[nrf fromtree] platform: nordic: Remove FLPR reserved memory from Nor…#235
Draft
degjorva wants to merge 218 commits into
Draft
[nrf fromtree] platform: nordic: Remove FLPR reserved memory from Nor…#235degjorva wants to merge 218 commits into
degjorva wants to merge 218 commits into
Conversation
…al_adi Add support for Analog Devices MAX32657 platform and fetch ADI HAL library. Co-authored-by: Hao Zhang <Hao.Zhang@analog.com> Co-authored-by: Sadik Ozer <sadik.ozer@analog.com> Change-Id: If884aa9a35664f6117574b0d4cde363a19e4eca5 Signed-off-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> (cherry picked from commit 54a8a58)
To enable BL2 for MAX32657, this commit - Enables BL2 - Updates CMakeFile - Adds gcc linker file, common/gcc/tfm_bl2_common.ld copied as max32657_sla.ld - Adds system file Co-authored-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> Co-authored-by: Hao Zhang <Hao.Zhang@analog.com> Co-authored-by: Tanmaya Mishra <Tanmaya.Mishra@analog.com> Change-Id: Ifd0379aadd74df8006fad062397c093cab27c560 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit d3036b5)
Update CMakeFile for tf-m integration Enable tf-m flags in config file Co-authored-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> Co-authored-by: Hao Zhang <Hao.Zhang@analog.com> Co-authored-by: Tanmaya Mishra <Tanmaya.Mishra@analog.com> Change-Id: I67484cdd9c4b8d3c94873a2d1fc8e69ef7eb1d08 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit aa15c18)
Add PPC driver for MAX32657, it is a shim driver that filled with hal_adi call functions Co-authored-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> Co-authored-by: Hao Zhang <Hao.Zhang@analog.com> Co-authored-by: Tanmaya Mishra <Tanmaya.Mishra@analog.com> Change-Id: I1f16c64263846321f1f156b744af5ac25d0e6d12 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit 3599278)
Define secure, non-secure memory and required peripheral address Co-authored-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> Co-authored-by: Hao Zhang <Hao.Zhang@analog.com> Co-authored-by: Tanmaya Mishra <Tanmaya.Mishra@analog.com> Change-Id: I5b6c0335d6e34c55a7a671008848e94cb851b6fb Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit 609ef3f)
Set image region for fw and other section, flash devided as below /* Flash layout on MAX32657 with BL2 (multiple image boot): * * Secure flash address which 28th bit 1 is logical address * * 0X0100_0000 BL2 - MCUBoot (64KB) * 0x0101_0000 Secure image primary slot (320KB) * 0x0106_0000 Non-secure image primary slot (576KB) * 0x010F_0000 Secure image secondary slot (0KB) * 0x010F_0000 Non-secure image secondary slot (0KB) * 0x010F_0000 Scratch area (0) * 0x010F_0000 Protected Storage Area (0) * 0x010F_0000 Internal Trusted Storage Area (16 KB) * 0x010F_4000 OTP / NV counters area (16 KB) * 0x010F_8000 Unused (32KB) * * Flash layout on MAX32657 with BL2 (single image boot): * * 0X0100_0000 BL2 - MCUBoot (64KB) * 0x0101_0000 Primary image area (896KB): * 0x0101_0000 Secure image primary * 0x0106_0000 Non-secure image primary * 0x010F_0000 Secondary image area (0KB): * 0x010F_0000 Secure image secondary * 0x010F_0000 Non-secure image secondary * 0x010F_0000 Scratch area (0) * 0x010F_0000 Protected Storage Area (0) * 0x010F_0000 Internal Trusted Storage Area (16 KB) * 0x010F_4000 OTP / NV counters area (16 KB) * 0x010F_8000 Unused * * Flash layout on MAX32657, if BL2 not defined: * * 0X0100_0000 Secure image (512KB) * 0X0108_0000 Non-secure image (512KB) */ Co-authored-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> Co-authored-by: Hao Zhang <Hao.Zhang@analog.com> Co-authored-by: Tanmaya Mishra <Tanmaya.Mishra@analog.com> Change-Id: I0f7021ed6f06e56b5549bf5edfefc86adb12b604 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit 098c6bd)
