) tfm_invalid_config(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM AND NOT TFM_MULTI_CORE_TOPOLOGY) tfm_invalid_config((TFM_S_REG_TEST OR TFM_NS_REG_TEST) AND TEST_PSA_API) @@ -38,7 +40,7 @@ tfm_invalid_config(PS_ROLLBACK_PROTECTION AND NOT PS_ENCRYPTION) tfm_invalid_config(SUITE STREQUAL "IPC" AND NOT TEST_PSA_API STREQUAL "IPC") -tfm_invalid_config(TEST_PSA_API STREQUAL "IPC" AND NOT TFM_PSA_API) +tfm_invalid_config(TEST_PSA_API STREQUAL "IPC" AND TFM_LIB_MODEL) tfm_invalid_config(TEST_PSA_API STREQUAL "CRYPTO" AND NOT TFM_PARTITION_CRYPTO) tfm_invalid_config(TEST_PSA_API STREQUAL "INITIAL_ATTESTATION" AND NOT TFM_PARTITION_INITIAL_ATTESTATION) tfm_invalid_config(TEST_PSA_API STREQUAL "INTERNAL_TRUSTED_STORAGE" AND NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE) @@ -63,7 +65,7 @@ tfm_invalid_config(TFM_CODE_SHARING STREQUAL "OFF" AND TFM_CODE_SHARING_PATH) ####################### SP META Pointer ######################################## -tfm_invalid_config(TFM_SP_META_PTR_ENABLE AND NOT TFM_PSA_API) +tfm_invalid_config(TFM_SP_META_PTR_ENABLE AND TFM_LIB_MODEL) ####################### Firmware Update Parttion ############################### @@ -78,7 +80,7 @@ tfm_invalid_config(NOT TFM_FIH_PROFILE IN_LIST TFM_FIH_PROFILE_LIST) ########################### TF-M audit log ##################################### -tfm_invalid_config(TFM_PARTITION_AUDIT_LOG AND TFM_PSA_API) +tfm_invalid_config(TFM_PARTITION_AUDIT_LOG AND NOT TFM_LIB_MODEL) ########################### TF-M crypto ######################################## diff --git a/config/config_default.cmake b/config/config_default.cmake index 09db32e52f..0a1b62e2e2 100644 --- a/config/config_default.cmake +++ b/config/config_default.cmake @@ -16,7 +16,9 @@ set(TEST_S OFF CACHE BOOL "Whether to set(TEST_NS OFF CACHE BOOL "Whether to build NS regression tests") set(TEST_PSA_API "" CACHE STRING "Which (if any) of the PSA API tests should be compiled") -set(TFM_PSA_API OFF CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode") +# TFM_LIB_MODEL is the only user configuration for Library Model selection. +# TFM_PSA_API becomes an internal variable. Please do NOT use it in build command line. +set(TFM_LIB_MODEL OFF CACHE BOOL "Use secure library model instead of PSA API (IPC model)") set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level") set(TFM_PROFILE "" CACHE STRING "Profile to use") set(TFM_FIH_PROFILE OFF CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]") @@ -108,7 +110,7 @@ set(ATTEST_INCLUDE_COSE_KEY_ID OFF CACHE BOOL "Include COS set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition") -set(TFM_PARTITION_AUDIT_LOG ON CACHE BOOL "Enable Audit Log partition") +set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition") set(FORWARD_PROT_MSG OFF CACHE BOOL "Whether to forward all PSA RoT messages to a Secure Enclave") set(TFM_PARTITION_FIRMWARE_UPDATE OFF CACHE BOOL "Enable firmware update partition") @@ -127,7 +129,7 @@ set(MCUBOOT_PATH "DOWNLOAD" CACHE PATH "Path set(MCUBOOT_VERSION "TF-Mv1.4-integ" CACHE STRING "The version of MCUboot to use") set(PSA_ARCH_TESTS_PATH "DOWNLOAD" CACHE PATH "Path to PSA arch tests (or DOWNLOAD to fetch automatically") -set(PSA_ARCH_TESTS_VERSION "51ff2bd" CACHE STRING "The version of PSA arch tests to use") +set(PSA_ARCH_TESTS_VERSION "c00020e" CACHE STRING "The version of PSA arch tests to use") ################################################################################ ################################################################################ diff --git a/config/profile/profile_large.cmake b/config/profile/profile_large.cmake index d3a95a6674..3de4a09118 100644 --- a/config/profile/profile_large.cmake +++ b/config/profile/profile_large.cmake @@ -6,7 +6,6 @@ #------------------------------------------------------------------------------- set(TFM_PROFILE profile_large CACHE STRING "Profile to use") -set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode") set(TFM_ISOLATION_LEVEL 3 CACHE STRING "Isolation level") ############################ Partitions ######################################## diff --git a/config/profile/profile_medium.cmake b/config/profile/profile_medium.cmake index 8b10152984..bdb8c3886f 100644 --- a/config/profile/profile_medium.cmake +++ b/config/profile/profile_medium.cmake @@ -6,7 +6,6 @@ #------------------------------------------------------------------------------- set(TFM_PROFILE profile_medium CACHE STRING "Profile to