Build TFM & MCUBoot as a subproject

This also links the App at the offset expected by TFM and uses a
non-secure address in the startup code

This allows for firmware update, MCUBoot sytle.

The modifications include:
 * Reserve room in flash for the MCUBoot header (0x400)
 * Sign firmware parts as part of the build process

The total size of RAM in MPS3 AN524 is 128KB out of which 96KB is
allocated to TF-M. Update app linker file to allocate remaining RAM. In
addition reduce stack size from `0x1800` to `0x1000` to keep heap size
at `0x1000`.

Finally, we call some PSA APIs in the example application to test this
integration.

Signed-off-by: Jimmy Brisson <jimmy.brisson@linaro.org>
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@linaro.org>

Author: urutva

.gitmodules

@@ -9,3 +9,9 @@
 [submodule "core/lib/jsmn/src"]
 	path = core/lib/jsmn/src
 	url = https://github.com/zserge/jsmn
+[submodule "core/lib/tfm"]
+	path = core/lib/tfm
+	url = https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git
+[submodule "core/lib/tf-m-tests"]
+	path = core/lib/tf-m-tests
+	url = https://git.trustedfirmware.org/TF-M/tf-m-tests.git

Arm/MPS3_AN524/CMakeLists.txt

@@ -25,7 +25,9 @@ include(${GSG_BASE_DIR}/cmake/utilities.cmake)
 project(mps3_524 C ASM)
 
 # Exceptions required by CMSIS UART driver (-Wno-ignored-qualifiers -Wno-return-type)
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-ignored-qualifiers -Wno-return-type")
+# Make threadx run in non-secure mode (-DTX_SINGLE_MODE_NON_SECURE)
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-ignored-qualifiers -Wno-return-type -DTX_SINGLE_MODE_NON_SECURE")
+set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -DTX_SINGLE_MODE_NON_SECURE")
 
 # add_subdirectory(${CORE_SRC_DIR} core_src)
 add_subdirectory(lib)

Arm/MPS3_AN524/app/CMakeLists.txt

@@ -1,6 +1,12 @@
 # Copyright (c) 2021 Linaro Limited.
 # Licensed under the MIT License.
 
+set(APP_CONFIG_OPTIONS "${CMAKE_CURRENT_LIST_DIR}/config.cmake" CACHE FILEPATH
+    "Configuration Options"
+)
+
+include(${APP_CONFIG_OPTIONS})
+
 set(LINKER_SCRIPT "${CMAKE_CURRENT_LIST_DIR}/startup/mps3_an524.ld")
 
 set(SOURCES
@@ -19,6 +25,7 @@ target_link_libraries(${PROJECT_NAME}
         # app_common
         # jsmn
         AN524
+        tfm_api
         # netx_driver
 )
 
