boards: st: nucleo_u5a5zj_q: Introduce TF-M support #94875
Draft
+2,721
−258
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The S and NS shares the extermal NOR memory. This extracts the external NOR partition definitions from b_u585i_iot02a-common.dtsi and move to b_u585i_iot02a.dts to allow NS software defined their own external partition layout. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
This brings many tf-m patches related to stm32 SoCs. It sync stm32 with the vendor mainline patches and add all the necessary pieces to allow STM32U5Axxx SoC work with TF-M. The patch list can be checked in: zephyrproject-rtos/trusted-firmware-m#145 In addition, redesign the b_u585i_iot02a flash partitions. The current b_u585i_iot02a NS flash layout difficult the development of large applications. Since there is an external NOR memory which is already supported by tf-m, this proposes a layout reconfiguration which allows bigger bootloader, S and NS software. With this redesign the overlay in the tests can be safely removed. This new layout is synced with TF-M 2.1.1 mainline, see: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/41126 The bootloader BL2 now will fetch FOTA content from the external memory. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
Reorder the TFM_BOARD by vendor name for better clarity. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
The mps2/an521/cpu0/ns define flash layouts in tf-m to allow CONFIG_TFM_MCUBOOT_IMAGE_NUMBER be 1 or 2. In the Zephyr project when building the samples the value selected is 2. The layout changes are necessary to allow use the --max-sectors options when signing the images. It ensures that flash layout is respected. To allow this the compatible "soc-nv-flash" was added in the reserved memory and the fixed-partitions were defined. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
This excludes the mps3/corstone300/an547/ns from psa tests becuase QEMU does not model the QSPI flash in MPS3 boards as real QSPI flash, but only as simple ROM, so attempting to rewrite the flash from the guest will fail. See more details in: zephyrproject-rtos#94470 (comment) Signed-off-by: BUDKE Gerson Fernando <[email protected]>
The mps3/foo/ns define flash layouts in tf-m to allow CONFIG_TFM_MCUBOOT_IMAGE_NUMBER be 1 or 2. In the Zephyr project when building the samples the value selected is 2. The layout changes are necessary to allow use the --max-sectors options when signing the images. It ensures that flash layout is respected. To allow this the compatible "soc-nv-flash" was added in the reserved memory and the fixed-partitions were defined. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
The external partitions are defined dependent from S and NS images. This move the external partitions from common to the S image. The NS image will be defined in future to allow correct usage of MCUboot. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
The parritions from the stm32l562e_dk/stm32l562xx/ns board is not align with tf-m. This fixes the partition alignment. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
The current version of TF-M script that sign MCUboot image uses a default alignment of 1. This value varies between flash devices and not all accept the default 1. This improve the script picking the write-block-size property from the current flash controller and pass as the --align parameter when signing an image. Note: This solution works out-of-box for the vast majority of devices in the Zephyr tree and an exception will throw when a device is not supported. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
The --max-sectors will helps to catch problems with flash overlap when merging images. If there is a missalignment from flash partitions usually the merge process will fail. This pick information from zephyr flash partitions and flash controller to automatically determine the max sectors value and apply it when singing an image. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
The current behaviour when signing an image is to set always --pad and --pad-header for all images unless TFM_USE_NS_APP is set. This does not allow easy creation of a signed image for FOTA applications. Rewrite the PAD parameter into HEADER and TRAILER to easy setup more signing options. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
The current behaviour from signing an image add --pad but do not confirm the image. This seems to be a mistake because user should inspect in the Firmware Upgrade software the image status. This means that if an image is not --confirmed the FSM can not infer correct states. This set the image as confirmed to fix this issue. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
Make variable that define output files explicity quote HEX in the name. This is a refactor step to allow introduce BIN files out generation. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
One fundamental use of trusted-firmware-m is to allow IoT applications to have security and the firmware upgrade FOTA is almost 100% mandatory in these applications. The current state of files signing process do not produce the necessary binaries to use with multi image S/NS FWU once the hex images are not suitable for this use case. This introduces the missing signed binaries files to be used by FWU partition. The changes were tested in multi image FWU scenarios and single image can be easily extended in the future. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
Use cmake_parse_arguments() to be more idiomatic. This make the code more readable and make it easier to add new options. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
Add note about BL2 (MCUboot) signing updates when board is build as TF-M NS. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
The USB is a peripheral that can be used by S and NS images. This move USB node from S to common dtsi file. The same it is not valid about random functions. In the S image the random can be enabled but for NS image the random MUST come from PSA API. Signed-off-by: BUDKE Gerson Fernando <[email protected]>
Signed-off-by: BUDKE Gerson Fernando <[email protected]>
Signed-off-by: BUDKE Gerson Fernando <[email protected]>
|
The following west manifest projects have changed revision in this Pull Request:
⛔ DNM label due to: 1 project with PR revision Note: This message is automatically posted and updated by the Manifest GitHub Action. |
github-actions
bot
added
manifest
manifest-trusted-firmware-m
DNM (manifest)
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduce the TF-M support in the nucleo_u5a5zj_q board. It proposes an out-of-tree development reference without a board inside TF-M mainline. It shows how to customize all the keys and otp_provision allowing FOTA.
Core dependency:
FOTA dependencies: