[nrf noup] secure_fw: platform: Add system off service #212
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix a path issue with the non secure application config.cmake file. The config.cmake for nRF54L10 and nRF54L15 is the same. To avoid duplicating the file the config.cmake is placed in a common nrf54l folder and it is included by each platforms config.cmake files. This doesn't work for the non secure application because the path does not exist. To fix that install to the non secure application the common file directly. Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: I36d6bed5d1f2a71ed12f9004485accfcbca1b0d6 (cherry picked from commit 51352be0fde5b1d318bbe26ab03c08227542f399)
…urity In nRF54L series the GPIOTE peripheral has user selectable security configuration. In addition to this the GPIOTE channels and interrupts can have separate security configuration. This change adds the option to make the GPIOTE20 and GPIOTE30 secure peripherals and to set a mask which defines which channels and interrupts should be configured as secure. Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: Ia4422506b0c9af70da252262bcdc205ac8829511 (cherry picked from commit 4331b1ad1243caac9c3f4d7ce5a2af7f7cbc4ed1)
Fix the use of the aad_size struct parameter in Nordic's ITS encryption HAL. In addition, fix the remaining use of add/add_size as parameter names in the ITS partition code. Change-Id: I0fe22f1d7b3e97a67a9d1fbaa3b1158f559272bb Signed-off-by: Tomi Fontanilles <[email protected]> (cherry picked from commit 77aabb76e4bb1cfa13d1caf913e8335a489d3540)
Fix a broken link in the maintainers file. Change-Id: Ia3865e36edec3c00893785e4729d4f7937eeb57b Signed-off-by: Tomi Fontanilles <[email protected]> (cherry picked from commit 9c27b32bcebb37fe887b2e89584c9fc16bd4bd1c) Cherry picking this commit from the release/2.1.x branch to fix a documentation build error. This is because the Zephyr fork has cherry picks from this branch. This cherry pick should be dropped when updating to TF-M 2.3. Signed-off-by: Tomi Fontanilles <[email protected]>
This is a partial cherry pick of the commit with the following details in upstream TF-M: Platform: Improve tfm_plat_provisioning_is_required signature Change-Id: I5a35dd477d3f017401d147cf99d07f1537373ac9 The commit brings many changes but here I only picked the changes that affect the target_cfg.c file of the Nordic platforms. This is done as preparation work so that I can sync the target_cfg.c file in the upstream repo and here and thus I can cleanly cherry pick subsequent commits from the upstream repo cleanly. This noup commit will be dropped in the upmerge that pulls the upstream commit 29993b89f4c75bd824fe1dd5115f58f3d3c5b056. Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Tomi Fontanilles <[email protected]>
…nt platforms This splits the target_cfg.c file for the different platfoms. It splits the file into two files one for the nRF54L and one for the nRF91/nRF53 series. There is no need for the peripherals to be in the same file as the configuration code. There is already a header which provides extern definitions for all the peripherals a device supports which can be used for for source files needing to configure peripherals. So this peripheral definitions are placed in a separate file. Most of the code is taken unchanged from the target_cfg.c file and the uneeded ifdefs got removed. The init_debug function got rewritten without changing the logic of it. Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: I19071727061b8952e3abbae20dd182c822234427 (cherry picked from commit 37e8dc47d4eb4aa0c0b905f80be5272aafbd9fa2)
TF-M checks if p256-m is available during build time using MBEDCRYPTO_PATH which is set to the TF-M repo to use custom Mbed TLS cmake configurations, but this means the script can not be found. But as Mbed TLS software crypto is not used anyway we can hardcode p256-m to be disabled. Ref: NCSDK-28740 Signed-off-by: Sebastian Bøe <[email protected]> Signed-off-by: Markus Swarowsky <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]>
…nifest This commit is [nrf noup] because I would like to user-test this for a few months in case of unintended side-effects before upstreaming. In the TF-M build scripts we run the manifest tool twice, first from CMake and then from ninja. It is bad practice to configure CMake projects like this. Instead, if configuration from CMake is necessary, one should configure from CMake only, and then re-run CMake when necessary, not just the command. This organization has been causing problems for our users as they have been required to rebuild TF-M twice. This is due to this scenario playing out: CMake generates config_impl.cmake by invoking the manifest tool at Configure time. CMake generates build.ninja. Ninja generates config_impl.cmake by invoking the manifest tool at build time. When the user then invokes ninja a second time config_impl.cmake will be newer than build.ninja. But CMake is supposed to be includ'ing config_impl.cmake, so build.ninja is now considered out-of-date wrt. config_impl.cmake. ninja therefore invokes CMake again, and then ninja afterwards. Ref: NCSDK-28740 Signed-off-by: Sebastian Bøe <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]>
There are multiple headers which exist in the Oberon PSA core and
in TF-M. At the same time some of these headers include other headers
with quotes "" which means that the folder include order doesn't have
any effect.
