We do not need to force TFM Isolation Level 2 for the
STM32 board that can build with TM-M. We remove the
respective Kconfig setting. We also remove the Kconfig
overlay for STM32L562 board in the psa_level1 sample,
which was used for forcing Isolation Level 1; this is
not needed any more.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
On STM32L5 based boards, rework the TFM build/flash instructions
to minimize potential confusions.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Added support for RNG for nucleo_l552ze_q board, and updated
the document.
Tested with sample entropy project.
Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
This commit removes the signing commands from the post build steps,
in order to leverage the consolidated TFM signing code.
Also with the support to adjust the hex base address when signing,
there is no need to run the TFM_UPDATE.sh script. We can use west
flash to flash the merged hex file on the board.
Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
CORTEX_M_SYSTICK is enabled by default on all STM32 based targets,
in common soc Kconfig files.
Forcing its definition in board files is redundant and prevents
to disable it when activating LPTIM as ticker.
Remove these definitions
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
This commit moves TFM CMakeLists.txt into Zephyr and relocates the
Kconfig.tfm file under the modules/tfm folder.
Updates the manifest to point to related TFM changes.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
for the signing procedures for boards an521, nrf5340, nrf9160,
nucleo_l552ze_q, and musca_b1.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
The bug on TFM that prevented to enable MPU on NS side is
fixed on TFM current version.
MPU can now be safely enabled on NS target.
Fixes: #27809
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Add Kconfig options that will be used by the module
to call the function with the desired parameters.
Refactor the tfm_integration samples and
the supported boards.
Update west.yml to bring in Cmake changes that use the new KConfigs.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Following migration of pinctrl configuration from pinmux.c files
to device tree and deprecation of pinctrl defines, remove
pinmux.c files when possible.
Additionally remove the CMakeLists.txt files when it makes sense.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Pass the compiler name and path to the TF-M post-build
script as an argument, so the TF-M build can work with
the Zephyr SDK as well (not only with the GNU ARM embedded
toolchain.)
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update the TF-M post-build scripts in the relevant
ARM platforms in the wake of updating TF-M to the
latest upstream.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
TF-M related information in the relevant board definitions
needs to be updated in the wake of the new TF-M Build
system.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Provide device tree flash partition in order to configure
and flash non secure binary.
Flash partitioning depends on TFM configuration and use case,
so it is provided as an overlay in the sample it is used.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Enable HW stack protection by default on all STM32 when possible.
This excludes all series based on M0(FO) and M0+(G0/L0).
Also this is made only on boards with enabled MPU (SRAM > 64K).
Cf similar change on nRF boards: #28470
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
We only need to offset the start of the non-secure image
by 0x400, if TFM is built with BL2 support. In this case
we use the ROM_START_OFFSET Kconfig switch and we set it
to 0x400, which is the default BL2 Header size value in
TF-M builds. This instructs the linker to offset the beginning
of the ROM section by 0x400. In other words, we do not need
to statically move the start of the image by 0x400 (using
FLASH_BASE_ADDRESS or FLASH_LOAD_OFFSET) when building for
nucleo_l552ze_q 'non-secure'. This fixes an issue that
prevents from running Zephyr + TFM without BL2 support.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
This commit adds the signing commands and the configuration required
to build a non secure image for a nucleo_l552ze_q.
Signed-off-by: Nolwenn Violette <nolwenn.violette01@st.com>
This commit adds a second target for the nucleo_l552ze_q board.
The non secure target is configured for TFM applications.
Signed-off-by: Nolwenn Violette <nolwenn.violette01@st.com>
In order to avoid pin configuration conflicts between peripherals,
add CONFIG_SERIAL flag to for each serial pinmux configuration.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Several reviewers agreed that DT_HAS_NODE_STATUS_OKAY(...) was an
undesirable API for the following reasons:
- it's inconsistent with the rest of the DT_NODE_HAS_FOO names
- DT_NODE_HAS_FOO_BAR_BAZ(node) was agreed upon as a shorthand
for macros which are equivalent to
DT_NODE_HAS_FOO(node) && DT_NODE_HAS_BAR(node) &&
- DT_NODE_HAS_BAZ(node), and DT_HAS_NODE_STATUS_OKAY is an odd duck
- DT_NODE_HAS_STATUS(..., okay) was viewed as more readable anyway
- it is seen as a somewhat aesthetically challenged name
Replace all users with DT_NODE_HAS_STATUS(..., okay), which is
semantically equivalent.
This is mostly done with sed, but a few remaining cases were done by
hand, along with whitespace, docs, and comment changes. These special
cases include the Nordic SOC static assert files.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
Use MSI as PLL source. This enables to run system clock at 110MHz.
To achieve this, voltage regulator should be set to scale 0.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Ioannis Glaropoulos