You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by GitBox <gi...@apache.org> on 2021/03/03 17:44:54 UTC

[GitHub] [incubator-nuttx] michi-jung opened a new pull request #2970: WIP/RFC: STM32L5 Support / NUCLEO-L552ZE-Q / STM32L562E-DK / TrustedFirmware-M

michi-jung opened a new pull request #2970:
URL: https://github.com/apache/incubator-nuttx/pull/2970


   ## Summary
   
   This is still work in progress. Feedback on what remains to be done to get this upstream is welcome. Please do not merge yet.
   
   This is my current state of work on getting NuttX to run on STM32L5. I am especially interested in the TrustZone support of ARMV8-M. The 'nsh' configuration of the stm32l562e-dk board runs fine as the non-secure companion to STMicroelectronics' port of TrustedFirmware-M.
   
   The code is heavily based on the stm32l4 code. I will try and do license clearing to get ASF copyright headers in wherever possible before asking for a merge.
   
   ## Impact
   
   All code is in new subdirectories and should not have any impact on current configurations.
   
   ## Testing
   
   I am running a basic 'nsh' configuration fine directly on a Nucleo-L552ZE-Q board and as a companion to TrustedFirmware-M on STM32L562E-DK.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] michi-jung commented on pull request #2970: WIP/RFC: STM32L5 Support / NUCLEO-L552ZE-Q / STM32L562E-DK / TrustedFirmware-M

Posted by GitBox <gi...@apache.org>.
michi-jung commented on pull request #2970:
URL: https://github.com/apache/incubator-nuttx/pull/2970#issuecomment-790331535


   On the secure side I am running STMicroelectronic's port of [TrustedFirmware-M](https://www.trustedfirmware.org/projects/tf-m/) to STM32L5, which is provided as part of [STM32CubeL5](https://github.com/STMicroelectronics/STM32CubeL5/tree/v1.3.1) @ `Projects/STM32L562E-DK/Applications/TFM`. I had to do two minor adjustments to get NuttX running with it (See the README.txt for the stm32l562e-dk board in this pull-request). Otherwise I followed the instructions given in [UM2671](https://www.st.com/resource/en/user_manual/dm00678763-getting-started-with-stm32cubel5-tfm-application-stmicroelectronics.pdf) and just exchanged the `TFM_Appli/NonSecure` demo application with NuttX (instructions on how to encrypt and sign the NuttX image are also given in the board's README.txt).
   
   With this I can run NuttX with an nsh config via the STLink virtual COM port and use the board LEDs and the board's USER button. The NuttX image can be uploaded via the local loader (YMODEM) and installed via the secure firmware update mechanism of the SecureBoot/SecureFirmwareUpdate (TFM_SBSFU) component.
   
   I am not yet having any calls implemented into the TF-M from NuttX. It seems like @btashton is already further along in this regard with his PoC. My plan is to eventually port STMicroelectronics TFM non-secure application to run on NuttX. It demos a number of calls to TF-M.
   
   I believe that the changes required to NuttX to allow for this should be relatively small. There is a nice white paper by Joseph Yiu which summarizes these changes: [How should an RTOS work in a TrustZone for Armv8-M environment?](https://www.arm.com/-/media/Files/pdf/white-paper/rtos-work-in-a-trustzone-for-armv8-m.pdf?revision=36faafb0-c640-4401-a6ca-09c7ef434fb4)


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] michi-jung commented on pull request #2970: WIP/RFC: STM32L5 Support / NUCLEO-L552ZE-Q / STM32L562E-DK / TrustedFirmware-M

Posted by GitBox <gi...@apache.org>.
michi-jung commented on pull request #2970:
URL: https://github.com/apache/incubator-nuttx/pull/2970#issuecomment-790514082


   I believe I have corrupted this pull-request by force-pushing ... I will close this one and open up a new one.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] michi-jung commented on pull request #2970: WIP/RFC: STM32L5 Support / NUCLEO-L552ZE-Q / STM32L562E-DK / TrustedFirmware-M

Posted by GitBox <gi...@apache.org>.
michi-jung commented on pull request #2970:
URL: https://github.com/apache/incubator-nuttx/pull/2970#issuecomment-790508746