Set the flag that required by the tf-m project - BL2 - RAM and Code size - Shared section size Co-authored-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> Co-authored-by: Hao Zhang <Hao.Zhang@analog.com> Co-authored-by: Tanmaya Mishra <Tanmaya.Mishra@analog.com> Change-Id: Ia3b343d3a3e363dd7b259580d7f1ad284ff29f1d Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit 8e0d63a)
Add flash driver for MAX32657, it is a shim driver that filled with hal_adi call functions Co-authored-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> Co-authored-by: Hao Zhang <Hao.Zhang@analog.com> Co-authored-by: Tanmaya Mishra <Tanmaya.Mishra@analog.com> Change-Id: I2a3691e2bb0946df8bf1f4fa57bb25a3dad4b5f4 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit dd40134)
- Disable PLATFORM_DEFAULT_OTP to implement MAX32657 OTP - Add read, write, get size functions - Before writing and after reading OTP cell bits are reverted due to default values not match with tfm expectation. On default tfm expect otp cell be 0x00 and bit can be transceived from 0 to 1 but MAX32657 OTP default value is 0xff and bits can be converted from 1 to 0. So that before write and after read bits are reverted. - Set bl2_rotpk_X size as 100 (max value) to get fix otp layout Change-Id: I325f2934a78633d6add6592dc9fdf1c3dcd852ba Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit 258b8fd)
Enable ioctl service to NS app (Zephyr) able to read - USN - LDO_TRIM_BB/RF - DBB_SETTINGS Co-authored-by: Sadik Ozer <sadik.ozer@analog.com> Change-Id: Ie3f5bf60cba2b68e255dc602b3c5dc55d570c4df Signed-off-by: Hao Zhang <Hao.Zhang@analog.com> (cherry picked from commit 9509e1b)
Use PSA crpyto for MCUBoot, this commit enable this feture Change-Id: I289f03ac88fea4ca4fbafe8607d4dc5c6e8fe1fb Signed-off-by: Gowri Ramshankar <Gowri.Ramshankar@analog.com> (cherry picked from commit 6afbbd8)
Enable the initial attestation partition in the configuration file for the ADI MAX32657 target. Boot measurements are needed for initial attestation. Measurements are part of the shared data between boot and runtime. The static buffer size used by mbedtls for its allocations has been increased - to resolve the attestation testcase failure due to insufficient memory. Note: This configuration could not be changed from zephyr or within the TF-M platform configurations. The size might be an issue upstream. The issue has been notified to the TF-M community. Increase MBEDTLS static buffer size within platform directory The static buffer size used by MBEDTLS is increased from within the platform directory instead of altering the small profile configuration. Co-authored-by: Sadik Ozer <sadik.ozer@analog.com> Change-Id: I3ed73ca6df52bd8d4655b1ca2e5ee09ba223c6e0 Signed-off-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> (cherry picked from commit 9089b67)
Add UART driver for MAX32657, it is a shim driver that filled with hal_adi call functions Co-authored-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> Co-authored-by: Hao Zhang <Hao.Zhang@analog.com> Co-authored-by: Tanmaya Mishra <Tanmaya.Mishra@analog.com> Change-Id: I651058f11288efdcabbb7a7ae46ea0530dd47ed5 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit d014530)
Add MPC driver for MAX32657, it is referred to arm mpc sie200 driver Co-authored-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> Co-authored-by: Tanmaya Mishra <Tanmaya.Mishra@analog.com> Co-authored-by: Sadik Ozer <sadik.ozer@analog.com> Change-Id: I5834c0414bbcc1eff5c7d249b2d412fc3f8c85bc Signed-off-by: Hao Zhang <Hao.Zhang@analog.com> (cherry picked from commit eb55261)
