Merge branch 'FreeRTOS:main' into dev/davhaz01/upgrade_tfm

.github/.cSpellWords.txt

@@ -100,6 +100,7 @@ indet
 inkey
 ioremap
 iotdeviceadvisor
+iotmsw
 iounmap
 IRIDIX
 iridix

.gitlab-ci.yml

@@ -280,6 +280,19 @@ integration-tests:
     - git config --global user.email "[email protected]"
     - git config --global user.name "ci"
     - git config --global core.autocrlf input
+    # With https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/commit/4471af64de1d481374881917bbba8736b1217530,
+    # a validation logic has been introduced which checks, if one of the
+    # address in an IP packet is loopback then both source and destination
+    # addresses must be loopback. For network interface tests, we run the
+    # server on the local machine and use loopback interface address in
+    # integration tests to communicate with the server. This causes
+    # validation logic to fail, as the destination address in the IP in the
+    # packet returned by the server is not a loopback address, but instead
+    # address assigned to the device. As a workaround, we use the ethernet
+    # interface address of the host machine instead of loopback to
+    # communicate with the server.
+    - host_ip_address=`ifconfig eth0 | grep -w 'inet' | awk '{print $2}'`
+    - sed -i "s/#define ECHO_SERVER_ENDPOINT .*$/#define ECHO_SERVER_ENDPOINT \"$host_ip_address\"/g" applications/freertos_iot_libraries_tests/test_param_config.h
     - ./tools/scripts/build.sh ${APP} --target $TARGET --toolchain $TOOLCHAIN --certificate_path $PWD/certificate.pem  --private_key_path $PWD/private_key.pem
     - pushd components/tools/freertos_libraries_integration_tests/library/tools/echo_server
     - go run echo_server.go&
@@ -304,6 +317,12 @@ integration-tests:
       -
         << : [*pipeline_config_corstone300, *pipeline_config_toolchain]
         APP: [freertos-iot-libraries-tests]
+  retry:
+    max: 2
+    when:
+      - script_failure
+      - stuck_or_timeout_failure
+      - runner_system_failure
   variables:
     GIT_SUBMODULE_STRATEGY: recursive
 
@@ -363,6 +382,12 @@ sw-vsi-configs-test:
          INFERENCE: [SOFTWARE]
          AUDIO: [ROM, VSI]
          TOOLCHAIN: [ARMCLANG]
+  retry:
+    max: 2
+    when:
+      - script_failure
+      - stuck_or_timeout_failure
+      - runner_system_failure
   variables:
     GIT_SUBMODULE_STRATEGY: recursive
 
@@ -404,6 +429,12 @@ gnu-toolchain-test:
          INFERENCE: [ETHOS, SOFTWARE]
          AUDIO: [ROM,VSI]
          TOOLCHAIN: [GNU]
+  retry:
+    max: 2
+    when:
+      - script_failure
+      - stuck_or_timeout_failure
+      - runner_system_failure
   variables:
     GIT_SUBMODULE_STRATEGY: recursive
 

README.md

@@ -106,6 +106,10 @@ of the verification fails, then MCUBoot stops the booting process.
 
 ## Software Components
 
+### Fetching
+
+Generally all the components used within the FRI project are fetched using `git submodules` from their official repositories into `components/` directory. Exact location and the version are recorded in the [manifest.yml](manifest.yml).
+
 ### Trusted Firmware M
 
 Trusted Firmware-M (TF-M) implements the Secure Processing Environment (SPE)
@@ -114,7 +118,7 @@ Cortex-M55, Cortex-M85 processors) and dual-core platforms. It is the platform
 security architecture reference implementation aligning with PSA Certified
 guidelines, enabling chips, Real Time Operating Systems and devices to become
 PSA Certified. Follow the [link](https://tf-m-user-guide.trustedfirmware.org/introduction/readme.html)
-for more information on Trusted Firmware M.
+for more information on Trusted Firmware M. To have a better overview of how Trusted Firmware M is integrated with the FRI project, you're kindly asked to check [Trusted Firmware M component document](docs/components/security/trusted_firmware-m/trusted_firmware-m.md)
 
