modules: trusted-fimware-m: Add memory configuration logs#28732
modules: trusted-fimware-m: Add memory configuration logs#28732AntonZma wants to merge 1 commit into
Conversation
NordicBuilder
added
doc-required
CI InformationTo view the history of this post, click the 'edited' button above Inputs:Sources:sdk-nrf: PR head: 0e49f28abed5fb4547d62c0dc84cb6ebe10c8b72 more detailssdk-nrf:
Github labels
List of changed files detected by CI (9)Outputs:ToolchainVersion: b819b2845f Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped;
|
| during TF-M initialization. It contains address ranges of the non-secure | ||
| memory regions (both volatile and non-volatile). The rest of the memory | ||
| is secure by default. | ||
| This option is currently available for nRF54L15/10/05. |
There was a problem hiding this comment.
This is blocked on SOC_SERIES_NRF54L, but you state that only 54l15/10/05 is supported. Do you mean all 54L devices or is this restricted to 54L15? And if restricted to 54L15 why?
There was a problem hiding this comment.
Yes, you are right. This option is for all nRF54L devices (which are being configured in target_cfg_54l.c )
|
You can find the documentation preview for this PR here. Preview links for modified nRF Connect SDK documents: |
| * Added: | ||
|
|
||
| * Support for the X25519 key pair storage in the :ref:`Key Management Unit (KMU) <ug_kmu_guides_supported_key_types>`. | ||
| * The :kconfig:option:`CONFIG_TFM_LOG_NS_MEMORY_LAYOUT` to print the configuration of SAU and MPC during TF-M initialization of the nRF54L15 devices. |
There was a problem hiding this comment.
| * The :kconfig:option:`CONFIG_TFM_LOG_NS_MEMORY_LAYOUT` to print the configuration of SAU and MPC during TF-M initialization of the nRF54L15 devices. | |
| * The :kconfig:option:`CONFIG_TFM_LOG_NS_MEMORY_LAYOUT` Kconfig option to print the configuration of SAU and MPC during TF-M initialization of the nRF54L15 devices. |
| * Added: | ||
|
|
||
| * Support for the X25519 key pair storage in the :ref:`Key Management Unit (KMU) <ug_kmu_guides_supported_key_types>`. | ||
| * The :kconfig:option:`CONFIG_TFM_LOG_NS_MEMORY_LAYOUT` Kconfig option to print the configuration of SAU and MPC during TF-M initialization of the nRF54L15 devices. |
There was a problem hiding this comment.
nrf54L15 -> nr54L series devices maybe? Since this is not specific to the nrf54L15.
|
|
||
| static void log_memory_protection_sau(void) | ||
| { | ||
| uint32_t sau_regions_count = SAU->TYPE; |
There was a problem hiding this comment.
Maybe here it will make sense to do SAU->TYPE & 0xF since the rest of the field is reserved?
https://developer.arm.com/documentation/100235/0100/The-Cortex-M33-Peripherals/Security-Attribution-and--Memory-Protection/Security-Attribution-Unit-Type-Register?lang=en
There was a problem hiding this comment.
Yeah, it definitely makes sense
|
|
||
| static void log_memory_protection_mpc(void) | ||
| { | ||
| /* On 54l the NRF_MPC00->REGION[]'s are fixed in HW and the |
There was a problem hiding this comment.
Nit, in 54L there are only overrides, not regions
| for (uint32_t i = 0; i <= max_index; i++) { | ||
| config = nrf_mpc_override_config_get(NRF_MPC00, i); | ||
| if (config.enable) { | ||
| SPMLOG_INFMSG("NS region\r\n"); |
There was a problem hiding this comment.
Since MPC could possibly set the override as secure do you think that it makes sense to also call nrf_mpc_override_perm_get here and check the secure bit?
https://docs-be.nordicsemi.com/bundle/ps_nrf54L15/page/mpc.html#register.OVERRIDE.PERM
There was a problem hiding this comment.
