search

Open-CMSIS-Pack / Open-CMSIS-Pack-Spec

Common Microcontroller Software Interface Standard - Pack(age) based distribution system
https://open-cmsis-pack.github.io/Open-CMSIS-Pack-Spec/
Apache License 2.0
50 stars 19 forks source link

enrich `Dsecure` condition with `FullSecure` test #319

Open tarek-bochkati opened 5 days ago

tarek-bochkati commented 5 days ago

Current situation

Dsecure accepts 3 possible values Non-secure, Secure and TZ-disabled.

The problem

We generally use Non-secure and Secure conditions to provide Startup component files that serves co-existing secure and non-secure applications.

To enrich Startup with files serves only a secure application that uses the full memory space, we need to enrich the Dsecure with a value that checks for such condition.

Proposal

We propose to add Full-secure (or equivalent) to permit selecting a set of files to satisfy the use-case where all memory resources are reserved for a single secure application (no jump to non-secure)

tarek-bochkati commented 4 days ago

Update: In Open-CMSIS-Pack meeting we discussed the potential usage of TZ-disabled.

We noted the following:

Dsecure TZ-disabled Secure Non-secure
FLASH addr 0x08000000 0x0C000000 0x08000000

For the Full-secure proposal, we need to use secure mapping (0x0C000000) which is different from TZ-disabled mapping (0x08000000)

Conclusion: using TZ-disabled do not satisfy this use-case

jkrech commented 4 days ago

During the meeting we have also discussed whether there should be a separate attribute indicating that the Secure project will not be combined with one or more related Non-secure projects. Which means there is no need for resource partitioning and there must not be a cmse-lib.o created.

I think adding another attribute may make things more complicated than necessary. I prefer the term:

Secure-only