 ### Mbed TLS
 
@@ -123,7 +127,7 @@ the SSL/TLS and DTLS protocols. The project provides reference implementation
 of [PSA Cryptography API Specification](https://developer.arm.com/documentation/ihi0086/b)
 by supporting the cryptographic operations via. PSA Crypto APIs. Follow the
 [link](https://www.trustedfirmware.org/projects/mbed-tls/) for more information
-on Mbed TLS.
+on Mbed TLS. To have a better overview of how Mbed TLS is integrated with the FRI project, you're kindly asked to check [Mbed TLS component document](docs/components/security/mbedtls/mbedtls.md)
 
 ### PKCS11 PSA Shim
 

applications/blinky/configs/freertos_config/CMakeLists.txt

@@ -16,5 +16,4 @@ target_link_libraries(freertos_config
     INTERFACE
         tfm-ns-interface
         app-config
-        fri-bsp
 )

applications/freertos_iot_libraries_tests/CMakeLists.txt

@@ -110,7 +110,6 @@ target_link_libraries(${CMAKE_PROJECT_NAME}
         ota-for-aws-iot-embedded-sdk
         provisioning-lib
         mbedtls
-        mbedtls-threading-freertos
         tfm-ns-interface
 )
 

applications/freertos_iot_libraries_tests/configs/freertos_config/CMakeLists.txt

@@ -16,5 +16,4 @@ target_link_libraries(freertos_config
     INTERFACE
         tfm-ns-interface
         app-config
-        fri-bsp
 )

applications/keyword_detection/CMakeLists.txt

@@ -142,7 +142,6 @@ target_link_libraries(keyword-detection
         helpers-events
         helpers-sntp
         mbedtls
-        mbedtls-threading-freertos
         ota-for-aws-iot-embedded-sdk
         provisioning-lib
         tfm-ns-interface

applications/keyword_detection/configs/freertos_config/CMakeLists.txt

@@ -16,5 +16,4 @@ target_link_libraries(freertos_config
     INTERFACE
         tfm-ns-interface
         app-config
-        fri-bsp
 )

applications/object_detection/CMakeLists.txt

@@ -126,7 +126,6 @@ target_link_libraries(object-detection
         isp-config
         isp_platform_driver
         mbedtls
-        mbedtls-threading-freertos
         ota-for-aws-iot-embedded-sdk
         provisioning-lib
         tfm-ns-interface

applications/object_detection/configs/freertos_config/CMakeLists.txt

@@ -16,5 +16,4 @@ target_link_libraries(freertos_config
     INTERFACE
         tfm-ns-interface
         app-config
-        fri-bsp
 )

applications/speech_recognition/CMakeLists.txt

@@ -152,7 +152,6 @@ target_link_libraries(speech-recognition
         fri-bsp
         helpers-events
         mbedtls
-        mbedtls-threading-freertos
         ota-for-aws-iot-embedded-sdk
         provisioning-lib
         speexdsp

applications/speech_recognition/configs/freertos_config/CMakeLists.txt

@@ -16,5 +16,4 @@ target_link_libraries(freertos_config
     INTERFACE
         tfm-ns-interface
         app-config
-        fri-bsp
 )

bsp/isp_mali-c55/integration/CMakeLists.txt

@@ -38,7 +38,7 @@ add_library(isp_platform_driver_system)
 target_link_libraries(isp_platform_driver_system
     PUBLIC
         isp_driver
-        freertos_kernel_include
+        freertos_kernel
 )
 target_include_directories(isp_platform_driver_system
     PUBLIC
@@ -87,5 +87,5 @@ target_sources(isp_control
 
 target_link_libraries(isp_control
     isp_driver
-    freertos_kernel_include
+    freertos_kernel
 )

components/connectivity/freertos_plus_tcp/integration/CMakeLists.txt

@@ -14,6 +14,12 @@ target_include_directories(freertos_plus_tcp SYSTEM
 )
 
 target_link_libraries(freertos_plus_tcp
+    PUBLIC
+        # TODO: The CS315 network interface layer inside the FreeRTOS TCP/IP stack
+        # https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/blob/main/source/portable/NetworkInterface/MPS4_CS315/Device/Include/SSE315.h#L62
+        # is done in such a way that it depends on fri-bsp. This dependency
+        # should be removed.
+        fri-bsp
     PRIVATE
         coremqtt
         helpers-events

components/freertos_kernel/CMakeLists.txt

@@ -18,4 +18,10 @@ endif()
 