Instead of relying to the include order of the folders remove the
duplicate files from TF-M since these are not/should not be used.
I removed them with a bash command, just in case is needed:
for i in $(find $PATH_TO_OBERON/include/psa -name "*.h" -printf "%f\n")
do
rm $TFM_PATH/interface/include/psa/$i
done
Ref: NCSDK-33148
Signed-off-by: Georgios Vasilakis <[email protected]>
This is noup commit as upstream TF-M relies on the mbed TLS PSA Core hat does not support the PAKE API's according to 1.2 at the moment. Once this exists then this can be up streamed, or removed if TF-M adds it themself. Added PAKE API support accoding the PSA crypto spec 1.2 Ref: NCSDK-22416 Ref: NCSDK-28740 Signed-off-by: Markus Swarowsky <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]>
Allows custom key-loader to be used for the PSA core and allows configuring CMAC KDF usage for PS. noup-reason: PSA_ALG_SP800_108_COUNTER_CMAC is not available in upstream. After testing and verifying the solution (determining if we need further changes) we should try to upstream this. Ref: NCSDK-28740 Signed-off-by: Vidar Lillebø <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]>
-This commit adds support for externally built PSA core in TF-M by checking for the CMake variable (cached) PSA_CRYPTO_EXTERNAL_CORE. By setting this define, then a platform-target file called external_core.cmake as well as external_core_install.cmake is called to allow for the following: - Early include of necessary replacement include folders - Support for using generated configuration files for TF-M build -This commit also tries to make psa_crypto_config and psa_crypto_library_config linked in first to ensure that certain folders are included as early as possible in the build Signed-off-by: Frank Audun Kvamtrø <[email protected]> Signed-off-by: Georgios Vasilakis <[email protected]>
-The macro ARRAY_LENGTH is defined without checking if there is already a definition. This commit can be reverted once the proposed fix is handled upstream -This fixes ARRAY_LENGTH in s_io_sorage_tests.c Signed-off-by: Frank Audun Kvamtrø <[email protected]>
-This adds MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS and PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY to tfm_psa_rot_partition_crypto Signed-off-by: Frank Audun Kvamtrø <[email protected]>
…nce. Add an option to send the log output from the secure firmware on a UART instance that would be shared with the non-secure application. This option is added where the number of UART instances is limited and the application only cares about the receiving the TF-M log on fatal errors. To allow this option to be enabled the log is disabled in the boot process before the non-secure application is started. It is enabled again when an unrecoverable exception has occurred in the secure firmware. Here is an abandoned upstream PR (with some of the fixes): https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25905 Note: This has removed any information about cherry-picked items as this is not valid since it is combining efforts form multiple commits Ref: NCSDK-18595 Ref: NCSDK-28740 Signed-off-by: Joakim Andersson <[email protected]> Signed-off-by: Markus Swarowsky <[email protected]> Signed-off-by: Sebastian Bøe <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]>
Signed-off-by: Georgios Vasilakis <[email protected]>
Adjust CRYPTO_HW_ACCELERATOR build scripts to also support nrf_security. Signed-off-by: Sebastian Bøe <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> Signed-off-by: Markus Swarowsky <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]> Signed-off-by: Tomi Fontanilles <[email protected]>
The Oberon PSA core provides these two functions: psa_key_derivation_verify_key psa_key_derivation_verify_bytes TF-M is not aware of the Oberon PSA core and it seems that the core that they use doesn't provide these functions at all. So instead of the usual logic of prefixing the PSA core functions with the mbedcrypto__ prefix it skipped these. We cannot skip the prefixing because the Oberon PSA core implements these and thus we will get multiple definitions errors. Ref: NCSDK-33148 Signed-off-by: Georgios Vasilakis <[email protected]>
The TF-M build system retrieves the latest tag to figure out the TF-M version. It ends up being wrong because in some cases we don't have the latest tags from upstream For example for TF-M 2.1.2 the latest tag was TF-Mv2.1.0, probably because between the two versions upmerges have been done with cherry picks instead of upstream tag merging. Completely stop relying on the tags and only use TFM_VERSION_MANUAL as the version. This fixes the TF-M version printed on boot. Signed-off-by: Tomi Fontanilles <[email protected]>
