modules: tfm: disable SECURE_UART when TFM_LOG_LEVEL_SILENCE #95582
Conversation
zephyrbot
requested review from
d3zd3z,
ithinuel,
tomi-font,
valeriosetti,
Vge0rge and
wearyzen
JordanYates
force-pushed
the
250906_tfm_secure_uart_disable
branch
from
176e29d to
158d1e7
Compare
| bool "TF-M configure UART instance as secure peripheral" | ||
| default y if SOC_FAMILY_NORDIC_NRF && !TFM_LOG_LEVEL_SILENCE |
There was a problem hiding this comment.
Do we really need to make this user selectable? What about making it an internal helper like:
| bool "TF-M configure UART instance as secure peripheral" | |
| default y if SOC_FAMILY_NORDIC_NRF && !TFM_LOG_LEVEL_SILENCE | |
| default y if SOC_FAMILY_NORDIC_NRF || !TFM_LOG_LEVEL_SILENCE |
There was a problem hiding this comment.
I don't see why it shouldn't be user selectable. Maybe the user still wants the secure UART (for FW updates? not sure if possible) but still doesn't want any log output. Or maybe there is some custom log output backend (RTT).
Not sure if it was a typo or not, but changing the default to || is wrong, especially in the context of the other suggestion, since it forces all nRF parts to enable secure UART, even if there is no physical connection on the board.
There was a problem hiding this comment.
I don't see why it shouldn't be user selectable. Maybe the user still wants the secure UART (for FW updates? not sure if possible) but still doesn't want any log output. Or maybe there is some custom log output backend (RTT).
Good point.
Not sure if it was a typo or not, but changing the default to || is wrong, especially in the context of the other suggestion, since it forces all nRF parts to enable secure UART, even if there is no physical connection on the board.
It seems to me that all Nordic boards set SECURE_UART1=ON in TF-M. This happens in a file which has a parent directory named common so I assume it's done for all Nordic boards.
I think that the wrong part of my proposal was that for a Nordic board it was basically ignoring !TFM_LOG_LEVEL_SILENCE which is the most relevant condition here, so I agree it was not correct. Sorry for that.
I did a quick check in TF-M on which platform enable SECURE_UART1 and it seems that Nordic are the only ones, so in conclusion the condition you wrote here mimic that part so I'm fine with that.
IMO a nice follow-up would be to remove the logic from TF-M and just reduce the condition above to simply default y if !TFM_LOG_LEVEL_SILENCE, but I guess that this would impact more platforms, so totally out of scope here.
There was a problem hiding this comment.
This option should be default=y.
The user should set OFF in their own application.
There was a problem hiding this comment.
Nope, that breaks platforms by enabling the define for platforms that don't support it. If the builds are still available you can see this in the CI history.
There was a problem hiding this comment.
Nak on this PR.
This should be clarify before disable the serial port for all platform except Nordic.
There was a problem hiding this comment.
Just to be clear, your NAK is because of a TF-M default that has been in place for at least 5 years?
zephyrproject-rtos/trusted-firmware-m@9ec67e6
Possibly longer, I don't care enough to search down where the option originally came from.
There was a problem hiding this comment.
if I understood correctly, this change will replace the default in the TF-M boards (including all Out-Of-Tree boards).
If someone is developing a product with a board defined by a vendor inside TF-M mainline IMHO it is a big mistake! That is only a reference to make a development board run and make tests. A real TF-M application will have an OOT board with their own configuration and flash layout and this is changing the default on that boards without notice.
There was a problem hiding this comment.
Fair enough, added to the migration guide
There was a problem hiding this comment.
Maybe a config choice could help, to either enforce the secure UART on or off or leave it to TF-M native default config.
| bool "TF-M configure UART instance as secure peripheral" | ||
| default y if SOC_FAMILY_NORDIC_NRF && !TFM_LOG_LEVEL_SILENCE |
There was a problem hiding this comment.
This option should be default=y.
The user should set OFF in their own application.
Explicitly disable the SECURE_UART TFM define when `CONFIG_TFM_LOG_LEVEL_SILENCE=y`. The secure UART is only enabled by default on nRF platforms to match the current TF-M defaults. Signed-off-by: Jordan Yates <[email protected]>
JordanYates
force-pushed
the
250906_tfm_secure_uart_disable
branch
from
158d1e7 to
c2c382a
Compare
|
|
CC: @erwango , @etienne-lms |
| * The ``SECURE_UART1`` TF-M define is now controlled by the Zephyr buildsystem | ||
| :kconfig:option:`CONFIG_TFM_SECURE_UART`. This option will override any platform values previously |
There was a problem hiding this comment.
| * The ``SECURE_UART1`` TF-M define is now controlled by the Zephyr buildsystem | |
| :kconfig:option:`CONFIG_TFM_SECURE_UART`. This option will override any platform values previously | |
| * The ``SECURE_UART1`` TF-M define is now controlled by the | |
| :kconfig:option:`CONFIG_TFM_SECURE_UART` Kconfig option. This option will override any platform values previously |
There was a problem hiding this comment.
I was explicit about the "Zephyr build system" comment because TF-M also uses Kconfig internally (even though Zephyr doesn't use it) and I wanted to be clear about where the option sits.
There was a problem hiding this comment.
Then maybe rather the following?
| * The ``SECURE_UART1`` TF-M define is now controlled by the Zephyr buildsystem | |
| :kconfig:option:`CONFIG_TFM_SECURE_UART`. This option will override any platform values previously | |
| * The ``SECURE_UART1`` TF-M define is now controlled by Zephyr's | |
| :kconfig:option:`CONFIG_TFM_SECURE_UART`. This option will override any platform values previously |
|
I'll add DNM to ST have time to look on this. |
Why ST specifically? It doesn't look like they use the define in any of their upstream boards? |
|
Also, adding the |
There was a problem hiding this comment.
Sorry for this late reply.
I'm fine with the idea of the change. Having more control on TF-M configuration from Zephyr configs is better IMHO.
@nandojve, you can remove the DNM label, at least from my perspective.
| bool "TF-M configure UART instance as secure peripheral" | ||
| default y if SOC_FAMILY_NORDIC_NRF && !TFM_LOG_LEVEL_SILENCE |
There was a problem hiding this comment.
Maybe a config choice could help, to either enforce the secure UART on or off or leave it to TF-M native default config.
Explicitly disable the SECURE_UART TFM define when
CONFIG_TFM_LOG_LEVEL_SILENCE=y. The secure UART is only enabled by default on nRF platforms to match the current TF-M defaults.This results in the default values from the TF-M repo being overridden, e.g: