ARMmbed/mbed-os mbed-os-6.9.0

on GitHub

We are pleased to announce the Mbed OS 6.9.0 release is now available.

Summary

The main new functionality delivered as part of this release is support for the current 1.2 version of the TF-M reference software provided by the Trusted Firmware project. TF-M is our recommended secure side software for a Platform Security Architecture-compatible MCU platform. You can find out more on the 1.2 features here: https://www.trustedfirmware.org/blog/tfm-v1-2-blog/

Both the Arm provided PSA platforms, the Musca B1 and Musca B2 have been updated to support this new version of TF-M.

Migration Guide

This section lists specific changes which are part of this release and may
need special attention.

Fix Lora timer cancellation

14422

Summary of changes

Fix abusive use of LoRaWANTimer::stop. Events were cancelled even when they were being executed or after their execution.
This change reset the event ID to 0 before calling the callback.
A new API has been added to achieve this task: LoRaWANTimer::clear

CMake: support signing TF-M targets with post binary hooks

14361

Summary of changes

Changes:

• Add a post binary hook to sign TF-M targets: mbed_post_build_tfm_sign_image() (should work for any TF-M v1.2+ targets with secure and non-secure images in separate MCUboot slots). This was refactored from the existing tools/targets/ARM_MUSCA.py.
• Apply the signing hook to ARM_MUSCA_B1 and ARM_MUSCA_S1 targets.
• Copy the signing keys to each target's own directory, as per the new tools' convention (the old key paths are kept for compatibility of CLI 1 - to be deleted eventually).

Impact of changes

Images built for Musca B1 and S1 with Mbed CLI 2 are now signed and able to run on the targets.

Migration actions required

None.

Update TF-M support to v1.2

14354

Summary of changes

This PR brings in all the changes to update trusted-firmware-m support from v1.1 to v1.2:

• Mbed TLS 2.24.0 as required by TF-M v1.2
• TF-M v1.2 targets: PSA APIs from TF-M
• Support for ARM_MUSCA_B1 and ARM_MUSCA_S1 (configurations, bootloader binaries, secure binaries and signing scripts, etc.)
• Continued availability of psa_set_key_enrollment_algorithm() - deprecated, included for backward-compatibility only, to be removed from future TF-M updates
• Miscellaneous fixes to make sure all supported PSA targets work, see the commit history for details
• Changes in the trusted-firmware-m (link) and tf-m-tests (link) repositories to enable Mbed OS integration. Note that some of the changes have been upstreamed.
  Just as before this update
• CYTFM_064B0S2_4343W remains on TF-M v1.0, supporting mbed-os-example-psa but not mbed-os-tf-m-regression-tests. Any updates to this target are maintained by Cypress.
• Mbed PSA (non-TF-M) targets (e.g. K64F) continue to support mbed-os-example-psa. Note that Mbed PSA's APIs currently lag behind these of TF-M.
  The following have been removed:
• ARM_MUSCA_A as an Mbed target
• Integration of TF-M v1.1 (replaced by v1.2)
• <TARGET>_NS aliases for ARM_MUSCA_B1 and ARM_MUSCA_S1
  Not yet included in this PR, to be added in the very near future:
• Image signing for ARM_MUSCA_B1 and ARM_MUSCA_S1 with Mbed CLI 2. Until we add this, please use Mbed CLI 1 for now.

Impact of changes

See the PR description for targets that are impacted.

Migration actions required

From the perspective of Mbed OS support, applications for ARM_MUSCA_B1 and ARM_MUSCA_S1 should continue to work as before.
A board running the TF-M v1.1 firmware should be able to update to the v1.2 firmware without resetting data (verified on Musca targets), though downgrading is not possible.
Any references to ARM_MUSCA_B1_NS and ARM_MUSCA_S1_NS as target names should be changed to have _NS removed from the names.

Add lw ip opttion for rdnss

14343

Summary of changes

Added Options to turn on RDNSS using from ICMPv6 Router Advertisements (RFC5006)
and output packet queueing.
Default setting in mbed_lib is the same as before and leaving features to be turned off.

Impact of changes

RDNSS option takes about 256 bytes of flash and each DNS entry needs 128 bytes of RAM.
Outgoing packet caching avoids dropping packets during MAC address resolution. Requires increased RAM size for lwIP.

Known Issues

We publish Mbed OS as a collection of modules on GitHub. Issues are raised in the specific repositories and then tracked internally. The purpose of this section is to provide a single view of the outstanding key issues that have not been addressed for this release. As such, it is a filtered and reviewed list based on priority and potential effect. Each item summarizes the problem and includes any known workarounds, along with a link to the GitHub issue (if applicable). We welcome any comments or proposed solutions.

For more information about an issue, contact us on the forum.