This reverts commit 5206a41. This change does not work with NRF devices. The issue is that this changes the target which contains the startup files. Before it was the tfm_ns and this made it to platform_ns. This does't work with NRF devices, after this change the startup files are compiled multiple times and for some unknown reason one of the compilication doesn't work and produces an .o file which is not an object file. This needs further investigation, so I opened a task to investigate further: NCSDK-35302 I reverted the commit to unblock the current upmerge process. Signed-off-by: Georgios Vasilakis <[email protected]>
Update the Nordic USART functions to accept other miscellaneous control commands apart from the mode control ones. This makes the USART functions for Nordic platforms to acept the CONTROL_TX and CONTROL_RX commands as well. The sdtio_init function uses the ARM_USART_CONTROL_TX command which used to fail for Nordic platforms before but the return code of the control function was never checked. Recently this changed and it now checks for the return code which makes the Nordic platform failing to boot so this change is necessary. Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: I65b0884338df924dbec3783421779d64ceaaf741
Add initial support for nrf54lv10a This is based upon the existing nrf54l series of targets Update startup_nrf54l and target_cfg_54l to support this Change-Id: I0dc11ca4cb39485d29bf595dacc41c3ee6383cdd Signed-off-by: Dag Erik Gjørvad <[email protected]> (cherry picked from commit 291f2f3)
lv10 should use uart20 as the secure uart. Update configurations to reflect this Change-Id: Ic4d5bce62fc810dc5d3f313ff1a34d456c4d5ccd Signed-off-by: Dag Erik Gjørvad <[email protected]> (cherry picked from commit a062098)
UART should not be force set for 54l devices. This to support user selecting which UARTs are secure. Change-Id: Ic4fffe748476b85e2e6758d92d687ec36b179e3e Signed-off-by: Dag Erik Gjørvad <[email protected]> (cherry picked from commit ee47c91)
Newer Nordic devices use different UARTS. Update to also clean these. Upstream PR: 42554 Change-Id: I880bae2708f3cf28f52961ac459296255f52c7e3 Signed-off-by: Dag Erik Gjørvad <[email protected]>
TFM_CRYPTO depends on TFM_INTERNAL_TRUSTED_STORAGE_SERVICE. This means it is not possible to not use ITS. This is changed to a weak dependency to make it possible to support using crypto without ITS. This is a noup as it is not possible to do this change upstream. There are platforms upstream that depend on this dependency. Signed-off-by: Dag Erik Gjørvad <[email protected]>
The RRAM size of the nRF54L10 platform is 1012 Kb and not 1022 Kb so update the flash layout accordingly. Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: I72ab05c3a7b0356408bbc0969fcb848718d67806 (cherry picked from commit 1a5763737453286783dcb4cb164193b2974675a1)
nrf-squash! [nrf noup] build: fix TF-M version Fixes an issue where the TFM_VERSION was not set because the return() statement exited early. This removes all the logic from the unused logic from the version.cmake since it is irrelevant. Signed-off-by: Georgios Vasilakis <[email protected]>
The 31755 changes modified profile_definition from 32 to 48 bytes in the platform/ext/common/template/flash_otp_nv_counters_backend.h file. This change moved fields that are necessary to perform a an image upgrade. The issue is visible only when upgrading from an old image (without the changes) to a new one or vice versa. This means that TF-M 2.1.1 do not allow upgrade/downgrade to TF-M 2.2.0 or newer. This revert the change to allow migration from Zephyr 3.7.1 LTS to newer images like 4.2.0. More details from the change can be visualized in: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/31755 Upstream TF-M PR: 42130 Change-Id: Ib01b798c1c1819ccdbc9fbf71a9535f0212afdb6 Signed-off-by: BUDKE Gerson Fernando <[email protected]>
Add the tfm_platform_system_off APIs in a similar manner as the existing tfm_platform_system_reset. This API should enable implementations to allow setting the TF-M to the lowest power mode using custom their own HAL APIs. Right now this will work for isolation level 1 (SFN mode). In the IPC mode there is a need for better TF-M support for this. There is a discussion with the TF-M owners to add logic to TF-M so that it can inform all the partitions in order to make sure that it is safe to go to system off mode. Signed-off-by: Georgios Vasilakis <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add the tfm_platform_system_off APIs in a similar manner as the existing tfm_platform_system_reset. This API should enable implementations to allow setting the TF-M to the lowest power mode using custom their own HAL APIs.
Right now this will work for isolation level 1 (SFN mode). In the IPC mode there is a need for better TF-M support for this. There is a discussion with the TF-M owners to add logic to TF-M so that it can inform all the partitions in order to make sure that it is safe to go to system off mode.