@@ -36,3 +43,67 @@ target_include_directories(${PROJECT_NAME}
     PUBLIC 
         .
 )
+
+if(BUILD_WITH_TFM)
+    if (NOT TFM_MCUBOOT_IMAGE_NUMBER STREQUAL "OFF")
+       set(TFM_MCUBOOT_IMAGE_NUMBER_OPTION "MCUBOOT_IMAGE_NUMBER ${TFM_MCUBOOT_IMAGE_NUMBER}")
+    endif()
+    if (TFM_ISOLATION_LEVEL)
+       set(TFM_ISOLATION_LEVEL_OPTION "ISOLATION_LEVEL ${TFM_ISOLATION_LEVEL}")
+    endif()
+    if (TFM_KEY_FILE_S)
+       set(TFM_KEY_FILE_S_OPTION "KEY_FILE_S ${TFM_KEY_FILE_S}")
+    endif()
+    if (TFM_KEY_FILE_NS)
+       set(TFM_KEY_FILE_NS_OPTION "KEY_FILE_NS ${TFM_KEY_FILE_NS}")
+    endif()
+    if (TFM_PROFILE)
+       set(TFM_PROFILE_OPTION BUILD_PROFILE ${TFM_PROFILE})
+    endif()
+    if (TFM_BL2)
+       set(TFM_BL2_OPTION "BL2")
+    endif()
+    if (TFM_IPC)
+       set(TFM_IPC_OPTION "IPC")
+    endif()
+    if (TFM_REGRESSION)
+       set(TFM_REGRESSION_OPTION "REGRESSION")
+    endif()
+    if (TFM_PARTITION_PROTECTED_STORAGE)
+       list(APPEND PARTITIONS "TFM_PARTITION_PROTECTED_STORAGE")
+    endif()
+    if (TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+       list(APPEND PARTITIONS "TFM_PARTITION_INTERNAL_TRUSTED_STORAGE")
+    endif()
+    if (TFM_PARTITION_PLATFORM)
+       list(APPEND PARTITIONS "TFM_PARTITION_PLATFORM")
+    endif()
+    if (TFM_PARTITION_CRYPTO)
+       list(APPEND PARTITIONS "TFM_PARTITION_CRYPTO")
+    endif()
+    if (TFM_PARTITION_INITIAL_ATTESTATION)
+       list(APPEND PARTITIONS "TFM_PARTITION_INITIAL_ATTESTATION")
+    endif()
+    if (TFM_PARTITION_AUDIT_LOG)
+       list(APPEND PARTITIONS "TFM_PARTITION_AUDIT_LOG")
+    endif()
+    if (TFM_PARTITION_FIRMWARE_UPDATE)
+       list(APPEND PARTITIONS "TFM_PARTITION_FIRMWARE_UPDATE")
+    endif()
+    if (PARTITIONS)
+       set(PARTITIONS_OPTION "ENABLED_PARTITIONS ${PARTITIONS}")
+    endif()
+    trusted_firmware_build(
+        BINARY_DIR ${CMAKE_BINARY_DIR}/tfm
+        BOARD arm/mps3/an524
+        ${TFM_PROFILE_OPTION}
+        ${TFM_MCUBOOT_IMAGE_NUMBER_OPTION}
+        ${TFM_ISOLATION_LEVEL_OPTION}
+        ${TFM_KEY_FILE_S_OPTION}
+        ${TFM_KEY_FILE_NS_OPTION}
+        ${TFM_BL2_OPTION}
+        ${TFM_IPC_OPTION}
+        ${TFM_REGRESSION_OPTION}
+        ${PARTITIONS_OPTION}
+    )
+endif()

