diff --git a/.github/update_versions.sh b/.github/update_versions.sh new file mode 100755 index 0000000..edb7398 --- /dev/null +++ b/.github/update_versions.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +SCRIPT=$(realpath -P $0) +DIRNAME=$(dirname ${SCRIPT}) + +VERSIONS=($(find -maxdepth 1 -mindepth 1 -type d) $(find -maxdepth 1 -mindepth 1 -type l)) +declare -A versions +for folder in ${VERSIONS[*]#./}; do + if [ -f $folder/footer.js ]; then + version=$(grep "Version" $folder/footer.js | \ + sed -r "s/.*'Version ([^']+)'.*/\1/" | \ + sed -r "s/\+.*$//" | \ + sed -r "s/([^0-9])$/\10/") + versions["$version"]="$folder" + fi +done +fields=() +for version in $(IFS=$'\n'; sed -r 's/$/_/' <<< "${!versions[*]}" | sort -Vr | sed -r 's/_$//'); do + fields+=( "\"${versions[$version]}\": \"$version\"" ) +done + +echo "//--- list of versions ---" > version.js +echo "const versions = {" >> version.js +echo -n " " >> version.js +echo $(IFS=,; echo "${fields[*]}") | sed 's/,/,\n /g' >> version.js +echo "}" >> version.js +echo "//--- list of versions ---" >> version.js +cat ${DIRNAME}/version.js.in >> version.js + +exit 0 diff --git a/.github/version.js.in b/.github/version.js.in new file mode 100644 index 0000000..ebdd88c --- /dev/null +++ b/.github/version.js.in @@ -0,0 +1,56 @@ + +var script = document.currentScript +if (script && script.src) { + var scriptUrl = new URL(script.src); + var docUrl = new URL(document.URL); + var baseUrl = new URL(scriptUrl) + baseUrl.pathname = baseUrl.pathname.split('/').slice(0,-1).join("/") + + function urlForVersion(url, version) { + url = new URL(url); + pathname = url.pathname.replace(baseUrl.pathname, ""); + parts = pathname.split("/"); + parts[1] = version; + url.pathname = baseUrl.pathname + parts.join("/"); + return url + } + + function writeVersionDropdown() { + currentVersion = document.currentScript.parentNode.innerText; + document.currentScript.parentNode.classList.add("dropdown"); + document.currentScript.parentNode.innerText = ""; + document.write(' '+currentVersion+''); + document.write('
The following table explains the output messages issued by CMSIS-Zone utility.
+Message | Description |
---|---|
Error Z101: <name>: Invalid memory size | Size of the memory region is invalid or negative |
Error Z102: <name>: Memory size exceeds parent region size | Size of the sub-memory region exceeds the available memory in the parent |
Error Z103: <name>: Invalid memory offset | Offset of the sub-memory region is invalid or negative |
Error Z104: <name>: Memory offset is outside parent boundary | Offset of the sub-memory region is outside of the available memory in the parent |
Error Z105: <name>: Memory exceeds parent region boundary | The sub-memory region exceeds the limits of physical memory space in the parent |
Error Z106: <name>: Memory region cannot be arranged: no physical slot is available | The memory region cannot be arranged as there is no physical memory space available |
Error Z107: <name>: Memory region fully overlaps with region <name> | The sub-memory region overlaps with another memory region |
Error Z108: <name>: Memory region partially overlaps with region <name> | The sub-memory region overlaps with another memory region |
Error Z110: <name>: Number of available MPU slots is exceeded | There are not enough MPU regions to allocate the required resources |
Error Z111: No MPU slot can be allocated according to ArmV7 requirements | There are not enough MPU regions to allocate the required resources |
Error Z112: <name>: Memory size is rounded up to align with ArmV7 MPU requirements | The Memory size of the region is increased due to MPU alignment restrictions |
Error Z120: No startup memory region is specified | There is not memory region for the reset vector (startup) defined |
Error Z121: Multiple startup memory regions are specified | There is more then one region for the reset vector (startup) defined |
Error Z201: <name>: Memory region is missing | The memory region in the assignment *.azone file is missing in the resource *.rzone file |
Error Z202: <name>: Peripheral group is missing | The peripheral group in the assignment *.azone file is missing in the resource *.rzone file |
Error Z203: <name>: Peripheral is missing | The peripheral in the assignment *.azone file is missing in the resource *.rzone file |
Error Z401: <name>: Device description is missing | The device specification in the resource *.rzone file is incomplete |