This commit defines secure non-secure peripheral & memory regions Co-authored-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> Co-authored-by: Hao Zhang <Hao.Zhang@analog.com> Co-authored-by: Tanmaya Mishra <Tanmaya.Mishra@analog.com> Change-Id: I26f9fc9d9e7ae4474c62f03ad5a0e40fd3bb0089 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit 37abe21)
This commit added NS support to able to execute zephyr regression tests. MAX32657 supports small profile for now. CONFIG_TFM_PROFILE_TYPE_SMALL=y -- -------- NS TEST Configuration -------------------- -- TEST_NS_ATTESTATION OFF -- TEST_NS_CRYPTO ON -- TEST_NS_ITS ON -- TEST_NS_PS OFF -- TEST_NS_QCBOR OFF -- TEST_NS_T_COSE OFF -- TEST_NS_PLATFORM OFF -- TEST_NS_FWU OFF -- TEST_NS_IPC OFF -- TEST_NS_FLIH_IRQ OFF -- TEST_NS_MULTI_CORE OFF -- TEST_NS_MANAGE_NSID OFF -- TEST_NS_SFN_BACKEND ON -- TEST_NS_FPU OFF -- --------------------------------------------------- Added UART here to get test output. To build it, tf-m-tests shall be added in west file: west config manifest.project-filter -- +tf-m-tests west update Change-Id: Ie60b62e83c59cec00f1ad197b3249ee7c7d89205 Signed-off-by: Hao Zhang <Hao.Zhang@analog.com> (cherry picked from commit 4ae67f6)
Hal platform file requires to get ns entry point, vtor and code start address. This commit add these features. Co-authored-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> Co-authored-by: Hao Zhang <Hao.Zhang@analog.com> Change-Id: Ib45a0562c42730efb91a94b528b2e83bb8596dba Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit 8877329)
Enable ICC for MAX32657 ICC cache only accessibly by secure world. Change-Id: I11b2e25bec3a46bed68b96e1d9a5888fbaf869aa Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit cfdc11b)
Implement hal isolation layer as per of existing implementation and tfm requirement Co-authored-by: Jayashree Srinivasan <Jayashree.Srinivasan@analog.com> Co-authored-by: Hao Zhang <Hao.Zhang@analog.com> Co-authored-by: Tanmaya Mishra <Tanmaya.Mishra@analog.com> Change-Id: I8c8d5a6ecdfb8eeb1fb7dd21a830b46eea1dceb3 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit 915c0c9)
We intend to use FP in our own NSPE application but the TF-M SPE services that we enable do not require FP. CONFIG_TFM_ENABLE_CP10CP11 detail: Make FPU and MVE operational when SPE and/or NSPE require FPU or MVE usage. This alone only enables the coprocessors CP10-CP11, whereas CONFIG_TFM_FLOAT_ABI=hard along with CONFIG_TFM_ENABLE_FP, CONFIG_TFM_ENABLE_MVE or CONFIG_TFM_ENABLE_MVE_FP compiles the code with hardware FP or MVE instructions and ABI. Change-Id: Ifb8cdefcc05fb2a856593d2fb128a95f1c6f66ec Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit fab0109)
There is one UART on MAX32657, it is need to be used by NS and S world depend on the test. This commit adds related flag to switch UART between S and NS world Change-Id: I990866c846ffa0aa7d2100dbb2f09172ff454dc4 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit 881f7e3)
Enable system reset request only to the secure world that triggered via NVIC_SystemReset function. Change-Id: I53457fba66a7c3aaec7524bda58f588f2f68fad3 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit 037bcfd)
To enable ER_CODE_SRAM section in linker file define
SRAM_CODE_START and SIZE. Size set as 1KB, this allow to store
ramfunctions in SRAM
Flash driver function stored in .flashprog in hal layer so that
S_RAM_CODE_EXTRA_SECTION_NAME defined.
