CMSE Secure library creation #5180
Conversation
tools/toolchains/gcc.py
Outdated
There was a problem hiding this comment.
Please use
secure_file = join(dirname(output), "cmse_lib.o")instead.
There was a problem hiding this comment.
Team: cmse_lib.o : Is it ok to name secure library as generic secure lib, or should it be core specific like CortexM23-S-lib.o?
There was a problem hiding this comment.
For reference, if you are going to name it that way, the python should look like:
secure_file = join(dirname(output), "%s-S-lib.o" % self.target.core)
tools/toolchains/gcc.py
Outdated
There was a problem hiding this comment.
Please use
self.progress("Secure Library Object", secure_file)instead.
There was a problem hiding this comment.
@theotherjimmy - Build for non-secure will fail if secure library file is missing during linking. To make it more user friendly:
- Should be scan and report for missing file in advance?
- Add it as requirement in app,json and expect it to be at same location?
There was a problem hiding this comment.
Hmmmm... We could do that, but what if someone compiles for a pure non-secure CORTEX-M23-NS? Would you be locking them into having an empty object file to trick the build system?
There was a problem hiding this comment.
Empty object file won;t help because it will again fail during linking. Core will boot in secure mode always and to switch to non-secure mode, stubs function and switch to non-secure reset handler will be required. One cannot boot with just non-secure project.
There was a problem hiding this comment.
You misunderstood my question. Let me rephrase. Can a user build a non-secure Cortex-M23-NS application without any secure component?
There was a problem hiding this comment.
Sorry do u mean no secure API's just basic dummy functions. Yes build will be successful and it will be same as current mbed-os without any advantage of security
There was a problem hiding this comment.
Okay. If I understand correctly, A user would need to have an object file compiled for secure Cortex-M23 containing these functions, even if they don't care about security and just want to compile there entire application for Cortex-M23-NS.
If that's the case, then I think it's fine to insist that they have an object file matching the naming convention created by the linker.
There was a problem hiding this comment.
self.progress("Secure Library Object", secure_file)
Does truncates file path basename(event['file']) and prints just filename. I need path of file to be printed. Didn't saw any args which can be helpful.
There was a problem hiding this comment.
Does truncates file path basename(event['file']) and prints just filename.
I'm having trouble understanding that this sentence is supposed to mean. Could you rephrase it? Is this a question? Is this an assertion?
I need path of file to be printed.
Hmmmmmm.... That's not supported by it. Try:
self.info("Secure Library object file %s" % secure_file)
|
@deepikabhavnani I beat you too it 😉 |
rtos/TARGET_CORTEX/mbed_boot.c
Outdated
There was a problem hiding this comment.
Is this always defined (shouldn't this check first if its defined then its value) ?
There was a problem hiding this comment.
Yes it is always defined in
mbed-os/rtos/TARGET_CORTEX/rtx5/core_cm.h
Line 64 in eefb84c
rtos/TARGET_CORTEX/mbed_tz_context.c
Outdated
There was a problem hiding this comment.
4 spaces alignment in this file?
rtos/TARGET_CORTEX/mbed_tz_context.c
Outdated
There was a problem hiding this comment.
are these two something that should be in the config ?
There was a problem hiding this comment.
Yes we can have them in config
deepikabhavnani
force-pushed
the
secure_support
branch
from
b8123d9 to
c4b8138
Compare
|
Another round of reviews opened! |
deepikabhavnani
force-pushed
the
secure_support
branch
from
2537310 to
4af5926
Compare
|
Rebased to pick up latest tools fixes |
|
Bump for review ! |
|
Application in Secure mode, calls assembly functions which are also toolchain specific. I need to move them to mbed_boot.c after verification. |
|
|
||
| /* Number of process slots (threads may call secure library code) */ | ||
| #ifndef MBED_CONF_APP_TZ_PROCESS_STACK_SLOTS | ||
| #define MBED_CONF_APP_TZ_PROCESS_STACK_SLOTS 8U |
There was a problem hiding this comment.
Ideally it should be number of threads we allow in mbed-os. (Considering all of them have access to secure library). Or do we want to restrict threads from using secure library?
| _main_thread_attr.name = "main_thread"; | ||
|
|
||
| /* Allow main thread to call secure functions */ | ||
| #if (__DOMAIN_NS == 1U) |
There was a problem hiding this comment.
Don't worry about it for this PR, but this file is becoming unreadable with more ifdefs than anything else, we should find better way of doing this.
| #endif | ||
|
|
||
| /* Stack size of the secure library code */ | ||
| #ifndef MBED_CONF_APP_TZ_PROCESS_STACK_SIZE |
There was a problem hiding this comment.
What is this stack for exactly?
There was a problem hiding this comment.
It is stack for NSC region. i.e Secure library code executed from non-secure process.
There was a problem hiding this comment.
Might be worth extending the comment ? Are we using code defaults instead of config - (this could be in the config file set, always present if not overriden) ? All in one place, this can however be fixed, as we already have this mbed_rtx_conf.h file.
There was a problem hiding this comment.
@0xc0170 - In case of secure build, we ignore rtos (mbed_rtx_conf.h) hence I am exploring other correct options to update this flag.
|
|
||
|
|
||
| /// Number of process slots (threads may call secure library code) | ||
| #ifndef TZ_PROCESS_STACK_SLOTS |
There was a problem hiding this comment.
