modules: TF-M: Add TF-M HAL function to enable system off

modules/trusted-firmware-m/CMakeLists.txt

@@ -103,6 +103,7 @@ set_property(TARGET zephyr_property_target
   $<$<BOOL:${CONFIG_NRF_SECURE_APPROTECT_USER_HANDLING}>:-DCONFIG_NRF_SECURE_APPROTECT_USER_HANDLING=ON>
   $<$<BOOL:${CONFIG_IDENTITY_KEY_TFM}>:-DCONFIG_IDENTITY_KEY_TFM=ON>
   $<$<BOOL:${CONFIG_TFM_PS_SUPPORT_FORMAT_TRANSITION}>:-DPS_SUPPORT_FORMAT_TRANSITION=ON>
+  $<$<BOOL:${CONFIG_TFM_NRF_SYSTEM_OFF_SERVICE}>:-DTFM_NRF_SYSTEM_OFF_SERVICE=ON>
 )
 
 if(CONFIG_TFM_PROFILE_TYPE_MINIMAL)

modules/trusted-firmware-m/Kconfig

@@ -538,4 +538,18 @@ config TFM_PSA_FRAMEWORK_HAS_MM_IOVEC
 	  Memory-mapped iovecs provide direct mapping of client input and output vectors into
 	  the Secure Partition.
 
+config TFM_NRF_SYSTEM_OFF_SERVICE
+	bool "TF-M NRF System Off Service [EXPERIMENTAL]"
+	depends on TFM_ISOLATION_LEVEL = 1
+	depends on TFM_SFN
+	depends on SOC_SERIES_NRF54LX
+	depends on !RETAINED_MEM_NRF_RAM_CTRL
+	select EXPERIMENTAL
+	help
+	  Provide a system off service for the nRF54L series SoCs.
+	  This service allows the non-secure application to request
+	  the system to enter system off mode via a secure service call.
+	  This service will disable RAM retention for all RAM blocks
+	  before entering system off mode.
+
 endif # BUILD_WITH_TFM

modules/trusted-firmware-m/tfm_boards/src/tfm_platform_system.c

@@ -16,6 +16,9 @@
 #include <tfm_hal_isolation.h>
 
 #include <hal/nrf_gpio.h>
+#include <hal/nrf_regulators.h>
+#include <helpers/nrfx_ram_ctrl.h>
+
 #include "handle_attr.h"
 
 #if NRF_ALLOW_NON_SECURE_FAULT_HANDLING
@@ -28,6 +31,20 @@ void tfm_platform_hal_system_reset(void)
 	NVIC_SystemReset();
 }
 
+#if TFM_NRF_SYSTEM_OFF_SERVICE
+enum tfm_platform_err_t tfm_platform_hal_system_off(void)
+{
+	__disable_irq();
+
+	nrfx_ram_ctrl_retention_enable_all_set(false);
+
+	nrf_regulators_system_off(NRF_REGULATORS);
+
+	/* This should be unreachable */
+	return TFM_PLATFORM_ERR_SYSTEM_ERROR;
+}
+#endif /* TFM_NRF_SYSTEM_OFF_SERVICE */
+
 #if CONFIG_FW_INFO
 static enum tfm_platform_err_t tfm_platform_hal_fw_info_service(psa_invec *in_vec,
 								psa_outvec *out_vec)

samples/zephyr/boards/nordic/system_off/boards/nrf54l15dk_nrf54l10_cpuapp_ns.conf

@@ -0,0 +1,2 @@
+CONFIG_TFM_SFN=y
+CONFIG_TFM_NRF_SYSTEM_OFF_SERVICE=y

samples/zephyr/boards/nordic/system_off/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf

@@ -0,0 +1,2 @@
+CONFIG_TFM_SFN=y
+CONFIG_TFM_NRF_SYSTEM_OFF_SERVICE=y

samples/zephyr/boards/nordic/system_off/boards/nrf54lm20dk_nrf54lm20a_cpuapp_ns.conf

@@ -0,0 +1,2 @@
+CONFIG_TFM_SFN=y
+CONFIG_TFM_NRF_SYSTEM_OFF_SERVICE=y

samples/zephyr/boards/nordic/system_off/boards/nrf54lv10dk_nrf54lv10a_cpuapp_ns.conf

@@ -0,0 +1,2 @@
+CONFIG_TFM_SFN=y
+CONFIG_TFM_NRF_SYSTEM_OFF_SERVICE=y

west.yml

@@ -64,7 +64,7 @@ manifest:
     # https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/modules.html
     - name: zephyr
       repo-path: sdk-zephyr
-      revision: dc05376c170fc2739a4881629caf49c40d485a9e
+      revision: pull/3330/head
       import:
         # In addition to the zephyr repository itself, NCS also
         # imports the contents of zephyr/west.yml at the above
@@ -147,7 +147,7 @@ manifest:
     - name: trusted-firmware-m
       repo-path: sdk-trusted-firmware-m
       path: modules/tee/tf-m/trusted-firmware-m
-      revision: 565a30c7f4426cdf644bff03766a292dd509ee9c
+      revision: pull/212/head
     - name: psa-arch-tests
       repo-path: sdk-psa-arch-tests
       path: modules/tee/tf-m/psa-arch-tests