.map output
.ER_CODE_SRAM 0x000000003000fc00 0x3b8 load address 0x0000000011012a20
*libflash_drivers*:(SORT_BY_ALIGNMENT(.text*))
*libflash_drivers*:(SORT_BY_ALIGNMENT(.rodata*))
*(.ramfunc)
*(.flashprog)
.flashprog 0x000000003000fc00 0x58 platform/libplatform_s.a(flc_me30.o)
0x000000003000fc00 MXC_FLC_Busy
0x000000003000fc04 MXC_FLC_PageErase
0x000000003000fc28 MXC_FLC_Write128
.flashprog 0x000000003000fc58 0x11c platform/libplatform_s.a(flc_common.o)
0x000000003000fc58 MXC_FLC_Com_VerifyData
0x000000003000fc7c MXC_FLC_Com_Write
0x000000003000fd6a MXC_FLC_Com_Read
.flashprog 0x000000003000fd74 0x218 platform/libplatform_s.a(flc_reva.o)
0x000000003000fdb4 MXC_FLC_RevA_Busy
0x000000003000fdc4 MXC_FLC_RevA_MassErase
0x000000003000fe04 MXC_FLC_RevA_PageErase
0x000000003000fe46 MXC_FLC_RevA_Write32
0x000000003000fea4 MXC_FLC_RevA_Write32Using128
0x000000003000ff2c MXC_FLC_RevA_Write128
Change-Id: I9bc4b99602dc3b13c19faaec52c2e23211b8e959
Signed-off-by: Sadik Ozer <sadik.ozer@analog.com>
(cherry picked from commit b21f209)
ADI BootRom secure mode currently uses floating point registers and set FPCA bit. ADI TF-M would ensure FPCA bit is cleared before jumping to NS Change-Id: Ibe3c2adfe54cb13353c77b4827b279816d9e19bc Signed-off-by: Hao Zhang <Hao.Zhang@analog.com> (cherry picked from commit cc6354c)
MAX32657 firmware need to have a header and signature section to it be interpreted and validated by BootROM Change-Id: I1d96deda795048ec96b5028c352a6078afde5d79 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit 574cf79)
…32657
By using PLATFORM_DEFAULT_PROVISIONING user can provision device by its secret key
If PLATFORM_DEFAULT_PROVISIONING flag been OFF
platform/ext/common/provision_bundle will be build
that include test key, user can set related item with their private values.
This bundle can be loaded to SRAM and executed there.
If -DPLATFORM_DEFAULT_PROVISIONING=OFF and -DTFM_DUMMY_PROVISIONING=ON then the keys in
the tf-m/platform/ext/target/common/provisioning/provisioning_config.cmake and the
default MCUBoot signing keys will be used for provisioning.
If -DPLATFORM_DEFAULT_PROVISIONING=OFF and -DTFM_DUMMY_PROVISIONING=OFF are set
then unique values can be used for provisioning. The keys and seeds can be changed by
passing the new values to the build command, or by setting the -DPROVISIONING_KEYS_CONFIG flag
to a .cmake file that contains the keys. An example config cmake file can be seen at
tf-m/platform/ext/target/common/provisioning/provisioning_config.cmake.
Otherwise new random values are going to be generated and used. For the image signing
the ${MCUBOOT_KEY_S} and ${MCUBOOT_KEY_NS} will be used. These variables should point to
.pem files that contain the code signing private keys. The public keys are going to be generated
from these private keys and will be used for provisioning. The hash of the public key is going to
be written into the provisioning_data.c automatically.
