zephyr
/
trusted-firmware-m
mirror of https://github.com/zephyrproject-rtos/trusted-firmware-m.git
1
0
Fork 0
Code Issues Releases Wiki Activity
trusted-firmware-m/docs/user_guides/tfm_integration_guide.md

5.2 KiB
Raw Blame History

TF-M integration guide

The purpose of this document is to provide a guide on how to integrate TF-M with other hardware platforms and operating systems.

How to build TF-M

Follow the Build instructions.

How to export files for building non-secure applications

Explained in the Build instructions.

How to add a new platform

The SSE-200 sybsystem on the MPS2 board is the hardware platform currently supported by TF-M. The files related to the platform being used are contained under the platform subfolder, in particular inside platform/target. The TF-M current implementation has the platform/target/sse_200_mps2 platform, and a platform/target/common folder which is used to store source and header files which are platform generic.

generic drivers and startup/scatter files

The addition of a new platform means the creation of a new subfolder inside target to provide an implementation of the drivers currently used by TF-M, in particular MPC, PPC, and USART drivers. In addition to the drivers, startup and scatter files need to be provided for the supported toolchains, e.g. armclang specific files can be found in armclang subfolder. There are also board specific drivers which are used by the board platform to interact with the external world, for example during tests, that have to be provided, e.g. to blink LEDs or count time in the MPS2 board. When a new platform is added, the files being built by the build systems need to be updated manually, as the platform folder being used is currently hardcoded to sse_200_mps2.

target configuration files

Inside the base root folder of the selected target, each implementation has to provide its own copy of target_cfg.c/.h. This file has target specific configuration functions and settings that are called by the TF-M during the platform configuration step during TF-M boot. Examples of the configurations performed during this phase are the MPC configuration, the SAU configuration, or eventually PPC configuration if supported by the hardware platform. Similarly, the uart_stdout.c is used to provide functions needed to redirect the stdout on UART (this is currently used by TF-M to log messages).

platform retarget files

An important part that each new platform has to provide is the set of retarget files which are contained inside the retarget folder. These files define the peripheral base addresses for the platform, both for the secure and non-secure aliases (when available), and bind those addresses to the base addresses used by the devices available in the hardware platform.

How to integrate another OS

To work with TF-M, the OS needs to support the Armv8-M architecture and, in particular, it needs to be able to run in the non-secure world. Depending upon the system configuration this may require configuring drivers to use appropriate address ranges.

interface with TF-M

The NS side is only allowed to call TF-M secure functions (veneers) from the NS Handler mode. For this reason, the API is a collection of SVC functions in the export/tfm/inc folder. For example, the SVC interface for the Secure STorage (SST) service is described in the file tfm_sst_svc_handler.h as a collection of SVC functions which have to be registered within the SVC handler mechanism,therefore OS needs to support user defined SVCs. If the OS does not support user defined SVCs, it needs to be extended in this way. Once the SVC interface functions are registered within the SVC handler mechanism, the services can be called from the non-secure world applications (running in Thread mode) using a wrapper API which is described in tfm_sst_api.h. This API is a wrapper for the SVC interface, its purpose is to request Handler mode through the SVC instructions encoded with the corresponding SVC number previously registered with the SVC handler and to handle the return value from the service to the caller. The secure storage service also needs the NS side to provide an implementation for the function tfm_sst_get_cur_id() which is used to retrieve the numerical ID associated to the running thread. A primitive implementation is provided in tfm_sst_id_mngr_dummy.c. It is system integrators responsibility to implement the ID manager based on their threat model.

interface with non-secure world regression tests

A non-secure application that wants to run the non-secure regression tests needs to call the start_integ_test(). This function is exported into the header file integ_test.h inside the install folder structure in the test specific files, i.e. install/tfm/test/inc. The non-secure regression tests are precompiled and delivered as a static library which is available in install/tfm/test/lib, so that the non-secure application needs to link against the library to be able to invoke the start_integ_test() function. The SST non-secure side regression tests rely on some OS functionality e.g. threads, mutexes etc. These functions comply with CMSIS RTOS2 standard and have been exported as thin wrappers defined in os_wrapper.h contained in install/tfm/test/inc. OS needs to provide the implementation of these wrappers to be able to run the tests.

Copyright (c) 2017, Arm Limited. All rights reserved.