Error Z402: <name>: Device pack is not specified | The device specification in the resource *.rzone file is incomplete |
Error Z403: <name>: Device pack specification is invalid | The device specification in the resource *.rzone file is incomplete |
Error Z404: <name>: Resource file is missing | The resource *.rzone file referenced by the assignment *.azone file is missing |
Error Z405: <name>: Error reading resource file | The resource *.rzone file has an incorrect format |
Error Z406: <name>: Processor description is missing | The processor specification in the resource *.rzone file is incomplete |
Error Z407: <name>: Processor description: missing or invalid DnumInterrupts attribute for TrustZone device | The processor specification in the resource *.rzone file is incomplete |
Error Z408: <name>: Processor description: missing or invalid DnumSauRegions attribute for TrustZone device | The processor specification in the resource *.rzone file is incomplete |
Error Z501: <name>: Creating sub-zone files failed | The sub-zone resource files cannot be created |
Error Z601: <name>: creating FreeMarker model failed | The FreeMarker model *.fzone file cannot be created |
Error Z602: <name>: processing template file failed | The FreeMarker model template file cannot be processed |
Error Z603: <name>: processing template file failed | The FreeMarker model template file cannot be processed |
Error Z604: <name>: folder contains no template files | There are no FreeMarker model template files |
The Generator Data Model defines the resource and partition data structure for code generators. This data structure is connected to a FreeMarker template engine and file templates allow to generate various files that can be used to configure development tools or hardware components.
+system element provides memory layout and TrustZone configuration of the complete system. zone element setup information of a zone (or system partition) along with related peripherals.
+The variable types relevant for CMSIS-Zone are:
+scalar: variable that stores a single value of a scalar type scalar-types:
hash: variable that that stores one or more variables with a unique lookup name
+sequence: variable that stores sub-variables without names but instead are selected via index (myVariable[index])
+A variable is accessed using the dollar character followed by a variable or expression in brackets:
Output the name of the zone:
A sequence gets iterated:
Printing a sorted list of all available memory entries by start address
CMSIS-Zone simplifies to manage the complexity and the configuration of modern embedded systems that frequently include multiple processors and/or memory protection hardware. It helps to split the embedded application various projects which creates the need to partition system resources. And it simplifies the consistent configuration of access rights across the system, for example when using an MPU (memory protection unit).
+The following section describes several use cases that benefit from CMSIS-Zone.
+Focused on a single core microcontroller one might want to utilize the memory protection unit (MPU) capabilities to segregate parts of an application. Thus the need to partition the system resources accordingly arises.
+TrustZone extensions add another degree of segregation which must be handled consistently. In this case one has to handle MPU settings per security context and SAU configuration.
+Beside traditional single cores asymmetric and hybrid multi-core devices contribute to increasing development complexity for embedded systems. Having multiple cores running different parts of an application concurrently needs a well defined resource assignment to prevent undesired misbehavior.
+The interrupt[n] sequence element lists all interrupt sources available in the system.
+Parent Element | Element Chain | ||
---|---|---|---|
system | system element s | ||
Child Elements | Description | Type | |
.interrupt[n].name | The name of this interrupt. | xs:string | |
.interrupt[n].irqn | The interrupt number. | NonNegativeInteger | |
.interrupt[n].security | The security setting for this interrupt. | SecurityTypeEnum/xs:string | |
.interrupt[n].security.s | Peripheral with related interrupt is assigned to "secure" state. | xs:boolean | |
.interrupt[n].security.n | Peripheral with related interrupt is assigned to "non-secure" state. | xs:boolean | |
.interrupt[n].info | Brief description of the interrupt source. | xs:string |
The memory[n] sequence element provides a sequence of memory information.