Change-Id: I9d54c76ccc3e1adc20ecf4047351d9c19b3d256f
Signed-off-by: Sadik Ozer <sadik.ozer@analog.com>
(cherry picked from commit 5c0ffdb)
This commit adds/updates related file for MAX32657 documentations Change-Id: I5ff357ef35b0a3e7e31b0ae127f90803d3c6f397 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit 89f8f96)
TESA stands for Trusted Edge Security Architecture. This commit download ADI TESA-Toolkit repository which includes binaries (that used to sign image) provisioning scripts and keys. MAX32657 has Secure Boot ROM which used to authenticite user second layer firmware for TF-M case second layer is MCUBoot. If SecureBoot ROM been activated MCUBoot need to be signed to be validated by ADI Secure BootROM. Set BL1=ON if you would like to enable Secure Boot ROM on device The MCUBoot will be signed during build if BL1 be ON bin2hex.py scripts is used to convert bl2_signed.bin to bl2_signed.hex it comes from https://github.com/python-intelhex/intelhex Change-Id: Ibb858515397ffc1d649f1cdc2c4660eba597d702 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit b6d24df)
Move HAL layer files under hal_adi.cmake to simplify maintanence Change-Id: I511549147cbb05f926073710466fc4f2ed8dd057 Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit b3025d0)
Add configuration flags to define peripherals ownerships either secure or non-secure Remove ICE_IRQn and ECC_IRQn fron NS due to this peripherals not accessible by NS world User can configure peripheral ownership over s_ns_access_overlay.cmake file. This file need to be defined in the project folder root folder. On default NS world control all peripheral. As an example to transfer gpio and timer0 on the secure world write below lines in the overlay file. ... set(ADI_NS_PRPH_GPIO0 OFF) set(ADI_NS_PRPH_TIMER0 OFF) ... s_ns_access_overlay.cmake file must be defined in the project workspace root folder. Change-Id: I37ab37ef600043707cc88aac046e4c3ce8ff903f Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> (cherry picked from commit 1bd0c2d)
…4L series Update nrf5l_init to enable DCDC during startup. LDO is not supported and therefore causes larger power consumption. Change-Id: I9a6dc928259895ed8b54c99aff9974ce1a13896e Signed-off-by: Dag Erik Gjørvad <dag.erik.gjorvad@nordicsemi.no> (cherry picked from commit 76c6c1d)
The function nordicsemi_nrf54l_init was intented to be used only for builds outside of sdk-nrf. This was not the case, the weak attribute used here doesn't seem to have any effect and this function was used for all builds. To overcome this make sure that this function is not included for sdk-nrf builds. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Change-Id: I0f7a92db95363cf8c0b1d3e9f198675de0705d3b (cherry picked from commit 721d636)
Align common files. Change-Id: I73509382d31476f88c20dee42fde4de6126f565d Signed-off-by: Marcin Szymczyk <marcin.szymczyk@nordicsemi.no> (cherry picked from commit 8ff947d)
…factor Align with changes needed for nrfx 4.0. Refactor to use nrfx layer instead of HAL. Change-Id: Ibbffe2c2e27ea98ac08e0e23f4c33603c04fe5ea Signed-off-by: Marcin Szymczyk <marcin.szymczyk@nordicsemi.no> (cherry picked from commit f07f10b)
Add WiFi mpc and spu configuration in target_cfg_71, as it is isolated in nrf7120/soc.c. Change-Id: Ifbfe70bad6b78b1b2f780c903a5f1a68d0c7ed1e Signed-off-by: Travis Lam <travis.lam@nordicsemi.no> (cherry picked from commit 7458a95)
add missing spim21 tfm interrupt handler Change-Id: I32e82d9d1db671fddaaa318c7b089c92a7eff4b8 Signed-off-by: Travis Lam <travis.lam@nordicsemi.no> (cherry picked from commit 5271e8f)
nrfx_config from nrfx's templates can be used. Change-Id: I5f532376ef0c9c73ec19b3933685a644a35a9c19 Signed-off-by: Marcin Szymczyk <marcin.szymczyk@nordicsemi.no> Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no> (cherry picked from commit 863c713)
