Build: Use IPC Model to build by default
The Library Model (TFM_PSA_API=OFF) is not being developed anymore.
It does not support for new FF-M features.
New comers to TF-M should be encouraged to start with the IPC model
to have the better experiences.
Library Model might be replaced by SFN Model in the future.
This patch adds a new TFM_LIB_MODEL configuration and set to OFF by
default to build IPC model by default.
The TFM_PSA_API is not intended for users to choose between library
and IPC model anymore.
To build Library model, please set TFM_LIB_MODEL to ON.
Note:
The test repo version is updated as well for the dependency changes.
Change-Id: I43ec92cd46dbc5a26e3638269cfb6267e24352bd
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
diff --git a/docs/integration_guide/porting_TFM_to_a_new_hardware.rst b/docs/integration_guide/porting_TFM_to_a_new_hardware.rst
index 13600c7..c87d7a9 100644
--- a/docs/integration_guide/porting_TFM_to_a_new_hardware.rst
+++ b/docs/integration_guide/porting_TFM_to_a_new_hardware.rst
@@ -787,8 +787,7 @@
[config_cmake]
set(BL2 OFF CACHE BOOL "Whether to build BL2")
- set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode" FORCE)
- set(NS FALSE CACHE BOOL "Whether to build NS app" FORCE)
+ set(NS FALSE CACHE BOOL "Whether to build NS app" FORCE)
------------
diff --git a/docs/integration_guide/tfm_test_suites_addition.rst b/docs/integration_guide/tfm_test_suites_addition.rst
index a5a89a5..e3802f4 100644
--- a/docs/integration_guide/tfm_test_suites_addition.rst
+++ b/docs/integration_guide/tfm_test_suites_addition.rst
@@ -47,7 +47,6 @@
cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 \
-DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake \
-DCMAKE_BUILD_TYPE=Release \
- -DTFM_PSA_API=ON \
-DTEST_NS_ATTESTATION=ON
With this command, only non-secure initial attestation test suite will be built.
@@ -112,7 +111,7 @@
#. TF-M partitions configurations like ``TFM_PARTITION_CRYPTO``,
``TFM_PARTITION_INITIAL_ATTESTATION``, etc.
- #. TF-M build mode configuration like ``TFM_PSA_API``.
+ #. TF-M build mode configuration like ``TFM_LIB_MODEL``.
#. TF-M other configurations like ``TFM_PARTITION_FIRMWARE_UPDATE``,
``FORWARD_PROT_MSG``, etc.
diff --git a/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst b/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst
index 4a11724..2b53e45 100644
--- a/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst
+++ b/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst
@@ -12,7 +12,7 @@
| Versions | Affected All versions up to and including TF-M v1.2 |
| Affected | |
+----------------+-------------------------------------------------------------+
-| Configurations | IPC Model (TFM_PSA_API=ON) on Armv8-M |
+| Configurations | IPC Model on Armv8-M |
+----------------+-------------------------------------------------------------+
| Impact | Most likely a crash in secure world or reset whole system, |
| | with a very low likelihood of overwriting some memory |
diff --git a/docs/technical_references/design_docs/profiles/tfm_profile_large.rst b/docs/technical_references/design_docs/profiles/tfm_profile_large.rst
index dd64e00..9ca8d1f 100644
--- a/docs/technical_references/design_docs/profiles/tfm_profile_large.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_large.rst
@@ -238,7 +238,7 @@
+============================================+====================================+====================================================================================================+
| ``TFM_ISOLATION_LEVEL`` | Select level 3 isolation | ``3`` |
+--------------------------------------------+------------------------------------+----------------------------------------------------------------------------------------------------+
- | ``TFM_PSA_API`` | Select IPC model | ``ON`` |
+ | ``TFM_LIB_MODEL`` | Select IPC model | ``OFF`` |
+--------------------------------------------+------------------------------------+----------------------------------------------------------------------------------------------------+
| ``TFM_PARTITION_INTERNAL_TRUSTED_STORAGE`` | Enable ITS SP | ``ON`` |
+--------------------------------------------+------------------------------------+----------------------------------------------------------------------------------------------------+
diff --git a/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst b/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
index c7c7516..aa1e78f 100644
--- a/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
@@ -246,8 +246,8 @@
+============================================+=====================================================================================================+=====================================+
| ``TFM_ISOLATION_LEVEL`` | ``2`` | Select level 2 isolation |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``TFM_PSA_API`` | ``True`` | Select IPC model |
- +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
+ | ``TFM_LIB_MODEL`` | ``OFF`` | Select IPC model |
+ +--------------------------------------------+------------------------------------+------------------------------------------------------------------------------------------------------+
| ``TFM_PARTITION_INTERNAL_TRUSTED_STORAGE`` | ``ON`` | Enable ITS SP |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
| ``ITS_BUF_SIZE`` | ``32`` | ITS internal transient buffer size |
diff --git a/docs/technical_references/design_docs/profiles/tfm_profile_small.rst b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
index 5a02cde..ea39408 100644
--- a/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
@@ -371,7 +371,7 @@
+============================================+=====================================================================================================+=====================================+
| ``TFM_ISOLATION_LEVEL`` | ``1`` | Select level 2 isolation |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``TFM_PSA_API`` | ``FALSE`` | Select IPC model |
+ | ``TFM_LIB_MODEL`` | ``ON`` | Select Library model |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
| ``TFM_PARTITION_INTERNAL_TRUSTED_STORAGE`` | ``ON`` | Enable ITS SP |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
diff --git a/docs/technical_references/instructions/tfm_build_instruction.rst b/docs/technical_references/instructions/tfm_build_instruction.rst
index e61067e..378b299 100644
--- a/docs/technical_references/instructions/tfm_build_instruction.rst
+++ b/docs/technical_references/instructions/tfm_build_instruction.rst
@@ -120,8 +120,8 @@
+---------------------+----------------------------------------+---------------+
| NS | Build NS app. Required for test code. | ON |
+---------------------+----------------------------------------+---------------+
-| TFM_PSA_API | Use PSA api (IPC mode) instead of | OFF |
-| | secure library mode. | |
+| TFM_LIB_MODEL | Use secure library model instead of | OFF |
+| | PSA api (IPC model). | |
+---------------------+----------------------------------------+---------------+
| TFM_ISOLATION_LEVEL | Set TFM isolation level. | 1 |
+---------------------+----------------------------------------+---------------+
@@ -199,9 +199,8 @@
checked in ``${TFM_TEST_REPO_PATH}/test/config/check_config.cmake``.