+Parent Element | Element Chain | ||
---|---|---|---|
system | system element | ||
zone | zone element | ||
Child Elements | Description | Type | |
.memory[n] | Sequence of memory region information. | sequence | |
.memory[n].name | The name of this memory region. | xs:string | |
.memory[n].type | The type of memory in this region ("RAM" or "ROM"). | MemoryTypeEnum | |
.memory[n].start | The logical start address of the memory region in the address map. | NonNegativeInteger | |
.memory[n].physical | The physical start address of the memory region in the address map. | NonNegativeInteger | |
.memory[n].size | The size (in bytes) of the memory region. | NonNegativeInteger | |
.memory[n].security | The security setting for this memory region. | SecurityType | |
.memory[n].security.c | Memory has non-secure callable attribute set. | xs:boolean | |
.memory[n].security.s | Memory is access from "secure" state. | xs:boolean | |
.memory[n].security.n | Memory is access from "non-secure" state. | xs:boolean | |
.memory[n].access | The access permissions for this memory region in the following separate fields. | AccessType | |
.memory[n].access.r | The read access permission. | xs:boolean | |
.memory[n].access.w | The write access permission. | xs:boolean | |
.memory[n].access.x | The execution access permission. | xs:boolean | |
.memory[n].access.p | The peripheral access information. | xs:boolean | |
.memory[n].privilege | The privilege type settings for this memory region in the following separate fields. | PrivilegeType | |
.memory[n].privilege.p | The privileged level setting of privilege type. | xs:boolean | |
.memory[n].privilege.u | The unprivileged level setting of privilege type. | xs:boolean | |
.memory[n].startup | "1" specifies that this region is used for the startup code of the application. Default value is "0". | xs:boolean | |
.memory[n].uninit | "1" specifies that this region is not zero initialized during startup. Default value is "0". | xs:boolean | |
.memory[n].shared | "1" specifies that this region is used by multiple zones. Default value is "0". | xs:boolean | |
.memory[n].dma | "1" specifies that this region is accessed by a DMA controller. Default value is "0". | xs:boolean | |
.memory[n].info | Brief description of the memory region. | xs:string | |
.memory[n].linker_control | Brief description of the memory region. | xs:string |
The mpc_setup[n] element contains a sequence of device specific configuration for the setup of the Memory Protection Controller (MPC).
+Parent Element | Element Chain | ||
---|---|---|---|
system | system element | ||
Child Elements | Description | Type | |
.mpc_setup[n].name | The name of the base register that controls the MPC. | xs:string | |
.mpc_setup[n].memory | The name of the physical memory region that is connected via the MPC. | xs:string | |
.mpc_setup[n].blk_size | The block size information that CMSIS-Zone used for LUT generation. | NonNegativeInteger | |
.mpc_setup[n].S_bit[m] | A list of bit values for Secure attribute that are used to compose the LUT. | NonNegativeInteger | |
.mpc_setup[n].P_bit[m] | A list of bit values for Privileged attribute that are used to compose the LUT. | NonNegativeInteger | |
.mpc_setup[n].bits_comment[m] | The memory region information for source code comments that relate to S_bits or P_bits. | xs:string |
The mpu_setup element contains the configuration information for the Memory Protection Unit (MPU).