 # FreeRTOS requires the freertos_config library to exist first
 add_library(freertos_config INTERFACE)
+target_include_directories(freertos_config
+    INTERFACE
+        $<$<STREQUAL:${ARM_CORSTONE_BSP_TARGET_PLATFORM},corstone300>:${IOT_REFERENCE_ARM_CORSTONE3XX_SOURCE_DIR}/bsp/corstone300/include>
+        $<$<STREQUAL:${ARM_CORSTONE_BSP_TARGET_PLATFORM},corstone310>:${IOT_REFERENCE_ARM_CORSTONE3XX_SOURCE_DIR}/bsp/corstone310/include>
+        $<$<STREQUAL:${ARM_CORSTONE_BSP_TARGET_PLATFORM},corstone315>:${IOT_REFERENCE_ARM_CORSTONE3XX_SOURCE_DIR}/bsp/corstone315/include>
+)
 add_subdirectory(library)

components/security/mbedtls/integration/CMakeLists.txt

@@ -21,6 +21,11 @@ target_link_libraries(mbedtls-threading-freertos
         mbedtls
 )
 
+target_link_libraries(mbedtls-config
+    INTERFACE
+        mbedtls-threading-freertos
+)
+
 target_link_libraries(mbedx509
     PUBLIC
         mbedtls-config

docs/components/security/mbedtls/mbedtls.md

@@ -0,0 +1,77 @@
+# MbedTLS
+
+## Overview
+
+MbedTLS is a lightweight crytographic and SSL/TLS library designed for embedded systems and IoT devices.
+
+It provides a wide range of cryptographic and security features including:
+* SSL/TLS support
+* Cryptography
+* Certificate handling
+* Key Management
+* Secure communication
+
+In the FRI, MbedTLS is a crucial component for ensuring secure communication between IoT devices and
+cloud services. It is primarily used for transport layer security, authentication, encryption and certificate management.
+
+Consult the FRI `manifest.yml` for the currently supported version of MbedTLS.
+
+## Configuration
+
+User must provide an MbedTLS configuration file. It can be an empty file or override MbedTLS default [configurations](https://tls.mbed.org/api/config_8h.html).
+
+The configuration file specified by the application is retrieved by adding the C macro `MBEDTLS_CONFIG_FILE=<filename>` to the `mbedtls-config` target and its include path.
+
+Example:
+
+```cmake
+target_include_directories(mbedtls-config
+    INTERFACE
+        mbedtls-config
+)
+
+target_compile_definitions(mbedtls-config
+    INTERFACE
+        MBEDTLS_CONFIG_FILE="aws_mbedtls_config.h"
+)
+```
+
+To enable the FreeRTOS threading protection `#define MBEDTLS_THREADING_ALT` should be present in the user provided mbedtls configuration file.
+
+## Integration
+
+### FreeRTOS threading support
+
+The library *`mbedtls-threading-freertos`* is implemented in the FRI to provide a threading implementation for MbedTLS using FreeRTOS threading API.
+
+The application must call `mbedtls_threading_set_alt()` to enable the multi threading protection.
+
+### Linking
+
+In your application's `CMakeLists.txt`, link the application executable against the `mbedtls` library alongside
+any other libraries you need:
+
+```cmake
+target_link_libraries(my-application
+    ...
+    mbedtls
+)
+```
+
+> :bulb: Replace `my-application` with the actual name of your application.
+
+This not only enables the linking of the `mbedtls` static library, but also makes its API headers' include paths
+available to your application.
+
+## Documentation
+
+For detailed documentation and API reference of MbedTLS, refer to the official [MbedTLS documentation][mbedtls-doc] or [GitHub repository][mbedtls-doc].
+
+## Support
+
+If you encounter any issues or have questions regarding the integration of MbedTLS into your IoT
+project, feel free to reach out to the Arm support community or consult the official documentation for
+assistance.
+
+[mbedtls-doc]: https://mbed-tls.readthedocs.io/en/latest/
+[mbedtls-repo]: https://github.com/Mbed-TLS/mbedtls