TLS: IP addresses in the X.509 certificate subjectAltNames

• Description: Parsing IP addresses in the X.509 certificate subjectAltNames is not supported yet. In certificate chains relying on IP addresses in subjectAltNames a BADCERT_CN_MISMATCH error is returned.
• Workaround: merge branch https://github.com/ARMmbed/mbedtls/tree/iotssl-602-san-ip into your copy of Mbed TLS before building the application. It is still in EXPERIMENTAL stage, use it on your own responsibility!
• Reported Issue: Issue reported by a customer in email.
• Priority: MAJOR

TLS: Mismatch of root CA and issuer of CRL not caught

• Description: The x509_crt_verifycrl() function ignores the CRL, when the CRL has an issuer different from the subject of root CA certificate.
• Workaround: Make sure that the issuer of the CRL and the root CA certificate's subject are the same before passing them to x509_crt_verifycrl().
• Reported Issue: Reported by a partner.
• Priority: MAJOR

TLS: Self Test Failure with Some Hardware Accelerators

• Description: Most HW acceleration engines (if not all) require the parameters to be from contiguous memory.
  All the self tests use test vectors that are defined in the .bss section, which means these are not contiguous. This causes the self test to possibly fail, when implementing HW accelerated engines.
• Workaround: There are no known workarounds.
• Reported Issue: Reported by the development team.
• Priority: MAJOR

TLS: Hardware-accelerated hash creates CBC padding oracle in TLS

• Description: The current countermeasures against CBC padding oracle attacks in Mbed TLS call a low level internal API. The implementation of this API might not be possible with the hardware accelerator API and even if it is, the timing might still have detectable differences. The lower level API is called out of sequence and accelerators that are not aware of this might crash.
• Workaround: Keep MBEDTLS_SSL_ENCRYPT_THEN_MAC enabled in mbedtls/config.h and enable the Encrypt-then-MAC extension (RFC7366) on the peers side.
• Reported Issue: Reported by the development team.
• Priority: MAJOR

Crypto: Mbed OS ATECC608A example fails to build with IAR

• Description: The current ATECC608A secure element example fails to build with the IAR toolchain. The Microchip-provided cryptoauthlib library does not build with IAR.
• Workaround: Use a different toolchain, like GCC_ARM.
• Reported Issue: MicrochipTech/cryptoauthlib#116
• Priority: Minor

Tools: Error when running mbed test --compile/run list

• Description: The error, "pkg_resources.DistributionNotFound: The 'mbed-ls==1.*,>=1.5.1' distribution was not found and is required by icetea, mbed-flasher" is observed when running the command "mbed test -m K64F -t ARM --icetea --compile-list -vv".
• Workaround: None
• Reported Issues: #8064
• Priority: Major

Wi-SUN Hardfaults with IAR compiled image with Mbed OS 5.15.0

• Description: Mesh Wi-SUN FAN may HardFault in rare occasions with IAR8 compiled binaries during initial network connection.
• Workaround: The workaround is to use other compilers.
• Reported Issue: IOTTHD-3898
• Priority: Major

Test Report

Release automated CI test

In addition to regular Pull Request tests and Nightly test, we also ran a nightly release test on mbed-os 6.9.0-RC1

Results for the tests we run in CI on mbed-os 6.9.0-RC1 (nightly):

• Build Greentea ARMC6 - SOME FAILS (Issue: MBEDOSTEST-1163 - ARMC6 Failed to build mbed OS with LTO options)
• Build Greentea GCC_ARM - ALL PASSED
• Build Examples ARMC6 - ALL PASSED
• Build Examples GCC_ARM - ALL PASSED
• Build Cloud Examples ARMC6 - ALL PASSED
• Build Cloud Examples GCC_ARM - ALL PASSED
• Build CMAKE Examples ARMC6 - ALL PASSED
• Build CMAKE Examples GCC_ARM - ALL PASSED
• Unittest Test matrix - ALL PASSED
• GreenTea test matrix - ALL PASSED
  • Sporadic failure for connectivity-netsocket-tests-tests-network-interface test suite is observed on hardware boards such as K64, K66F, NUCLEO_F429ZI, and NUCLEO_F767ZI. These are observed only for test performed againt our hardare lab. Tests are passing consistently on local boards. This is strongly believed to be an infrastructure issue in our hardware lab and being addressed.
• Examples test matrix - ALL PASSED
• CMAKE Examples test matrix - ALL PASSED
• Exporter Test - SOME FAILS (Issue: IOTCORE-1663 - Nightly: Export uvision failing with missing context fault handler)
• Cloud Client integration Test - ALL PASSED
• Memory Usage Test - ALL PASSED

Toolchain Coverage

In the mbed OS 6.9.0 release. we are testing the following toolchains:

• ARM compiler 6.15.0
• GCC_ARM 9-2019-q4-major

Targets Coverage

In mbed OS 6.9.0, the compilation test targets scope has not changed and remains all mbed OS enabled targets.