+Parent Element | Element Chain | ||
---|---|---|---|
zone | zone element | ||
Child Elements | Description | Type | |
mpu_setup.type | Implementation of the MPU ("v7M" or "v8M"). | xs:string | |
mpu_setup.region[n] | Sequence of MPU region settings. | sequence | |
mpu_setup.region[n].start | The base address of the region. | xs:string | |
mpu_setup.region[n].end | The end address of the region. | xs:string | |
mpu_setup.region[n].access.r | The read access permission setting for the region. | xs:boolean | |
mpu_setup.region[n].access.w | The write access permission setting for the region. | xs:boolean | |
mpu_setup.region[n].access.x | The execution access permission setting for the region. | xs:boolean | |
mpu_setup.region[n].access.p | The peripheral access information setting for the region. | xs:boolean | |
mpu_setup.region[n].privileged | '1' indicates that the region is set to Privileged mode. | xs:boolean | |
mpu_setup.region[n].shared | '1' indicates that the region is shared across various processors. | xs:boolean | |
mpu_setup.region[n].dma | '1' indicates that the region is accessed by a DMA controller. | xs:boolean | |
mpu_setup.region[n].rom | '1' indicates that the memory type of that region is ROM ('0' for RAM or peripheral). | xs:boolean | |
mpu_setup.region[n].addr_v7M | Only for v7M: Region base address field value for v7M register MPU_RBAR. | xs:string | |
mpu_setup.region[n].size_v7M | Only for v7M: Block size field value for v7M register MPU_RASR (examples: 4=32bytes, 9=1KB, 19=1MB). | xs:string | |
mpu_setup.region[n].srd_v7M | Only for v7M: Subregion disable value for v7M register MPU_RASR. | xs:string + + |
The peripheral[n] element contains a sequence of all peripherals that are accessible in the zone (or system partition).
+Parent Element | Element Chain | |
---|---|---|
system | system element | |
zone | zone element | |
Child Elements | Description | Type |
.peripheral[n].name | The name of the peripheral. | xs:string |
.peripheral[n].group | The name of the peripheral group that this peripheral belongs too. | xs:string |
.peripheral[n].start | The logical start address of the peripheral in the address map. | NonNegativeInteger |
.peripheral[n].size | The size (in bytes) of the peripheral. | NonNegativeInteger |
.peripheral[n].security | The security setting for this peripheral. | SecurityType |
.peripheral[n].security.s | Peripheral is assigned to "secure" state. | xs:boolean |
.peripheral[n].security.n | Peripheral is assigned to "non-secure" state. | xs:boolean |
.peripheral[n].access | The access permissions for this peripheral in the following separate fields. | AccessType |
.peripheral[n].access.r | The read access permission. | xs:boolean |
.peripheral[n].access.w | The write access permission. | xs:boolean |
.peripheral[n].access.x | The execution access permission. | xs:boolean |
.peripheral[n].access.p | The peripheral access information. | xs:boolean |
.peripheral[n].privilege | The privilege type settings for this peripheral in the following separate fields. | PrivilegeType |
.peripheral[n].privilege.p | The privileged level setting of privilege type. | xs:boolean |
.peripheral[n].privilege.u | The unprivileged level setting of privilege type. | xs:boolean |
.peripheral[n].shared | "1" specifies that this peripheral is used by multiple zones. Default value is "0". | xs:boolean |
.peripheral[n].dma | "1" specifies that this peripheral is accessed by a DMA controller. Default value is "0". | xs:boolean |
.peripheral[n].info | Brief description of the peripheral region. | xs:string |
The processor[n] sequence element provides a sequence of processor elements that are in the system.
+Parent Element | Element Chain | ||
---|---|---|---|
system | system element | ||
Child Elements | Description | Type | |
.processor[n].Pname | Name of the processor core. | RestrictedString | |
.processor[n].DnumInterrupts | Number of NVIC interrupts sources available to the processor core (excludes exception vectors). | NonNegativeInteger | |
.processor[n].DnumSauRegions | Number of regions in the Security Attribution Unit (SAU) of the processor core. | NonNegativeInteger |
The reg_setup[n] element contains a sequence of device specific configuration for the setup of the interrupts.
+Parent Element | Element Chain | ||
---|---|---|---|
system | system element | ||
Child Elements | Description | Type | |
.reg_setup[n].name | The name of the register or array that holds the configuration information. | xs:string | |
.reg_setup[n].index | The index value for the register array. | NonNegativeInteger | |
.reg_setup[n].peripheral[m] | An array with the peripheral names that setup belongs too. | xs:string | |
.reg_setup[n].slot[m] | An array with the slot names that setup belongs too. The value is empty when setup is not related to a slot | xs:string | |
.reg_setup[n].value[m] | An array with register setup values (corresponds to .peripheral[m] and .slot[m] above). | NonNegativeInteger |
The sau[n] sequence element lists all SAU regions for initialization in this system.