Update error codes. Change-Id: I492f82cfb777a5acfac536ae5e647ed8b7a61df3 Signed-off-by: Marcin Szymczyk <marcin.szymczyk@nordicsemi.no> Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no> (cherry picked from commit c2d19e0)
Use nrfx 4.0.1 release. Change-Id: I838d1ece8bd5ba248e421334bdd6a140d5fc9a6c Signed-off-by: Nikodem Kastelik <nikodem.kastelik@nordicsemi.no> Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no> (cherry picked from commit 72196e4)
Update platform_ns to use correct names for startup files. Add in required includes to work with new startup files. Change the startup files to be linked as PRIVATE since they don't need to be PUBLIC. Make sure that the __Vectors symbol is retained when the TF-M tests are being built because it is used by the tfm_common_ns.ld linker script. Change-Id: I34f28a5e5273819084bf7e95c8827d73472703b7 Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> (cherry picked from commit 9087c85)
Update board name from nrf7120pdk to nrf7120dk to align with naming to be used in other repositories. Change-Id: I2b12154e3a881533358c17d06aafdac11dc3bb50 Signed-off-by: Robert Robinson <robert.robinson@nordicsemi.no> (cherry picked from commit d13870f)
When a debugger with secure debug enabled is attached and performs stack unwinding (e.g., backtrace), it may read garbage addresses from the stack. These reads trigger MPC MEMACCERR events, disrupting debugging. To get around this accesses to memory addresses that do not exist on a given device are ignored as long as secure debugging is enabled. Change-Id: Ifa4eae67bc2c25c5e27eadba7d629f120bccef60 Signed-off-by: Dag Erik Gjørvad <dag.erik.gjorvad@nordicsemi.no> (cherry picked from commit 9d3c399)
TF-M checks if p256-m is available during build time using MBEDCRYPTO_PATH which is set to the TF-M repo to use custom Mbed TLS cmake configurations, but this means the script can not be found. But as Mbed TLS software crypto is not used anyway we can hardcode p256-m to be disabled. Ref: NCSDK-28740 Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no> Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
…nifest This commit is [nrf noup] because I would like to user-test this for a few months in case of unintended side-effects before upstreaming. In the TF-M build scripts we run the manifest tool twice, first from CMake and then from ninja. It is bad practice to configure CMake projects like this. Instead, if configuration from CMake is necessary, one should configure from CMake only, and then re-run CMake when necessary, not just the command. This organization has been causing problems for our users as they have been required to rebuild TF-M twice. This is due to this scenario playing out: CMake generates config_impl.cmake by invoking the manifest tool at Configure time. CMake generates build.ninja. Ninja generates config_impl.cmake by invoking the manifest tool at build time. When the user then invokes ninja a second time config_impl.cmake will be newer than build.ninja. But CMake is supposed to be includ'ing config_impl.cmake, so build.ninja is now considered out-of-date wrt. config_impl.cmake. ninja therefore invokes CMake again, and then ninja afterwards. Ref: NCSDK-28740 Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
There are multiple headers which exist in the Oberon PSA core and
in TF-M. At the same time some of these headers include other headers
with quotes "" which means that the folder include order doesn't have
any effect.
Instead of relying to the include order of the folders remove the
duplicate files from TF-M since these are not/should not be used.