We do the same in config file. Why do we duplicate that it's confusing
There was a problem hiding this comment.
I thought we do not update the flags/code picked up from CMSIS repo, hence i duplicated it. Can remove if required in this case.
| @@ -0,0 +1,200 @@ | |||
| /* mbed Microcontroller Library | |||
There was a problem hiding this comment.
Where does this file coming from?
There was a problem hiding this comment.
|
@bulislaw Have your comments been addressed? |
Build : SUCCESSBuild number : 29 Triggering tests/test mbed-os |
Test : SUCCESSBuild number : 10 |
|
@tommikas jenkins CI restart here? |
deepikabhavnani
force-pushed
the
secure_support
branch
from
c2a594b to
4d9cd1f
Compare
Build : SUCCESSBuild number : 69 Triggering tests/test mbed-os |
Build : SUCCESSBuild number : 74 Triggering tests/test mbed-os |
Test : SUCCESSBuild number : 22 |
Build : SUCCESSBuild number : 97 Triggering tests/test mbed-os |
Test : SUCCESSBuild number : 35 |
Build : SUCCESSBuild number : 132 Triggering tests/test mbed-os |
tools/toolchains/arm.py
Outdated
There was a problem hiding this comment.
why is this in the tools and not behind a TARGET_M23 folder?
There was a problem hiding this comment.
Creation of secure library shouldn;t be part of tools?
There was a problem hiding this comment.
I dont know the workflow or modifications needed to that file
There was a problem hiding this comment.
@deepikabhavnani As I read this ld flag: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0803h/pge1444636329852.html - this is the output thus located into build dir as cmse_lib.o. Threfore it is part of tools, or is there any other option?
There was a problem hiding this comment.
@0xc0170 - Generation of Secure library has to be part of tools, ARMC6 compiler allows creation from elf file as well, but GCC/ARM support generation of this object file during linking.
We can rename lib to anything we want (like target specific) and can place in any required build folder (Current: .\BUILD<Target Device><Toolchain>\cmse_lib.o
Cortex v8 architecture based devices support secure/non-secure builds. Secure build should generate the object file/library from elf during link process which is used by non-secure binary during linking. --out-implib=file specifies output library in which symbols are exported --cmse-implib requests libraries mentioned above are secure gateway libraries Creation of secure library is done as part of linking process in GCC/ARMC6/IAR Non-Secure project should add this secure object file as part of the linking process. Secure library is named as cmse_lib.o.
…d in map Fix by Jimmy
deepikabhavnani
force-pushed
the
secure_support
branch
from
9d8aad2 to
f21c1ab
Compare
| osPriorityIdle, | ||
| 0U, 0U | ||
| #if (__DOMAIN_NS == 1U) | ||
| 1U, |
There was a problem hiding this comment.
Actual fix should come in CMSIS, raised an issue ARM-software/CMSIS_5#252.
Need to update when we have proper fix from CMSIS
| { | ||
|
|
||
| #if defined (__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3U) | ||
| call_non_secure_rtos(); |
There was a problem hiding this comment.
With this change main of secure thread will never be called, any initialization required needs to be done in mbed_sdk_init.
| BMI Sys_ContextSave1 ; Branch if secure | ||
| MOV R0,LR ; Get EXC_RETURN | ||
| LSLS R0,R0,#25 ; Check domain of interrupted thread | ||
| BPL Sys_ContextSave1 ; Branch if not secure |
There was a problem hiding this comment.
Raised issue + added PR in CMSIS
ARM-software/CMSIS_5#260
TZ_context functions are part of secure state binary and are used to handle secure stack for thread execution.Template implementation from CMSIS is used, can be enhanced in future. TZ_PROCESS defines are added to config. Stack size is increased to 512 in source file as well, since config file is not picked when compiling mbed-os in secure mode without RTOS.
Non-Secure threads can access secure calls only when tz_module attribute is set as 1(OS_SECURE_CALLABLE_THREAD), while thread creation. Hence adding tz_module as an argument to ctor.
Issues addressed: 1. Switch to secure/nonsecure context save/restore is based on 6th bit in LR register, correct the bug (R7 instead of LR was used for decision) 2. Retain value of R7 3. Branch if non-secure instead of secure
deepikabhavnani
force-pushed
the
secure_support
branch
2 times, most recently
from
10e2d09 to
c52d375
Compare
deepikabhavnani
force-pushed
the
secure_support
branch
from
c52d375 to
4d9aeef
Compare
|
@theotherjimmy @adbridge @0xc0170 - This PR is on hold till ARMC6 compiler issue is resolved. |
|
Closing this, will reopen when work on this feature is resumed |
6 participants
Cortex v8 architecture based devices support secure/non-secure builds. Secure build should generate the object file/library from elf during link process which is used by non-secure binary during linking.
TZ_context functions are part of secure state binary and are used to handle secure stack for thread execution.
NS flag in the core name in Target.json indicated Non Secure build for the core. It is supported for v8M devices only.
Secure library will be built as part of linking process for GCC compiler. Non-Secure project should add this secure object file as part of the linking process.
Secure library is named as cmse_lib.o.