If regression testing is enabled, it will then enable all tests for the enabled
-secure partitions. If IPC mode is enabled via ``TFM_PSA_API`` the IPC tests will
-be enabled. Multicore tests will be enabled if ``TFM_MULTI_CORE_TOPOLOGY`` is
-enabled.
+secure partitions.
+Multicore tests will be enabled if ``TFM_MULTI_CORE_TOPOLOGY`` is enabled.
Some cryptographic tests can be enabled and disabled. This is done to prevent
false failures from being reported when a smaller Mbed Crypto config is being
@@ -273,12 +272,11 @@
+------------------------------------------+---------------------------------------+
| File | Cmake command line |
+==========================================+=======================================+
-| ConfigDefault.cmake | <No options> |
+| ConfigDefault.cmake | -DTFM_LIB_MODEL=ON |
+------------------------------------------+---------------------------------------+
-| ConfigCoreIPC.cmake | -DTFM_PSA_API=ON |
+| ConfigCoreIPC.cmake | <no options> |
+------------------------------------------+---------------------------------------+
-| ConfigCoreIPCTfmLevel2.cmake | -DTFM_PSA_API=ON |
-| | -DTFM_ISOLATION_LEVEL=2 |
+| ConfigCoreIPCTfmLevel2.cmake | -DTFM_ISOLATION_LEVEL=2 |
+------------------------------------------+---------------------------------------+
| ConfigDefaultProfileS.cmake | -DTFM_PROFILE=profile_small |
+------------------------------------------+---------------------------------------+
@@ -287,10 +285,8 @@
| ConfigRegression.cmake | -DTEST_NS=ON -DTEST_S=ON |
+------------------------------------------+---------------------------------------+
| ConfigRegressionIPC.cmake | -DTEST_NS=ON -DTEST_S=ON |
-| | -DTFM_PSA_API=ON |
+------------------------------------------+---------------------------------------+
| ConfigRegressionIPCTfmLevel2.cmake | -DTEST_NS=ON -DTEST_S=ON |
-| | -DTFM_PSA_API=ON |
| | -DTFM_ISOLATION_LEVEL=2 |
+------------------------------------------+---------------------------------------+
| ConfigRegressionProfileS.cmake | -DTFM_PROFILE=profile_small |
@@ -302,10 +298,8 @@
| ConfigPsaApiTest.cmake | -DTEST_PSA_API=<test_suite> |
+------------------------------------------+---------------------------------------+
| ConfigPsaApiTestIPC.cmake | -DTEST_PSA_API=<test_suite> |
-| | -DTFM_PSA_API=ON |
+------------------------------------------+---------------------------------------+
| ConfigPsaApiTestIPCTfmLevel2.cmake | -DTEST_PSA_API=<test_suite> |
-| | -DTFM_PSA_API=ON |
| | -DTFM_ISOLATION_LEVEL=2 |
+------------------------------------------+---------------------------------------+
| ConfigDefaultProfileM.cmake | -DTFM_PROFILE=profile_medium |
@@ -391,8 +385,8 @@
cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTEST_S=ON -DTEST_NS=ON
make install
-Build for PSA Functional API compliance tests
-=============================================
+Build for PSA API tests
+=======================
The build system provides support for building and integrating the PSA API tests
from https://github.com/ARM-software/psa-arch-tests. PSA API tests are
controlled using the TEST_PSA_API variable. Enabling both regression tests and
@@ -427,32 +421,6 @@
cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTEST_PSA_API=CRYPTO
make install
-Build for PSA FF (IPC) compliance tests
-=======================================
-
-The build system provides support for building and integrating the PSA FF
-compliance test. This support is controlled by the TEST_PSA_API variable:
-
-.. code-block:: bash
-
- -DTEST_PSA_API=IPC
-
-.. code-block:: bash
-
- cd <TF-M base folder>
- cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DTEST_PSA_API=IPC -DTFM_PSA_API=ON
- cmake --build cmake_build -- install
-
-Alternately using traditional cmake syntax
-
-.. code-block:: bash
-
- cd <TF-M base folder>
- mkdir cmake_build
- cd cmake_build
- cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTEST_PSA_API=IPC -DTFM_PSA_API=ON
- make install
-
Location of build artifacts
===========================