-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update TF-M to v1.3.0 #14582
Update TF-M to v1.3.0 #14582
Conversation
The mbed-os-tf-m-regression-tests build scripts gets a mapping of Mbed OS target names to TF-M target names from `targets.json`. TF-M v1.3 has renamed musca_b1 to musca_b1/sse_200, this commit updates that accordingly to ensure successful build of TF-M and tests for ARM_MUSCA_B1.
@LDong-Arm, thank you for your changes. |
…T_TFM/TARGET_TFM_LATEST
…T_TFM/TARGET_TFM_LATEST
cfaf291
to
5434722
Compare
Removed unnecessary quotes from commit messages. |
CI started |
Jenkins CI Test : ❌ FAILEDBuild Number: 1 | 🔒 Jenkins CI Job | 🌐 Logs & ArtifactsCLICK for Detailed Summary
|
Looks like some issues with
|
We'd like to enable Mbed TLS's PK module in using TF-M's PSA implementation, even if it doesn't expose the same set of PSA extensions as Mbed TLS's PSA implementation. To do this, we add mbedtls_ecc_group_to_psa() in its own header available when using the latest TF-M. Add mbedtls_ecc_group_to_psa(), one of Mbed TLS's PSA compatibility helpers, for internal use by the Mbed TLS PK module. Without this conversion function, the Mbed TLS PK module is unable to use any PSA implementation other than one which provides a compatible set of PSA extensions.
Added mbedtls_ecc_group_to_psa() to TF-M's PSA implementation so that Mbed TLS's PK module could use TF-M's PSA implementation. Untested yet, given this issue only appeared on ARMCLANG so far. |
CI started |
Jenkins CI Test : ❌ FAILEDBuild Number: 2 | 🔒 Jenkins CI Job | 🌐 Logs & ArtifactsCLICK for Detailed Summary
|
Include mbedtls_ecc_group_to_psa.h from crypto_extra.h so that clients of PSA within Mbed OS do not need to behave differently depending on which PSA implementation they are using. This solution is not ideal as it makes it more difficult to update the TF-M-provided psa/crypto_extra.h. We'll have to see what other options we have for including additional headers based on the Mbed OS configuration.
464e80d
to
032fe4a
Compare
CI used the new Musca B1 name with the old TF-M included from |
Jenkins CI Test : ✔️ SUCCESSBuild Number: 3 | 🔒 Jenkins CI Job | 🌐 Logs & ArtifactsCLICK for Detailed Summary
|
Summary of changes
This PR updates TF-M to the new v1.3.0 release.
The following have been changed:
tfm_target_name
frommusca_b1
tomusca_b1/sse_200
. This is the new target name for ARM_MUSCA_B1 in TF-M's own build system, and mbed-os-tf-m-regression-tests relies on this entry intargets.json
to map the target's Mbed name to TF-M name.and the commits are auto-generated by the script.
platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST
. The commit is auto-generated by the aforementioned script.VERSION.txt
to indicate the TF-M version of the imported files. The commit is auto-generated by the aforementioned script.Note:
psa_set_key_enrollment_algorithm()
is no longer supported.Impact of changes
Standardized PSA APIs in TF-M v1.3.0 are backward compatible with previous versions. Some APIs have been updated, most notably the addition of the new Firmware Update (FWU) API.
Non-standard PSA extensions are not guaranteed to be backwards compatible. Notably, Mbed OS has aligned its PSA support with TF-M and no longer provides
psa_set_key_enrollment_algorithm()
.Migration actions required
Remove any use of
psa_set_key_enrollment_algorithm()
in your applications. If enrolling a device in elliptic curve PKI, for e.g. mutually authenticate TLS, is critical to your use case, please reach out to TrustedFirmware-M for support and possible alternative solutions.Documentation
The Porting PSA targets documentation remains valid and requires no update.
The version number in the README of mbed-os-tf-m-regression-tests needs to be bumped to v1.3.
For TF-M and supported PSA APIs, see its official documentation
Pull request type
Test results
Reviewers