You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
port/armv8m-tz: NSC bridge transport for ARMv8-M TrustZone
Rename port/stmicro/stm32-tz to port/armv8m-tz to reflect that the
transport is target-agnostic across ARMv8-M parts (Cortex-M23/M33/
M35P/M55/M85). The target-specific NSC veneer is provided by the
host; the only ARM-flavored thing in the transport is the documented
expectation that the extern wcs_wolfhsm_transmit symbol is a
cmse_nonsecure_entry on the secure side.
Config define renamed WOLFHSM_CFG_PORT_STM32_TZ_NSC ->
WOLFHSM_CFG_PORT_ARMV8M_TZ_NSC and make flag STM32_TZ_NSC=1 ->
ARMV8M_TZ_NSC=1. wh_settings.h doc, chapter08 port docs, and the
CI step name all updated to drop STM32-specific wording.
Review fixes folded in:
- _NscServerRecv clears ctx->rsp_size up-front so error paths leave
no stale response state behind.
- _NscClientRecv rejects too-small caller buffers with WH_ERROR_BADARGS
instead of WH_ERROR_ABORTED; cached response is preserved for retry.
- _NscClientSend returns WH_ERROR_NOTREADY if a prior response has not
been consumed; propagates known WH_ERROR_* codes from the veneer.
- _NscServerCleanup zeroes the context so stale NS pointers cannot
survive a reinit.
- Reorder whTransportNscServerContext fields to satisfy -Wpadded.
- Cover the new behaviors in wh_test_transport_nsc and add the NSC
contexts to the struct padding check.
Copy file name to clipboardExpand all lines: docs/src/chapter08.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,15 +46,15 @@ The distribution of this port is restricted by the vendor. Please contact suppo
46
46
- 1x 100MHz e200z0 PowerPC HSM core with NVM
47
47
- Crypto offload: TRNG, AES128
48
48
49
-
### STM32 TrustZone (STM32H5 / NSC bridge)
49
+
### ARMv8-M TrustZone (NSC bridge)
50
50
51
-
The `port/stmicro/stm32-tz` port provides a synchronous TrustZone non-secure-callable bridge transport for ARMv8-M Cortex-M targets. It is designed for the wolfBoot deployment in which the secure-side wolfBoot image hosts a wolfHSM server and exposes it to the non-secure application through a single `cmse_nonsecure_entry` veneer (`wcs_wolfhsm_transmit`); see `wolfBoot/docs/wolfHSM.md` for the build, flash, and test recipe on STM32H5.
51
+
The `port/armv8m-tz` port provides a synchronous TrustZone non-secure-callable bridge transport for any ARMv8-M Cortex-M target (Cortex-M23 / M33 / M35P / M55 / M85). It is designed for deployments in which a secure-side image hosts a wolfHSM server and exposes it to the non-secure application through a single `cmse_nonsecure_entry` veneer (`wcs_wolfhsm_transmit`). The first integration is wolfBoot on STM32H5; see `wolfBoot/docs/wolfHSM.md` for the build, flash, and test recipe.
52
52
53
53
The port provides:
54
54
- Single-call NSC transport (no polling, no shared-memory ring): client `Send` invokes the host-supplied veneer inline and caches the response; client `Recv` consumes the cached response on the first call (subsequent calls return `WH_ERROR_NOTREADY` until the next `Send`).
55
55
- Server-side callbacks that consume the request the host's veneer parked in a static context and write the response back to the non-secure caller's buffer.
56
56
57
-
The transport itself is target-agnostic; the STM32H5-specific glue (NSC veneer, `whFlashCb` flash adapter, secure-side server init, NS test exerciser) lives in the wolfBoot port.
57
+
The transport is target-agnostic. Bringing it up on a new ARMv8-M part is a porting exercise on the host side only: provide the `cmse_nonsecure_entry` veneer that fronts `wcs_wolfhsm_transmit`, plus whatever flash/NVM adapter and server init the deployment needs.
0 commit comments