Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Permit non-TrustZone ARMv8 build #10520
Change the heuristic for selection of CMSE in the tools python, so that a non-TrustZone ARMv8 build can happen.
Ideally we would have more direct flagging in the targets, but this refines the heuristic so the necessary behaviour can be easily achieved.
This covers the existing ARMv8-M behaviour - TF-M builds have the
Marked it as "fix", as I think it's quite reasonable to regard not being able to make non-TrustZone builds for current ARMs as a bug, although arguably it's a functionality change.
Pull request type
I've (finally) realised, after sufficient prodding by @jeromecoutant, this still doesn't cover the M2351 properly, as we do need to support a secure build for it - it's out of-tree, so I missed it.
So we just need to do something to get
Revised to now cover M2351, which did mean adding a specific flag in targets.json.
Adjusted TF-M documentation to not say "ARMv8-M" so much - the behaviour it's documenting is now activated by the presence of the "TFM" flag it says to add.
I don't believe we have any specific documentation about making non-TF-M TrustZone images like M2351 is doing. If there is, that would now need to state that it's the
With respect to @bridadan's core attribute proposal, I don't think this necessarily conflicts - the "trustzone" flag here can be viewed as a property of the build ("used"), rather than a property of the core ("present").
In discussions with the CMSIS guys, I was pointing out that for FPU and other things they do distinguish between "present" and "used", but they don't for CMSE/TrustZone. They're not currently planning to change that, but if they did, then any core attribute would be the "present", and this would be the "used".
We don't necessarily need to lock this form of the trustzone flag in yet - it really only exists for that M2351 build and its out-of-tree secure image, as there's no other reasonable way to make that keep working, and I believe we generally only intend to support TF-M anyway?