Arm/MPS3_AN524/app/config.cmake

@@ -0,0 +1,151 @@
+# Copyright (c) 2021 Linaro Limited.
+# Licensed under the MIT License.
+
+set(TX_TFM_BASE_DIR ${GSG_BASE_DIR}/core/lib/tfm)
+set(TX_TFM_BL2_DIR ${TX_TFM_BASE_DIR}/bl2/ext/mcuboot)
+
+option(BUILD_WITH_TFM "Build with TF-M as the Secure Execution Environment" ON)
+include(CMakeDependentOption)
+set(TFM_KEY_FILE_S
+    "${TX_TFM_BL2_DIR}/root-RSA-3072.pem"
+    CACHE FILEPATH
+    "The path and filename for the .pem file containing the private key
+     that should be used by the BL2 bootloader when signing secure
+     firmware images."
+)
+
+set(TFM_KEY_FILE_NS
+    "${TX_TFM_BL2_DIR}/root-RSA-3072_1.pem"
+    CACHE FILEPATH
+    "The path and filename for the .pem file containing the private key
+     that should be used by the BL2 bootloader when signing non-secure
+     firmware images."
+)
+
+set(TFM_PROFILE
+    OFF
+    CACHE STRING
+    "The build profile used for TFM Secure image."
+)
+
+set(TFM_ISOLATION_LEVEL
+    "1"
+    CACHE STRING
+    "Manually set the required TFM isolation level. Possible values are
+     1,2 or 3; the default is set by build configuration."
+)
+
+cmake_dependent_option(TFM_BL2
+    "TFM is designed to run with MCUboot in a certain configuration.
+     This config adds MCUboot to the build - built via TFM's build system."
+    ON
+    BUILD_WITH_TFM OFF
+)
+
+set(TFM_MCUBOOT_IMAGE_NUMBER
+    "1"
+    CACHE STRING
+    "How many images the bootloader sees when it looks at TFM and the app.
+     When this is 1, the S and NS are considered as 1 image and must be
+     updated in one atomic operation. When this is 2, they are split and
+     can be updated independently if dependency requirements are met."
+)
+
+cmake_dependent_option(TFM_PARTITION_PROTECTED_STORAGE
+    "Setting this option will cause '-DTFM_PARTITION_PROTECTED_STORAGE'
+     to be passed to the TF-M build system. Look at 'config_default.cmake'
+     in the trusted-firmware-m repository for details regarding this
+     parameter. Any dependencies between the various TFM_PARTITION_*
+     options are handled by the build system in the trusted-firmware-m
+     repository."
+    ON
+    BUILD_WITH_TFM OFF
+)
+
+cmake_dependent_option(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
+    "Setting this option will cause '-DTFM_PARTITION_INTERNAL_TRUSTED_STORAGE'
+     to be passed to the TF-M build system. Look at 'config_default.cmake'
+     in the trusted-firmware-m repository for details regarding this
+     parameter. Any dependencies between the various TFM_PARTITION_*
+     options are handled by the build system in the trusted-firmware-m
+     repository."
+    ON
+    BUILD_WITH_TFM OFF
+)
+
+cmake_dependent_option(TFM_PARTITION_CRYPTO
+    "Setting this option will cause '-DTFM_PARTITION_CRYPTO'
+     to be passed to the TF-M build system. Look at 'config_default.cmake'
+     in the trusted-firmware-m repository for details regarding this
+     parameter. Any dependencies between the various TFM_PARTITION_*
+     options are handled by the build system in the trusted-firmware-m
+     repository."
+    ON
+    BUILD_WITH_TFM OFF
+)
+
+cmake_dependent_option(TFM_PARTITION_INITIAL_ATTESTATION
+    "Setting this option will cause '-DTFM_PARTITION_INITIAL_ATTESTATION'
+     to be passed to the TF-M build system. Look at 'config_default.cmake'
+     in the trusted-firmware-m repository for details regarding this
+     parameter. Any dependencies between the various TFM_PARTITION_*
+     options are handled by the build system in the trusted-firmware-m
+     repository."
+    ON
+    BUILD_WITH_TFM OFF
+)
+
+cmake_dependent_option(TFM_PARTITION_PLATFORM
+    "Setting this option will cause '-DTFM_PARTITION_PLATFORM'
+     to be passed to the TF-M build system. Look at 'config_default.cmake'
+     in the trusted-firmware-m repository for details regarding this
+     parameter. Any dependencies between the various TFM_PARTITION_*
+     options are handled by the build system in the trusted-firmware-m
+     repository."
+    ON
+    BUILD_WITH_TFM OFF
+)
+
+cmake_dependent_option(TFM_PARTITION_AUDIT_LOG
+    "Setting this option will cause '-DTFM_PARTITION_AUDIT_LOG'
+     to be passed to the TF-M build system. Look at 'config_default.cmake'
+     in the trusted-firmware-m repository for details regarding this
+     parameter. Any dependencies between the various TFM_PARTITION_*
+     options are handled by the build system in the trusted-firmware-m
+     repository."
+    ON
+    BUILD_WITH_TFM OFF
+)
+
+cmake_dependent_option(TFM_PARTITION_FIRMWARE_UPDATE
+    "Setting this option will cause '-DTFM_PARTITION_FIRMWARE_UPDATE'
+     to be passed to the TF-M build system. Look at 'config_default.cmake'
+     in the trusted-firmware-m repository for details regarding this
+     parameter. Any dependencies between the various TFM_PARTITION_*
+     options are handled by the build system in the trusted-firmware-m
+     repository."
+    On
+    BUILD_WITH_TFM OFF
+)
+
+cmake_dependent_option(TFM_IPC
+    "When enabled, this option signifies that the TF-M build supports
+     the PSA API (IPC mode) instead of the secure library mode."
+    ON
+    BUILD_WITH_TFM OFF
+)
+
+cmake_dependent_option(TFM_REGRESSION
+    "When enabled, this option signifies that the TF-M build includes
+     the Secure and the Non-Secure regression tests."
+    ON
+    BUILD_WITH_TFM OFF
+)
+
+set(APP_CONFIG OFF CACHE FILEPATH
+    "Configuration file for the MPS3 AN524 example app"
+)
+
+if (APP_CONFIG)
+    include(${APP_CONFIG})
+endif()