I removed them with a bash command, just in case is needed:
for i in $(find $PATH_TO_OBERON/include/psa -name "*.h" -printf "%f\n")
do
rm $TFM_PATH/interface/include/psa/$i
done
Ref: NCSDK-33148
Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
This is noup commit as upstream TF-M relies on the mbed TLS PSA Core hat does not support the PAKE API's according to 1.2 at the moment. Once this exists then this can be up streamed, or removed if TF-M adds it themself. Added PAKE API support accoding the PSA crypto spec 1.2 Ref: NCSDK-22416 Ref: NCSDK-28740 Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no> Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
Allows custom key-loader to be used for the PSA core and allows configuring CMAC KDF usage for PS. noup-reason: PSA_ALG_SP800_108_COUNTER_CMAC is not available in upstream. After testing and verifying the solution (determining if we need further changes) we should try to upstream this. Ref: NCSDK-28740 Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no> Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This commit adds support for externally built PSA core in TF-M by checking for the CMake variable (cached) PSA_CRYPTO_EXTERNAL_CORE. By setting this define, then a platform-target file called external_core.cmake as well as external_core_install.cmake is called to allow for the following: - Early include of necessary replacement include folders - Support for using generated configuration files for TF-M build -This commit also tries to make psa_crypto_config and psa_crypto_library_config linked in first to ensure that certain folders are included as early as possible in the build Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no> Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
-The macro ARRAY_LENGTH is defined without checking if there is already a definition. This commit can be reverted once the proposed fix is handled upstream -This fixes ARRAY_LENGTH in s_io_sorage_tests.c Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This adds MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS and PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY to tfm_psa_rot_partition_crypto Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
…nce. Add an option to send the log output from the secure firmware on a UART instance that would be shared with the non-secure application. This option is added where the number of UART instances is limited and the application only cares about the receiving the TF-M log on fatal errors. To allow this option to be enabled the log is disabled in the boot process before the non-secure application is started. It is enabled again when an unrecoverable exception has occurred in the secure firmware. Here is an abandoned upstream PR (with some of the fixes): https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25905 Note: This has removed any information about cherry-picked items as this is not valid since it is combining efforts form multiple commits Ref: NCSDK-18595 Ref: NCSDK-28740 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no> Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
Adjust CRYPTO_HW_ACCELERATOR build scripts to also support nrf_security. Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no> Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no> Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
The Oberon PSA core provides these two functions: psa_key_derivation_verify_key psa_key_derivation_verify_bytes TF-M is not aware of the Oberon PSA core and it seems that the core that they use doesn't provide these functions at all. So instead of the usual logic of prefixing the PSA core functions with the mbedcrypto__ prefix it skipped these. We cannot skip the prefixing because the Oberon PSA core implements these and thus we will get multiple definitions errors. Ref: NCSDK-33148 Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
The TF-M build system retrieves the latest tag to figure out the TF-M version. It ends up being wrong because in some cases we don't have the latest tags from upstream For example for TF-M 2.1.2 the latest tag was TF-Mv2.1.0, probably because between the two versions upmerges have been done with cherry picks instead of upstream tag merging. Completely stop relying on the tags and only use TFM_VERSION_MANUAL as the version. This fixes the TF-M version printed on boot. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
TFM_CRYPTO depends on TFM_INTERNAL_TRUSTED_STORAGE_SERVICE. This means it is not possible to not use ITS. This is changed to a weak dependency to make it possible to support using crypto without ITS. This is a noup as it is not possible to do this change upstream. There are platforms upstream that depend on this dependency. Signed-off-by: Dag Erik Gjørvad <dag.erik.gjorvad@nordicsemi.no>
Add the tfm_platform_system_off APIs in a similar manner as the existing tfm_platform_system_reset. This API should enable implementations to allow setting the TF-M to the lowest power mode using their own HAL APIs. Right now this will work for isolation level 1 (SFN mode). In the IPC mode there is a need for better TF-M support for this. There is a discussion with the TF-M owners to add logic to TF-M so that it can inform all the partitions in order to make sure that it is safe to go to system off mode. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
…dic boards Remove the FLPR reserved non-volatile and volatile memory for all Nordic boards since it is not yet supported with TF-M. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Change-Id: I6bb513d52a55b9571e10392b567b9b77a686d79b (cherry picked from commit 9dc8a38)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…dic boards
Remove the FLPR reserved non-volatile and volatile memory for all Nordic boards since it is not yet supported with TF-M.
Change-Id: I6bb513d52a55b9571e10392b567b9b77a686d79b (cherry picked from commit 9dc8a38)