use") -set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode") set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level") ############################ Partitions ######################################## diff --git a/config/profile/profile_small.cmake b/config/profile/profile_small.cmake index 5d71eec4a4..c03e9113a8 100644 --- a/config/profile/profile_small.cmake +++ b/config/profile/profile_small.cmake @@ -6,7 +6,7 @@ #------------------------------------------------------------------------------- set(TFM_PROFILE profile_small CACHE STRING "Profile to use") -set(TFM_PSA_API OFF CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode") +set(TFM_LIB_MODEL ON CACHE BOOL "Use secure library model instead of PSA API (IPC model)") set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level") ########################## BL2 ################################################# diff --git a/config/set_config.cmake b/config/set_config.cmake index 9cb3cff465..78ca844bc7 100644 --- a/config/set_config.cmake +++ b/config/set_config.cmake @@ -43,7 +43,9 @@ if (TFM_PROFILE) endif() # Load TF-M model specific default config -if (TFM_PSA_API) +if (TFM_LIB_MODEL) + include(config/tfm_library_config_default.cmake) +else() include(config/tfm_ipc_config_default.cmake) endif() diff --git a/config/tfm_ipc_config_default.cmake b/config/tfm_ipc_config_default.cmake index 14512e9b68..b8b16b4b5a 100644 --- a/config/tfm_ipc_config_default.cmake +++ b/config/tfm_ipc_config_default.cmake @@ -7,4 +7,4 @@ ############################ Partitions ######################################## -set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition") +set(TFM_PSA_API ON CACHE BOOL "Use PSA API instead of secure library model") diff --git a/config/tfm_library_config_default.cmake b/config/tfm_library_config_default.cmake new file mode 100644 index 0000000000..887b0bee78 --- /dev/null +++ b/config/tfm_library_config_default.cmake @@ -0,0 +1,11 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2021, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +############################ Partitions ######################################## + +set(TFM_PSA_API OFF CACHE BOOL "Use PSA API instead of secure library model") +set(TFM_PARTITION_AUDIT_LOG ON CACHE BOOL "Enable Audit Log partition") diff --git a/docs/integration_guide/porting_TFM_to_a_new_hardware.rst b/docs/integration_guide/porting_TFM_to_a_new_hardware.rst index 13600c75ad..c87d7a9e89 100644 --- a/docs/integration_guide/porting_TFM_to_a_new_hardware.rst +++ b/docs/integration_guide/porting_TFM_to_a_new_hardware.rst @@ -787,8 +787,7 @@ Annex [config_cmake] set(BL2 OFF CACHE BOOL "Whether to build BL2") - set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode" FORCE) - set(NS FALSE CACHE BOOL "Whether to build NS app" FORCE) + set(NS FALSE CACHE BOOL "Whether to build NS app" FORCE) ------------ diff --git a/docs/integration_guide/tfm_test_suites_addition.rst b/docs/integration_guide/tfm_test_suites_addition.rst index a5a89a5c89..e3802f4e97 100644 --- a/docs/integration_guide/tfm_test_suites_addition.rst +++ b/docs/integration_guide/tfm_test_suites_addition.rst @@ -47,7 +47,6 @@ An example usage of test configuration shows below. cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 \ -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake \ -DCMAKE_BUILD_TYPE=Release \ - -DTFM_PSA_API=ON \ -DTEST_NS_ATTESTATION=ON With this command, only non-secure initial attestation test suite will be built. @@ -112,7 +111,7 @@ The setting is performed in following four steps. #. TF-M partitions configurations like ``TFM_PARTITION_CRYPTO``, ``TFM_PARTITION_INITIAL_ATTESTATION``, etc. - #. TF-M build mode configuration like ``TFM_PSA_API``. + #. TF-M build mode configuration like ``TFM_LIB_MODEL``. #. TF-M other configurations like ``TFM_PARTITION_FIRMWARE_UPDATE``, ``FORWARD_PROT_MSG``, etc. diff --git a/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst b/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst index 4a117243fe..2b53e45558 100644 --- a/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst +++ b/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst @@ -12,7 +12,7 @@ Advisory TFMV-2 | Versions | Affected All versions up to and including TF-M v1.2 | | Affected | | +----------------+-------------------------------------------------------------+ -| Configurations | IPC Model (TFM_PSA_API=ON) on Armv8-M | +| Configurations | IPC Model on Armv8-M | +----------------+-------------------------------------------------------------+ | Impact | Most likely a crash in secure world or reset whole system, | | | with a very low likelihood of overwriting some memory | diff --git a/docs/technical_references/design_docs/profiles/tfm_profile_large.rst b/docs/technical_references/design_docs/profiles/tfm_profile_large.rst index dd64e00977..9ca8d1f146 100644 --- a/docs/technical_references/design_docs/profiles/tfm_profile_large.rst +++ b/docs/technical_references/design_docs/profiles/tfm_profile_large.rst @@ -238,7 +238,7 @@ shown below. +============================================+====================================+====================================================================================================+ | ``TFM_ISOLATION_LEVEL`` | Select level 3 isolation | ``3`` | +--------------------------------------------+------------------------------------+----------------------------------------------------------------------------------------------------+ - | ``TFM_PSA_API`` | Select IPC model | ``ON`` | + | ``TFM_LIB_MODEL`` | Select IPC model | ``OFF`` | +--------------------------------------------+------------------------------------+----------------------------------------------------------------------------------------------------+ | ``TFM_PARTITION_INTERNAL_TRUSTED_STORAGE`` | Enable ITS SP | ``ON`` | +--------------------------------------------+------------------------------------+----------------------------------------------------------------------------------------------------+ diff --git a/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst b/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst index c7c75164e2..aa1e78f148 100644 --- a/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst +++ b/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst @@ -246,8 +246,8 @@ shown below. +============================================+=====================================================================================================+=====================================+ | ``TFM_ISOLATION_LEVEL`` | ``2`` | Select level 2 isolation | +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+ - | ``TFM_PSA_API`` | ``True`` | Select IPC model | - +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+ + | ``TFM_LIB_MODEL`` | ``OFF`` | Select IPC model | + +--------------------------------------------+------------------------------------+------------------------------------------------------------------------------------------------------+ | ``TFM_PARTITION_INTERNAL_TRUSTED_STORAGE`` | ``ON`` | Enable ITS SP | +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+ | ``ITS_BUF_SIZE`` | ``32`` | ITS internal transient buffer size | diff --git a/docs/technical_references/design_docs/profiles/tfm_profile_small.rst b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst index 5a02cde010..ea39408bb0 100644 --- a/docs/technical_references/design_docs/profiles/tfm_profile_small.rst +++ b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst @@ -371,7 +371,7 @@ shown below. +============================================+=====================================================================================================+=====================================+ | ``TFM_ISOLATION_LEVEL`` | ``1`` | Select level 2 isolation | +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+ - | ``TFM_PSA_API`` | ``FALSE`` | Select IPC model | + | ``TFM_LIB_MODEL`` | ``ON`` | Select Library model | +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+ | ``TFM_PARTITION_INTERNAL_TRUSTED_STORAGE`` | ``ON`` | Enable ITS SP | +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+ diff --git a/docs/technical_references/instructions/tfm_build_instruction.rst b/docs/technical_references/instructions/tfm_build_instruction.rst index e61067e220..378b299e45 100644 --- a/docs/technical_references/instructions/tfm_build_instruction.rst +++ b/docs/technical_references/instructions/tfm_build_instruction.rst @@ -120,8 +120,8 @@ important options are listed below. +---------------------+----------------------------------------+---------------+ | NS | Build NS app. Required for test code. | ON | +---------------------+----------------------------------------+---------------+ -| TFM_PSA_API | Use PSA api (IPC mode) instead of | OFF | -| | secure library mode. | | +| TFM_LIB_MODEL | Use secure library model instead of | OFF | +| | PSA api (IPC model). | | +---------------------+----------------------------------------+---------------+ | TFM_ISOLATION_LEVEL | Set TFM isolation level. | 1 | +---------------------+----------------------------------------+---------------+ @@ -199,9 +199,8 @@ other test suites. Test configurations and dependencies will be checked in ``${TFM_TEST_REPO_PATH}/test/config/check_config.cmake``. If regression testing is enabled, it will then enable all tests for the enabled -secure partitions. If IPC mode is enabled via ``TFM_PSA_API`` the IPC tests will -be enabled. Multicore tests will be enabled if ``TFM_MULTI_CORE_TOPOLOGY`` is -enabled. +secure partitions. +Multicore tests will be enabled if ``TFM_MULTI_CORE_TOPOLOGY`` is enabled. Some cryptographic tests can be enabled and disabled. This is done to prevent false failures from being reported when a smaller Mbed Crypto config is being @@ -273,12 +272,11 @@ variables, in the format of cmake command line parameters. +------------------------------------------+---------------------------------------+ | File | Cmake command line | +==========================================+=======================================+ -| ConfigDefault.cmake | <No options> | +| ConfigDefault.cmake | -DTFM_LIB_MODEL=ON | +------------------------------------------+---------------------------------------+ -| ConfigCoreIPC.cmake | -DTFM_PSA_API=ON | +| ConfigCoreIPC.cmake | <no options> | +------------------------------------------+---------------------------------------+ -| ConfigCoreIPCTfmLevel2.cmake | -DTFM_PSA_API=ON | -| | -DTFM_ISOLATION_LEVEL=2 | +| ConfigCoreIPCTfmLevel2.cmake | -DTFM_ISOLATION_LEVEL=2 | +------------------------------------------+---------------------------------------+ | ConfigDefaultProfileS.cmake | -DTFM_PROFILE=profile_small | +------------------------------------------+---------------------------------------+ @@ -287,10 +285,8 @@ variables, in the format of cmake command line parameters. | ConfigRegression.cmake | -DTEST_NS=ON -DTEST_S=ON | +------------------------------------------+---------------------------------------+ | ConfigRegressionIPC.cmake | -DTEST_NS=ON -DTEST_S=ON | -| | -DTFM_PSA_API=ON | +------------------------------------------+---------------------------------------+ | ConfigRegressionIPCTfmLevel2.cmake | -DTEST_NS=ON -DTEST_S=ON | -| | -DTFM_PSA_API=ON | | | -DTFM_ISOLATION_LEVEL=2 | +------------------------------------------+---------------------------------------+ | ConfigRegressionProfileS.cmake | -DTFM_PROFILE=profile_small | @@ -302,10 +298,8 @@ variables, in the format of cmake command line parameters. | ConfigPsaApiTest.cmake | -DTEST_PSA_API=<test_suite> | +------------------------------------------+---------------------------------------+ | ConfigPsaApiTestIPC.cmake | -DTEST_PSA_API=<test_suite> | -| | -DTFM_PSA_API=ON | +------------------------------------------+---------------------------------------+ | ConfigPsaApiTestIPCTfmLevel2.cmake | -DTEST_PSA_API=<test_suite> | -| | -DTFM_PSA_API=ON | | | -DTFM_ISOLATION_LEVEL=2 | +------------------------------------------+---------------------------------------+ | ConfigDefaultProfileM.cmake | -DTFM_PROFILE=profile_medium | @@ -391,8 +385,8 @@ Alternately using traditional cmake syntax cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTEST_S=ON -DTEST_NS=ON make install -Build for PSA Functional API compliance tests -============================================= +Build for PSA API tests +======================= The build system provides support for building and integrating the PSA API tests from https://github.com/ARM-software/psa-arch-tests. PSA API tests are controlled using the TEST_PSA_API variable. Enabling both regression tests and @@ -427,32 +421,6 @@ Alternately using traditional cmake syntax cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTEST_PSA_API=CRYPTO make install -Build for PSA FF (IPC) compliance tests -======================================= - -The build system provides support for building and integrating the PSA FF -compliance test. This support is controlled by the TEST_PSA_API variable: - -.. code-block:: bash - - -DTEST_PSA_API=IPC - -.. code-block:: bash - - cd <TF-M base folder> - cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DTEST_PSA_API=IPC -DTFM_PSA_API=ON - cmake --build cmake_build -- install - -Alternately using traditional cmake syntax - -.. code-block:: bash - - cd <TF-M base folder> - mkdir cmake_build - cd cmake_build - cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTEST_PSA_API=IPC -DTFM_PSA_API=ON - make install - Location of build artifacts =========================== diff --git