len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-09-02 20:33:49 -04:00
Code Issues Projects Releases Packages Wiki Activity

Introduce Trusted Firmware M support in Kernel on ARM Cortex M33 (#108)

Browse source 
This port adds the support that FreeRTOS applications can call the secure
    services in Trusted Firmware M(TF-M) via PSA Platform Security
    Architecture(PSA) API based on Arm Cortex-M33 platform with GCC compiler.

    More information:
    PSA - https://www.arm.com/why-arm/architecture/platform-security-architecture
    TF-M - https://git.trustedfirmware.org/trusted-firmware-m.git/

Change-Id: I2e771b66e8d75927abc2505a187a16250d504db2
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
This commit is contained in:
sherryzhang 2020-09-09 23:15:50 +08:00 committed by GitHub
parent 651289ef04
commit 524e78d58b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 167 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

71
portable/ThirdParty/GCC/ARM_CM33_TFM/README.md vendored Normal file
View file

@ -0,0 +1,71 @@
# Target of this port
This port adds the support that FreeRTOS applications can call the secure
services in Trusted Firmware M(TF-M) through Platform Security Architecture
(PSA) API based on the ARM Cortex-M33 platform.
The Platform Security Architecture (PSA) makes it quicker, easier and cheaper
to design security into a device from the ground up. PSA is made up of four key
stages: analyze, architect, implement, and certify. See [PSA Resource Page](https://developer.arm.com/architectures/security-architectures/platform-security-architecture).
TF-M is an open source project. It provides a reference implementation of PSA
for Arm M-profile architecture. Please get the details from this [link](https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/about/).
# Derivation of the source code
* ```os_wrapper_freertos.c```
The implementation of APIs which are defined in ```os_wrapper\mutex.h``` by TF-M
(tag: TF-Mv1.1). The implementation is based on FreeRTOS mutex type semaphore.
# Usage notes
To build a project based on this port:
* Step 1: build the secure image. Please follow the **Build the Secure Side** section for details.
* Step 2: build the nonsecure image. Please follow the **Build the Non-Secure Side** for details.
## Build the Secure Side
### Get the TF-M source code
See the [link](https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/) to get the source code. This port is based on TF-M version **tag: TF-Mv1.1**.
### Build TF-M
Please refer to this [link](https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/getting_started/tfm_build_instruction.rst) to build the secure side.
_**Note:** ```CONFIG_TFM_ENABLE_CTX_MGMT``` must be configured as "OFF" when building TF-M_.
## Build the Non-Secure Side
Please copy all the files in ```freertos_kernel\portable\GCC\ARM_CM33_NTZ``` into the ```freertos_kernel\portable\GCC\ARM_CM33_TFM``` folder before using this port. Note that TrustZone is enabled in this port. The TF-M runs in the Secure Side.
Please call the API ```tfm_ns_interface_init()``` which is defined in ```os_wrapper_freertos.c``` at the very beginning of your application. Otherwise, it will always fail when calling a TF-M service in the Nonsecure Side.
### Configuration in FreeRTOS kernel
* ```configRUN_FREERTOS_SECURE_ONLY```
This macro should be configured as 0. In this port, TF-M runs in the Secure Side while FreeRTOS
Kernel runs in the Non-Secure Side.
* ```configENABLE_FPU```
The setting of this macro is decided by the setting in Secure Side which is platform-specific.
If the Secure Side enables Non-Secure access to FPU, then this macro can be configured as 0 or 1. Otherwise, this macro can only be configured as 0.
* ```configENABLE_TRUSTZONE```
This macro should be configured as 0 because TF-M doesn't use the secure context management function of FreeRTOS. New secure context management might be introduced when TF-M supports multiple secure context.
### Integrate TF-M Non-Secure interface with FreeRTOS project
To enable calling TF-M services by the Non-Secure Side, the files below should be included in the FreeRTOS project and built together.
* files in ```trusted-firmware-m\build\install\export\tfm\src```
These files contain the implementation of PSA Functional Developer APIs which can be called by Non-Secure Side directly and PSA Firmware Framework APIs in the IPC model. These files should be taken
as part of the Non-Secure source code.
* files in ```trusted-firmware-m\build\install\export\tfm\include```
These files are the necessary header files to call TF-M services.
* ```trusted-firmware-m\build\install\export\tfm\veneers\s_veneers.o```
This object file contains all the Non-Secure callable functions exported by
TF-M and it should be linked when generating the Non-Secure image.
*Copyright (c) 2020, Arm Limited. All rights reserved.*