Yeah, this is a more universal approach. When implementing this I checked how this is configured in target_cfg_54l.c.
Anyway, now it is updated to check both PERM and PERMMASK.
| * Added: | ||
|
|
||
| * Support for the X25519 key pair storage in the :ref:`Key Management Unit (KMU) <ug_kmu_guides_supported_key_types>`. | ||
| * The :kconfig:option:`CONFIG_TFM_LOG_NS_MEMORY_LAYOUT` Kconfig option to print the configuration of SAU and MPC during TF-M initialization of the nRF54L15 devices. |
There was a problem hiding this comment.
| * The :kconfig:option:`CONFIG_TFM_LOG_NS_MEMORY_LAYOUT` Kconfig option to print the configuration of SAU and MPC during TF-M initialization of the nRF54L15 devices. | |
| * The :kconfig:option:`CONFIG_TFM_LOG_NS_MEMORY_LAYOUT` Kconfig option, which prints the configuration of SAU and MPC during the initialization of TF-M on the nRF54L Series devices. |
|
|
||
| static void log_memory_protection_mpc(void) | ||
| { | ||
| /* On 54l the NRF_MPC00->REGION[]'s are fixed in HW and the |
There was a problem hiding this comment.
| /* On 54l the NRF_MPC00->REGION[]'s are fixed in HW and the | |
| /* On 54L, the regions (NRF_MPC00->REGION[]) are fixed in HW and the |
There was a problem hiding this comment.
Rephrased a bit after applying a fix suggested by Georgios
| { | ||
| /* On 54l the NRF_MPC00->REGION[]'s are fixed in HW and the | ||
| * OVERRIDE indexes (that are useful to us) start at 0 and end | ||
| * (inclusive) at 4. |
There was a problem hiding this comment.
| * (inclusive) at 4. | |
| * at 4 (inclusive). |
| This option activates logic to print the configuration of SAU and MPC | ||
| during TF-M initialization. It contains address ranges of the non-secure | ||
| memory regions (both volatile and non-volatile). The rest of the memory | ||
| is secure by default. | ||
| This option is currently available for all nRF54L devices. |
There was a problem hiding this comment.
| This option activates logic to print the configuration of SAU and MPC | |
| during TF-M initialization. It contains address ranges of the non-secure | |
| memory regions (both volatile and non-volatile). The rest of the memory | |
| is secure by default. | |
| This option is currently available for all nRF54L devices. | |
| This option activates the logic to print the configuration of SAU and MPC | |
| during the initialization of TF-M. The logic targets address ranges of the non-secure | |
| memory regions (both volatile and non-volatile). The rest of the memory | |
| is secure by default. | |
| This option is currently available for all nRF54L Series devices. |
The only way to extract the actual information about memory regions configured as non-secure is by debugging the code. This commit adds debug functions for printing SAU and MPC configuration of nRF54L devices. It also modifies the existing code printing configuration for MPU and SPU, aligning its implementation with SAU/MPC. A new KConfig option to activate this functionality has also been added. Ref: NCSDK-38986 Signed-off-by: Anton Zyma <anton.zyma@nordicsemi.no>
| uint32_t sau_regions_count = SAU->TYPE & SAU_TYPE_SREGION_Msk; | ||
| uint32_t limit_address; | ||
|
|
||
| SPMLOG_INFMSG("SAU config:\r\n"); |
| CONFIG_PSA_WANT_ALG_SHA_256=y | ||
| CONFIG_PSA_WANT_KEY_TYPE_HMAC=y | ||
|
|
||
| CONFIG_TFM_LOG_NS_MEMORY_LAYOUT=y |
There was a problem hiding this comment.
I guess this was added by accident, right?
8 participants
The only way to extract the actual information about memory regions configured as non-secure is by debugging the code.
This PR adds debug functions for printing SAU and MPC configuration of nRF54L devices, as well as modifying the existing code printing configuration for MPU and SPU, aligning its implementation with SAU/MPC.
A new KConfig option to activate this functionality has also been added.