At the time of the mbed-os 6.9.0 release, we run the greentea tests on the following targets:

• ARM_MUSCA_S1
• DISCO_L457VG_IOT01A
• K64F
• K66F
• NRF52840_DK
• NUCLEO_F429ZI
• NUCLEO_F767ZI
• NUCLEO_WB55RG

We have the following issues on the test jobs:

• MBEDOSTEST-1163 - ARMC6 Failed to build mbed OS with LTO options
• IOTCORE-1663 - Nightly: Export uvision failing with missing context fault handler

Test Numbers

Greentea test number 1675 (+0)
Unittest number 743 (+0)

Code Coverage

Test Code Coverage been tracked and information is published on COVERALLS

Memory Monitoring

Observed no significant changes from mbed-os-6.8.0

Contents

Ports for Upcoming Targets

Fixes and Changes

14423
STM32: AnalogOut: do not call HAL_DAC_Start in dac_write

14422
Fix Lora timer cancellation

14419
STM32: remove mbed.h include in connectivity

14418
EP_ATLAS: Fix mbedtools build errors

14416
CMake: Fix FF1705_L151CC build

14411
CMake: Fix Cortex-A9 flags for GCC_ARM toolchain

14410
CMake: Fix Renesas build error on Linux

14407
Add integer overflow check to the malloc wrappers

14403
update baud rate of CY8CKIT064B0S2_4343W to 115200

14402
Fix sys/stat.h issue for unit tests on macOS

14401
Workaround for Cortex-M33 Arm toochain linking

14393
Doc update: post build now supported on TF-M targets

14392
STM32WB: enable QSPI for custom boards

14391
Update secure binaries with platform init fix for ARM_MUSCA_S1

14390
Add extern "C" around am_hal_secure_ota.h functions

14387
Update serial_api.c - Issue #14353 - Setting BufferedSerial pin to NC throws runtime assertion

14386
Freescale: Remove IAR from list of supported toolchains

14380
CMake: Refactor target MCU_STM32F103xE library name

14379
Nuvoton: Enlarge NuMaker PWM duty cycle range

14378
CMake: Pass application/test name to post build operation

14376
CMake: Add mbed-cmsis-cortex-m into Nuvoton target

14375
CMake: Update readme for greentea test build procedure

14374
targets: Remove target. prefix from ARM-CM3DS-MPS2 override

14373
Add bare metal support to Nuvoton targets

14372
S1SBP6A: Add bare metal support

14368
Fix CMake include path for the minimal-printf test

14367
fix typo: replace underscore by hyphen in lwipstack/mbed_lib.json

14363
Add bare metal support to Silicon Labs targets

14362
Fix imgtool import for CYTFM_064B0S2_4343W signing

14361
CMake: support signing TF-M targets with post binary hooks

14355
CMake - Configure memory map per target to allow multiple add_executable

14354
Update TF-M support to v1.2

14351
STM32 - Add if !defined check for USE_HAL_XXX_REGISTER_CALLBACKS

14350
ARM_MPS2_Target: Fix conflicts in IAR configuration

14349
Add bare metal support to Nordic targets

14348
Add bare metal support to ARM FM targets

14347
Add bare metal support to Ambiq targets

14346
Add bare metal support to Analog Device targets

14345
Add bare metal support to Toshiba targets

14344
CMake: Fix PSOC6 post build script

14343
Add lw ip opttion for rdnss

14342
use calloc for new_interface_server

14341
Update stm32xx_emac driver traces

14340
STM32L5: enable USBDEVICE

14339
STM32F4 update drivers version to CUBE V1.26.0

14338
STM32: update readme with clock information

14337
STM32L1 update drivers version to CUBE V1.10.2

14334
CMake: Remove references of APP_TARGET

14328
CMake: Fix Greentea tests

14325
EP Atlas Target Updates

14323
Bring in MIMXRT1050_EVK changes from feature-wisun branch

14321
Mergify: remove stale label when PR is merged

14318
CMake: Fix path to STM32F0 GCC linker scripts

14316
MAX32625: Fix CMake build

14315
NUVOTON: Remove CMake listing of M261 include directory that do not exist

14314
CMake: Fix ARM MUSCA NS targets build

14313
CMake: Fix Cortex-M33 GCC build

14311
CMake: Fix Cortex-A9 builds with GCC_ARM

14306
CMake: Create CMSIS library targets to remove dependency on MBED_TARGET_LABELS

14305
BLE: fix indexing of array in Cordio host stack

14304
CMake: Refactor post-build hook to remove APP_TARGET references

14303
Add STM32F103xE SOC support

14301
Add bare metal support to Renesas targets

14300
Add bare metal support to ARM_MPS2_Target family of targets

14299
CMake: Refactor mapfile generation

14298
CMake: remove debug print

14295
CMake remove IAR references in the tree

14293
STM32L4 : align CMakeLists.txt with all STM32

14291
Add bare metal support to freescale targets

14271
Add .editorconfig file

Using this release

You can fetch this release from the mbed-os GitHub repository, using the tag "mbed-os-6.9.0".

If you need any help with this release please visit our support page, which provides reference links and details of our support channels.