commit e9b61a79cae79af3dd8228c94e51fd8f796880be
author Kevin Peng <kevin.peng@arm.com> Mon Jan 06 17:01:44 2020 +0800
committer Kevin Peng <kevin.peng@arm.com> Thu Feb 13 06:01:48 2020 +0000
tree ea353a38e3657b12b116a1102825302049c1868a
parent 732187cf47391287b8234626ea3df1b33d8287f2

Build: Add conditional build for secure context management

Secure context management is only needed in multiple secure context
model. This patch adds a build flag to disable context management.
It's set to ON by default.
Note that the NS client ID functionality will lose if secure context
management is disabled.

Change-Id: I06ed4fdee20a0192c54e2d08d453ee965ee3cbfc
Signed-off-by: Kevin Peng <kevin.peng@arm.com>

CommonConfig.cmake

diff --git a/CommonConfig.cmake b/CommonConfig.cmake
index 63b2a15..6254cdb 100644
--- a/CommonConfig.cmake
+++ b/CommonConfig.cmake
@@ -318,16 +318,34 @@
 	endif()
 endif()
 
+# The config for enable secure context management in TF-M
+if (NOT DEFINED CONFIG_TFM_ENABLE_CTX_MGMT)
+	set(CONFIG_TFM_ENABLE_CTX_MGMT ON)
+endif()
+
+if (CONFIG_TFM_ENABLE_CTX_MGMT)
+	add_definitions(-DCONFIG_TFM_ENABLE_CTX_MGMT)
+endif()
+
 # This flag indicates if the non-secure OS is capable of identify the non-secure clients
 # which call the secure services. It is diabled in IPC model.
 if (NOT DEFINED TFM_NS_CLIENT_IDENTIFICATION)
 	if (TFM_PSA_API)
 		set(TFM_NS_CLIENT_IDENTIFICATION OFF)
 	else()
-		set(TFM_NS_CLIENT_IDENTIFICATION ON)
+		if (CONFIG_TFM_ENABLE_CTX_MGMT)
+			set(TFM_NS_CLIENT_IDENTIFICATION ON)
+		else()
+			set(TFM_NS_CLIENT_IDENTIFICATION OFF)
+		endif()
 	endif()
 endif()
 
+if (NOT CONFIG_TFM_ENABLE_CTX_MGMT AND TFM_NS_CLIENT_IDENTIFICATION)
+	# NS client ID is part of context management.
+	message(FATAL_ERROR "TFM_NS_CLIENT_IDENTIFICATION cannot be ON when CONFIG_TFM_ENABLE_CTX_MGMT is OFF")
+endif()
+
 if (BL2)
 	# Add MCUBOOT_IMAGE_NUMBER definition to the compiler command line.
 	add_definitions(-DMCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER})

secure_fw/core/tfm_nspm_func.c

diff --git a/secure_fw/core/tfm_nspm_func.c b/secure_fw/core/tfm_nspm_func.c
index 5f37b72..9dfbf0b 100644
--- a/secure_fw/core/tfm_nspm_func.c
+++ b/secure_fw/core/tfm_nspm_func.c
@@ -74,7 +74,10 @@
 #endif /* TFM_NS_CLIENT_IDENTIFICATION */
 }
 
-/* TF-M implementation of the CMSIS TZ RTOS thread context management API */
+/*
+ * TF-M implementation of the CMSIS TZ RTOS thread context management API
+ * Currently the context management only contains the NS ID identification
+ */
 
 /// Initialize secure context memory system
 /// \return execution status (1: success, 0: error)
@@ -82,6 +85,7 @@
 __attribute__((cmse_nonsecure_entry))
 uint32_t TZ_InitContextSystem_S(void)
 {
+#ifdef CONFIG_TFM_ENABLE_CTX_MGMT
 #ifdef TFM_NS_CLIENT_IDENTIFICATION
     int32_t i;
 