a/platform/ext/target/arm/diphda/config.cmake b/platform/ext/target/arm/diphda/config.cmake index 503b525345..f0fd77dcf5 100644 --- a/platform/ext/target/arm/diphda/config.cmake +++ b/platform/ext/target/arm/diphda/config.cmake @@ -13,7 +13,6 @@ set(MCUBOOT_UPGRADE_STRATEGY "RAM_LOAD" CACHE STRING "Upgrade strat set(MCUBOOT_IMAGE_NUMBER 3 CACHE STRING "Number of images loaded by mcuboot") set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture") set(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM ON CACHE BOOL "Whether to use a platform specific inter core communication instead of mailbox in dual-cpu topology") -set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode") set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms") set(PLATFORM_DUMMY_NV_SEED FALSE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.") set(NS FALSE CACHE BOOL "Whether to build NS app") diff --git a/platform/ext/target/arm/mps2/an521/config.cmake b/platform/ext/target/arm/mps2/an521/config.cmake index d93f5bb8f4..9498c96c6c 100644 --- a/platform/ext/target/arm/mps2/an521/config.cmake +++ b/platform/ext/target/arm/mps2/an521/config.cmake @@ -7,7 +7,7 @@ set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/arm/mps2/an521/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE) -if(TFM_PSA_API) +if(NOT TFM_LIB_MODEL) if (NOT TEST_NS_SLIH_IRQ AND TEST_NS) # FLIH and SLIH testing can not be enabled at the same time set(TEST_NS_FLIH_IRQ ON CACHE BOOL "Enable FLIH testing") diff --git a/platform/ext/target/arm/musca_b1/secure_enclave/config.cmake b/platform/ext/target/arm/musca_b1/secure_enclave/config.cmake index 040daa49ec..e918f144ac 100644 --- a/platform/ext/target/arm/musca_b1/secure_enclave/config.cmake +++ b/platform/ext/target/arm/musca_b1/secure_enclave/config.cmake @@ -7,7 +7,6 @@ # Configuration values forced due to the Secure Enclave topology set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture" FORCE) -set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode" FORCE) set(NS FALSE CACHE BOOL "Whether to build NS app" FORCE) set(TEST_NS OFF CACHE BOOL "Whether to build NS regression tests" FORCE) diff --git a/platform/ext/target/arm/musca_b1/sse_200/config.cmake b/platform/ext/target/arm/musca_b1/sse_200/config.cmake index 34f8068cfc..2c93b98970 100644 --- a/platform/ext/target/arm/musca_b1/sse_200/config.cmake +++ b/platform/ext/target/arm/musca_b1/sse_200/config.cmake @@ -26,7 +26,6 @@ if (NOT FORWARD_PROT_MSG) else() set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately") set(MCUBOOT_MEASURED_BOOT OFF CACHE BOOL "Add boot measurement values to boot status. Used for initial attestation token") - set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode") set(TFM_PARTITION_PROTECTED_STORAGE OFF CACHE BOOL "Enable Protected Storage partition") set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE OFF CACHE BOOL "Enable Internal Trusted Storage partition") set(TFM_PARTITION_CRYPTO OFF CACHE BOOL "Enable Crypto partition") @@ -46,7 +45,7 @@ set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_SOURCE_DIR}/platform/ext/target/ set(PSA_API_TEST_TARGET "musca_b1" CACHE STRING "Target to use when building the PSA API tests") -if(TFM_PSA_API) +if(NOT TFM_LIB_MODEL) if (TEST_NS_FLIH_IRQ) message(FATAL_ERROR "FLIH testing has not been supported!") endif() diff --git a/platform/ext/target/cypress/psoc64/config.cmake b/platform/ext/target/cypress/psoc64/config.cmake index f016cd824f..65c8aa2a93 100644 --- a/platform/ext/target/cypress/psoc64/config.cmake +++ b/platform/ext/target/cypress/psoc64/config.cmake @@ -7,8 +7,6 @@ set(BL2 OFF CACHE BOOL "Whether to build BL2") -set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode") - set(TFM_NS_CLIENT_IDENTIFICATION OFF CACHE BOOL "Enable NS client identification") ############################ Platform ########################################## diff --git a/platform/ext/target/nuvoton/m2351/README.rst b/platform/ext/target/nuvoton/m2351/README.rst index 8b44dceaa4..0901269c8a 100644 --- a/platform/ext/target/nuvoton/m2351/README.rst +++ b/platform/ext/target/nuvoton/m2351/README.rst @@ -12,6 +12,7 @@ Build TF-M with M2351 by following commands: $ cd build $ cmake ../ \ -G"Unix Makefiles" \ + -DTFM_LIB_MODEL=ON \ -DTFM_PLATFORM=nuvoton/m2351 \ -DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake \ -DTEST_NS=ON \ @@ -20,7 +21,7 @@ Build TF-M with M2351 by following commands: Define TEST_NS=ON or TEST_S=ON for non-secure or secure regression test. CMAKE_BUILD_TYPE