Arm/MPS3_AN524/app/main.c

@@ -6,6 +6,11 @@
 
 #include "board_init.h"
 #include "cmsis.h"
+#include "tfm_api.h"
+#include "tfm_ns_interface.h"
+#ifdef TFM_PSA_API
+#include "psa_manifest/sid.h"
+#endif
 
 #define AZURE_THREAD_STACK_SIZE 4096
 #define AZURE_THREAD_PRIORITY   4
@@ -25,6 +30,14 @@ static __inline void systick_interval_set(uint32_t ticks)
     SysTick->CTRL |= SysTick_CTRL_ENABLE_Msk;
 }
 
+/* TODO: Locking for accessing the TFM interface */
+int32_t tfm_ns_interface_dispatch(veneer_fn fn,
+                                  uint32_t arg0, uint32_t arg1,
+                                  uint32_t arg2, uint32_t arg3)
+{
+    return fn(arg0, arg1, arg2, arg3);
+}
+
 TX_THREAD azure_thread;
 ULONG azure_thread_stack[AZURE_THREAD_STACK_SIZE / sizeof(ULONG)];
 
@@ -33,7 +46,27 @@ void tx_application_define(void* first_unused_memory);
 
 void azure_thread_entry(ULONG parameter)
 {
-    printf("\r\nStarting Azure thread\r\n\r\n");
+    uint32_t version;
+    printf("Starting Azure thread\r\n");
+    version = psa_framework_version();
+    if (version == PSA_FRAMEWORK_VERSION) {
+        printf("The version of the PSA Framework API is %lu.\n",
+               version);
+    } else {
+        printf("The version of the PSA Framework API is not valid!\n");
+        return;
+    }
+    psa_handle_t handle;
+
+    handle = psa_connect(IPC_SERVICE_TEST_BASIC_SID,
+                         IPC_SERVICE_TEST_BASIC_VERSION);
+    if (handle > 0) {
+        printf("Connect success!\n");
+    } else {
+        printf("The RoT Service has refused the connection!\n");
+        return;
+    }
+    psa_close(handle);
 }
 
 void tx_application_define(void* first_unused_memory)

Arm/MPS3_AN524/app/startup/mps3_an524.ld

@@ -24,12 +24,13 @@
 
 MEMORY
 {
-    FLASH (rx)  : ORIGIN = 0x10000000, LENGTH = 0x40000   /* 256 KB */
-    RAM   (rwx) : ORIGIN = 0x30000000, LENGTH = 0x20000   /* 128 KB */
+    FLASH (rx)  : ORIGIN = 0x000C0400, LENGTH = (0x40000 - 0x400)   /* 256 KB */
+    /* Total RAM size is 128KB, out of which 96KB is allocated to TF-M */
+    RAM   (rwx) : ORIGIN = 0x20018000, LENGTH = 0x8000   /* 32 KB */
 }
 
 __heap_size__ = 0x0001000;
-__msp_stack_size__ = 0x0001800;
+__msp_stack_size__ = 0x0001000;
 
 /* Library configurations */
 GROUP(libgcc.a libc.a libm.a libnosys.a)

Arm/MPS3_AN524/app/startup/startup_cmsdk_mps3_an524_bl2.S

@@ -191,7 +191,7 @@ Reset_Handler:
  *  Macro __STARTUP_COPY_MULTIPLE is used to choose between two schemes.  */
 
  /* Only run on core 0 */
-    mov     r0, #0x50000000
+    mov     r0, #0x40000000
     add     r0, #0x0001F000
     ldr     r0, [r0]
     cmp     r0,#0

Arm/MPS3_AN524/lib/CMakeLists.txt

@@ -14,3 +14,4 @@ add_subdirectory(${CORE_LIB_DIR}/threadx threadx)
 #add_subdirectory(${CORE_LIB_DIR}/jsmn jsmn)
 
 add_subdirectory(AN524)
+add_subdirectory(tf-m)