@@ -99,6 +103,7 @@
     /* Terminate list */
     NsClientIdList[i - 1].next_free_index = INVALID_NS_CLIENT_IDX;
 #endif /* TFM_NS_CLIENT_IDENTIFICATION */
+#endif /* CONFIG_TFM_ENABLE_CTX_MGMT */
 
     /* Success */
     return 1U;
@@ -115,6 +120,7 @@
     TZ_MemoryId_t tz_id;
     (void) module; /* Currently unused */
 
+#ifdef CONFIG_TFM_ENABLE_CTX_MGMT
 #ifdef TFM_NS_CLIENT_IDENTIFICATION
     if (__get_active_exc_num() == EXC_NUM_THREAD_MODE) {
         /* This veneer should only be called by NS RTOS in handler mode */
@@ -130,9 +136,10 @@
     tz_id = (TZ_MemoryId_t)free_index + 1;
     NsClientIdList[free_index].ns_client_id = get_next_ns_client_id();
     free_index = NsClientIdList[free_index].next_free_index;
-#else /* TFM_NS_CLIENT_IDENTIFICATION */
-    tz_id = 1;
 #endif /* TFM_NS_CLIENT_IDENTIFICATION */
+#else /* CONFIG_TFM_ENABLE_CTX_MGMT */
+    tz_id = 1;
+#endif /* CONFIG_TFM_ENABLE_CTX_MGMT */
 
     return tz_id;
 }
@@ -144,6 +151,7 @@
 __attribute__((cmse_nonsecure_entry))
 uint32_t TZ_FreeModuleContext_S (TZ_MemoryId_t id)
 {
+#ifdef CONFIG_TFM_ENABLE_CTX_MGMT
 #ifdef TFM_NS_CLIENT_IDENTIFICATION
     uint32_t index;
 
@@ -171,9 +179,10 @@
     NsClientIdList[index].next_free_index = free_index;
 
     free_index = index;
-#else /* TFM_NS_CLIENT_IDENTIFICATION */
-    (void)id;
 #endif /* TFM_NS_CLIENT_IDENTIFICATION */
+#else /* CONFIG_TFM_ENABLE_CTX_MGMT */
+    (void)id;
+#endif /* CONFIG_TFM_ENABLE_CTX_MGMT */
 
     return 1U;    // Success
 }
@@ -185,6 +194,7 @@
 __attribute__((cmse_nonsecure_entry))
 uint32_t TZ_LoadContext_S (TZ_MemoryId_t id)
 {
+#ifdef CONFIG_TFM_ENABLE_CTX_MGMT
 #ifdef TFM_NS_CLIENT_IDENTIFICATION
     uint32_t index;
 
@@ -206,9 +216,10 @@
     }
 
     active_ns_client_idx = index;
-#else /* TFM_NS_CLIENT_IDENTIFICATION */
-    (void)id;
 #endif /* TFM_NS_CLIENT_IDENTIFICATION */
+#else /* CONFIG_TFM_ENABLE_CTX_MGMT */
+    (void)id;
+#endif /* CONFIG_TFM_ENABLE_CTX_MGMT */
 
     return 1U;    // Success
 }
@@ -220,6 +231,7 @@
 __attribute__((cmse_nonsecure_entry))
 uint32_t TZ_StoreContext_S (TZ_MemoryId_t id)
 {
+#ifdef CONFIG_TFM_ENABLE_CTX_MGMT
 #ifdef TFM_NS_CLIENT_IDENTIFICATION
     uint32_t index;
 
@@ -246,9 +258,10 @@
     }
 
     active_ns_client_idx = DEFAULT_NS_CLIENT_IDX;
-#else /* TFM_NS_CLIENT_IDENTIFICATION */
-    (void)id;
 #endif /* TFM_NS_CLIENT_IDENTIFICATION */
+#else /* CONFIG_TFM_ENABLE_CTX_MGMT */
+    (void)id;
+#endif /* CONFIG_TFM_ENABLE_CTX_MGMT */
 
     return 1U;    // Success
 }