   The remaining files with a BSD license header are:
   
   hardware/stm32l562xx_dbgmcu.h
   hardware/stm32l5_flash.h
   hardware/stm32l5_gpio.h
   hardware/stm32l5_memorymap.h
   hardware/stm32l5_pinmap.h
   hardware/stm32l5_pwr.h
   hardware/stm32l5_spi.h
   hardware/stm32l5_syscfg.h
   hardware/stm32l5_tim.h
   hardware/stm32l5_uart.h
   stm32l5.h
   stm32l5_allocateheap.c
   stm32l5_flash.c
   stm32l5_flash.h
   stm32l5_gpio.c
   stm32l5_gpio.h
   stm32l5_irq.c
   stm32l5_lse.c
   stm32l5_lsi.c
   stm32l5_rcc.c
   stm32l5_rcc.h
   stm32l5_serial.c
   stm32l5_spi.c
   stm32l5_spi.h
   stm32l5_tim.c
   stm32l5_tim.h
   stm32l5_tim_lowerhalf.c
   stm32l5_uart.h
   
   Most of them can get cleared if we get ICLAs or an SGA from the Haltian team.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] michi-jung closed pull request #2970: WIP/RFC: STM32L5 Support / NUCLEO-L552ZE-Q / STM32L562E-DK / TrustedFirmware-M

Posted by GitBox <gi...@apache.org>.
michi-jung closed pull request #2970:
URL: https://github.com/apache/incubator-nuttx/pull/2970


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] btashton commented on pull request #2970: WIP/RFC: STM32L5 Support / NUCLEO-L552ZE-Q / STM32L562E-DK / TrustedFirmware-M

Posted by GitBox <gi...@apache.org>.
btashton commented on pull request #2970:
URL: https://github.com/apache/incubator-nuttx/pull/2970#issuecomment-790290331


   I'm also very interested. I had started messing with a PoC where I had TF-M running on the secure side and had a thin shim driver that exposed the PSA Crypto API via a fd.  Which applications could use directly or via mbedtls.
    
   It follows an architecture that looks like this:
   ![Figure-1.png](https://user-images.githubusercontent.com/173245/109913321-9bf38880-7c62-11eb-8772-8cee40753e7f.png)


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] xiaoxiang781216 commented on pull request #2970: WIP/RFC: STM32L5 Support / NUCLEO-L552ZE-Q / STM32L562E-DK / TrustedFirmware-M

Posted by GitBox <gi...@apache.org>.
xiaoxiang781216 commented on pull request #2970:
URL: https://github.com/apache/incubator-nuttx/pull/2970#issuecomment-790254426


   @michi-jung, I am very interested in your security work.
   Do you have plan to implement some IPC inside NuttX to interact with the security world? and what security os or firmware do you run on the security side?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-nuttx] michi-jung edited a comment on pull request #2970: WIP/RFC: STM32L5 Support / NUCLEO-L552ZE-Q / STM32L562E-DK / TrustedFirmware-M

Posted by GitBox <gi...@apache.org>.
michi-jung edited a comment on pull request #2970:
URL: https://github.com/apache/incubator-nuttx/pull/2970#issuecomment-790508746


   The remaining files with a BSD license header are:
   
   hardware/stm32l562xx_dbgmcu.h
   hardware/stm32l5_flash.h
   hardware/stm32l5_gpio.h
   hardware/stm32l5_memorymap.h
   hardware/stm32l5_pinmap.h
   hardware/stm32l5_pwr.h
   hardware/stm32l5_spi.h
   hardware/stm32l5_syscfg.h
   hardware/stm32l5_tim.h
   hardware/stm32l5_uart.h
   stm32l5_allocateheap.c
   stm32l5_flash.c
   stm32l5_flash.h
   stm32l5_gpio.c
   stm32l5_gpio.h
   stm32l5_irq.c
   stm32l5_lse.c
   stm32l5_lsi.c
   stm32l5_rcc.c
   stm32l5_rcc.h
   stm32l5_serial.c
   stm32l5_spi.c
   stm32l5_spi.h
   stm32l5_tim.c
   stm32l5_tim.h
   stm32l5_tim_lowerhalf.c
   stm32l5_uart.h
   
   Most of them can get cleared if we get ICLAs or an SGA from the Haltian team.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org