+It lists all SAU regions that require either non-secure access or non-secure callable attribute. The SAU region list is generated from:
Parent Element | Element Chain | ||
---|---|---|---|
system | system element | ||
Child Elements | Description | Type | |
.sau[n].start | The logical start address for the region. | xs:string | |
.sau[n].end | The logical end address for the region. | xs:string | |
.sau[n].nsc | If set to 1 the region is secure, non-secure callable. | SecurityTypeEnum/xs:string | |
.sau[n].info | List of memory regions or info from /rzone/sau_init/region element. | xs:string |
The system element provides the memory layout and the TrustZone configuration of the complete system. This information can be used for example, to create a linker script that defines the memory setup of the SoC system.
+Child Elements | Description | Type |
---|---|---|
.processor | A sequence of all processor elements available in the system resource file. | sequence |
.memory | A sequence of all memory regions available in the system resource file. | sequence |
.peripheral | A sequence of all peripherals available in the system resource file. | sequence |
.sau | A sequence of all SAU regions for initialization. | sequence |
.interrupt | A sequence of all interrupt sources available. | sequence |
.mpc_setup | Contains the device specific configuration registers for the setup of the Memory Protection Controller (MPC). | sequence |
.reg_setup | Contains the device specific configuration registers for the setup of the peripherals. | sequence |
The zone element provides the setup information of a zone (or system partition) along with related peripherals. This information can be used for example, to create the MPU setup that is required for various execution zones along with the related linker setup.
+Child Elements | Description | Type |
---|---|---|
.name | The name of the zone (or system partition). | string |
.Pname | Name of the processor core. | RestrictedString |
.class | Class information for execution zones. | string |
.security | The security setting for this zone in the following separate fields. | SecurityType |
.security.s | Zone is executed in "secure" state. | xs:boolean |
.security.n | Zone is executed in "non-secure" state. | xs:boolean |
.privilege | The privilege type settings for this zone in the following separate fields. | PrivilegeType |
.privilege.p | Zone is executed in privileged level. | xs:boolean |
.privilege.u | Zone is executed in unprivileged level. | xs:boolean |
.memory | A sequence of all memory regions that are accessible in the zone (or system partition). | sequence |
.peripheral | A sequence of all peripherals that are accessible in the zone (or system partition). | sequence |
.interrupt | A sequence of all interrupt sources that belong to peripherals that are accessible in the zone (or system partition). | sequence |
.mpu_setup | A sequence of configuration information for the Memory Protection Unit (MPU). | sequence |
Embedded systems frequently integrate specify hardware for access protection or system isolation. For example, a Cortex-M33 processor based system may incorporate:
Embedded systems may also integrate multiple processors that share system resources (memory and peripherals). In an AMP (Asymmetric Multiprocessor System) it is required to assign or partition the available resources to various processors that execute independent parts of the application software.
+CMSIS-Zone helps you to manage this complexity and allows to partition an embedded system into project zones and/or execution zones.
+A project zone defines the memory resources and peripherals for a sub-project that execute on the system. Typical examples are boot-loader and user application, however also the secure and non-secure parts of a Cortex-M TrustZone system is defined using project zones.
+An execution zone is a software compartment that is protected using a MPU. It defines the access rights to memory and peripherals for a isolated part of the system. This ensures that for example a communication stack (with design flaws) cannot tamper the data or peripherals of other critical parts in a system.
+CMSIS-Zone includes a utility that allows you to manage these zones. The input to this utility is a resource (*.rzone) file the defines the system resources including memory and peripherals.
+For these resources the user interface of the CMSIS-Zone utility allows:
This system configuration is stored in an assignment (*.azone) file. With the Generate function of the CMSIS-Zone utility, the resource and configuration data can be used to generate:
The following diagram shows the development work flow when using the CMSIS-Zone management tool.
+It is possible to uses these steps multiple times which allows to split a complex SoC design with multiple processors into smaller sub-systems. For example a multi-core device can be partitioned in steps:
The following SoC diagram exemplifies step 1 and step 2 of this workflow.
+The following sections explain:
This video show how to use the CMSIS-Zone Utility :
++ +
+