could be "Release", "RelWithDebInfo" or "Minsizerel" -TFM_PSA_API=ON and TFM_ISOLATION_LEVEL=2 can also be set but them cannot be +TFM_LIB_MODEL=OFF and TFM_ISOLATION_LEVEL=2 can also be set but them cannot be defined with TEST_S=ON or TEST_NS=ON at the same time due to limited RAM size of M2351. Other cmake parameters should not be changed. diff --git a/platform/ext/target/nuvoton/m2354/README.rst b/platform/ext/target/nuvoton/m2354/README.rst index 956ee63340..20558e902a 100644 --- a/platform/ext/target/nuvoton/m2354/README.rst +++ b/platform/ext/target/nuvoton/m2354/README.rst @@ -16,14 +16,13 @@ Build TF-M with M2354 by following commands: -DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake \ -DTEST_S=ON \ -DTEST_NS=ON \ - -DTFM_PSA_API=ON \ -DTFM_ISOLATION_LEVEL=2 \ -DCMAKE_BUILD_TYPE=Release \ $ make install Define TEST_NS=ON or TEST_S=ON for non-secure or secure regression test. CMAKE_BUILD_TYPE could be "Release", "Debug", "RelWithDebInfo" or "Minsizerel" -TFM_PSA_API=ON and TFM_ISOLATION_LEVEL=2 can also be set. +TFM_ISOLATION_LEVEL=2 can also be set. Other cmake parameters should not be changed. Flashing Image with Nuvoton NuLink Tool diff --git a/platform/ext/target/nxp/lpcxpresso55s69/README.rst b/platform/ext/target/nxp/lpcxpresso55s69/README.rst index d766411766..ed78fd987f 100644 --- a/platform/ext/target/nxp/lpcxpresso55s69/README.rst +++ b/platform/ext/target/nxp/lpcxpresso55s69/README.rst @@ -16,7 +16,7 @@ Or do it manually using the following commands: .. code:: bash - $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles" + $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles" $ cd build && make install 1.2 Building TF-M demo with BL2 @@ -29,7 +29,7 @@ Or do it manually using the following commands: .. code:: bash - $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles" + $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles" $ cd build && make install 1.3 Building TF-M regression tests @@ -42,7 +42,7 @@ or do it manually using following commands: .. code:: bash - $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTEST_S=ON -DTEST_NS=ON -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles" + $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTEST_S=ON -DTEST_NS=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles" $ cd build && make install .. Note:: diff --git a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo.py b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo.py index ef29f7ba0d..d715ae928e 100644 --- a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo.py +++ b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo.py @@ -17,7 +17,7 @@ if os.path.isdir("build"): os.system('rm -rf build') # Generate the S and NS makefiles -os.system('cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"') +os.system('cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"') # Build the binaries os.chdir('build') diff --git a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo_bl2.py b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo_bl2.py index 51b5bc5f6d..5c3f11d826 100644 --- a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo_bl2.py +++ b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo_bl2.py @@ -46,7 +46,7 @@ if os.path.isdir("build"): os.system('rm -rf build') # Generate the S and NS makefiles -os.system('cmake -S . -B build -DBL2_S_IMAGE_START=' + BL2_S_IMAGE_START + ' -DBL2_NS_IMAGE_START=' + BL2_NS_IMAGE_START + ' -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"') +os.system('cmake -S . -B build -DBL2_S_IMAGE_START=' + BL2_S_IMAGE_START + ' -DBL2_NS_IMAGE_START=' + BL2_NS_IMAGE_START + ' -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"') # Build the binaries os.chdir('build') diff --git a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_regression.py b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_regression.py index fc59f86294..7407bf5b2b 100644 --- a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_regression.py +++ b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_regression.py @@ -17,7 +17,7 @@ if os.path.isdir("build"): os.system('rm -rf build') # Generate the S and NS makefiles -os.system('cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTEST_S=ON -DTEST_NS=ON -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"') +os.system('cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTEST_S=ON -DTEST_NS=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"') # Build the binaries os.chdir('build') |