Split the zephyr project maintained repository trusted-firmware-m into
forks of the individual upstream repositories.
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git
Upstream: TF-Mv1.4.1
Additions:
zephyr: module: Add zephyr module file
trusted-firmware-m: platform: lpcxpresso55s69: Update SDK
https://git.trustedfirmware.org/TF-M/tf-m-tests.git
Upstream: 51ff2bdfae043f6dd0813b000d928c4bda172660
Additions:
zephyr: module: Add module file for tf-m-tests
https://github.com/ARM-software/psa-arch-tests.git
Upstream: 60faad2ead1b967ec8e73accd793d3ed0e5c56bd
Additions:
zephyr: module: Add module file for psa-arch-tests
psa-arch-tests: Allow overriding of toolchain file
The organization of folders remain the same with the following
exceptions:
Moved:
root folder moved from modules/tee/tfm to modules/tee/tf-m to avoid
problems with west update.
zephyr/module.yml to trusted-firmware-m/zephyr/module.yml and
${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR} points to what was previously
${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/trusted-firmware-m.
Added:
psa-arch-tests/zephyr/module.yml and ${ZEPHYR_PSA_ARCH_TESTS_MODULE_DIR}
tf-m-tests/zephyr/module/ and ${ZEPHYR_TF_M_TESTS_MODULE_DIR}
Removed:
init-git.sh
README.rst
Fixes: #39353
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Move to CMake 3.20.0.
At the Toolchain WG it was decided to move to CMake 3.20.0.
The main reason for increasing CMake version is better toolchain
support.
Better toolchain support is added in the following CMake versions:
- armclang, CMake 3.15
- Intel oneAPI, CMake 3.20
- IAR, CMake 3.15 and 3.20
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Some devicetre overlays do not reflect the recent rename to make NS
variants of boards with TF-M support have more consistent names; fix
it.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
We add a test variant in tfm_ipc test, to validate the
scenario where TF-M is built without BL2 (MCUboot). We
test this on QEMU only (MPS2 AN521).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Due to changes in flash_layout.h for STM32L562, in the current
TF-M module update, we need to modify the DTS overlay files in
the TF-M samples where the board is supported.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Switch to calling the sys_arch_reboot() API directly,
instead of going through the generic sys_reboot API.
This is to avoid locking the IRQs before the reset is
called, which is breaking the PSA call execution.
Also, align sample code to use the same secure service
(platform reset) to show case the PSA connect and close
APIs, instead of a random one (since the reset service
has to work to ultimately perform the system reset).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the NS board variant from
`nrf9160dk_nrf9160ns` to `nrf9160dk_nrf9160_ns`
to maintain consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit updates the NS board variant from
`nrf5340dk_nrf5340_cpuappns` to `nrf5340dk_nrf5340_cpuapp_ns`
to maintain consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit update the NS board variant from
`v2m_musca_s1_nonsecure` to `v2m_musca_s1_ns` to maintain
consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit update the NS board variant from
`v2m_musca_b1_nonsecure` to `v2m_musca_b1_ns` to maintain
consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit update the NS board variant from `mps2_an521_nonsecure`
to `mps2_an521_ns` to maintain consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit update the NS board variant from `bl5340_dvk_cpuappns`
to `bl5340_dvk_cpuapp_ns` to maintain consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
The README.rst in `samples/tfm_integration/tfm_ipc` was incorrectly
referring to `psa_level_1`. README.rst has been updated to refer to
`tfm_ipc` example.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@linaro.org>
The AUDIT_LOG partition cannot be used in TF-M builds
with the IPC mode (CONFIG_TFM_IPC=y); we have added a
relevant dependency for this. So we can cleanup the
CONFIG_TFM_PARTITION_AUDIT_LOG=n from the configuration
files of the samples.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update overlay file for nucleo_l552ze_q_ns board,
since now the sample does not enable REGRESSION,
and thus regular TF-M flash layout for the board
is used.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Removes the dependency on the external test service from the
CONFIG_TFM_REGRESSION_S test suite, instead
demonstrating how to make direct IPC calls to the CRYPTO
service that is available as a part of standard TF-M builds.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
Instead of exposing publicly the TF-M NS interface include
directories, we include them when we build relevant projects.
This is required, as the TF-M include directories contains
psa crypto sources that are also provided by the mbedtls
crypto module. The downside of this solution is that the
TF-M includes need to be added explicitly in each application
that uses TF-M APIs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add new kconfigs
Include the ns-app built by TF-M build system for regression tests
Update tfm_ipc sample to use new kconfig
Signed-off-by: Andreas Vibeto <andreas.vibeto@nordicsemi.no>
To allow using TFM NS interface without enabling
CMSIS_RTOS V2 support. And to allow using TFM NS
code that uses logging.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Rename lib.
Disable AUDIT_LOG in regression sample because of a bug upstream.
Update stm32l562e_dk_ns overlay.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
This commit enables the TF-M IPC sample application on stm32l562e_dk
board.
It provides device tree flash partition as an overlay in order to
configure and flash the bl2, secure/non secure firmwares.
Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
Now that we have consolidated tf-m signing, the combined
binary is always named tfm_merged, so we need to modify
the QEMU targets in the tfm-integration samples.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Remove missing printout, and add the last line of printout.
Note that it's not possible to run this on hardware using Twister as of
now, since west flash will not flash tfm_s.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Musca-S1 is a Cortex-M33 based SoC. It's similar to the
Musca-B1, but among other things the embedded flash has
been replaced with embedded MRAM (eMRAM) memory.
The Musca-S1 files have been created based on the Musca-B1
SoC and board files.
Add the Musca-S1 board to the list of allowed platforms
for the TF-M integration examples.
Change-Id: I4f517d28d0a5b8c4a3fc3fab73adb5519acfc3c2
Signed-off-by: David Vincze <david.vincze@linaro.org>
Remove the DTS overlay files for nRF5340 DK and PDK,
since the SRAM partition changes are matching the
default SRAM partitioning in these boards.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add Kconfig options that will be used by the module
to call the function with the desired parameters.
Refactor the tfm_integration samples and
the supported boards.
Update west.yml to bring in Cmake changes that use the new KConfigs.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Make it easier to add TF-M in an app by selecting and implying the
necessary configs so the app doesn't have to specify the configs itself.
Remove unneeded configs from the prj.conf files in the tfm samples.
Also, fix case in key file name.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Add support for nRF5340 DK in the TF-M integration
samples (nrf5340dk_nrf5340_cpuappns build target).
Add the required DTS overlays needed for the samples
to build and run successfully.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add nucleo_l552ze_q_ns board to the allowed list of platforms
for the tfm_ipc sample. This allows the sample to be built for
the nucleo_l552ze_q_ns platform by sanity check.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add documentation on how to build and run the TF-M integration
samples on nRF platforms.
The arm-none-eabi-gcc does not need to be on the PATH anymore
for building and running the tfm_ipc sample on nucleo so remove
the note from the sample docs.
Fix some paths for TFM binaries for the LPC board as well.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adapts the DTS overlay for nucleo_l552ze_q_ns
board, to comply with the changes applied in the flash
layout of the TF-M build.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Changes required in TF-M integration samples CMakeLists.txt
files due to the new upstream TF-M build system. In brief,
configuration related to PSA API (IPC), Regression, and
Isolation level needs to be passed, now, directly, not
via invoking a given TF-M CMake configuration.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Adding support for TF-M in the Nordic nRF9160 DK.
Allow the TF-M integration samples to be built and
executed for nRF9160 DK.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
TF-M related information in the relevant board definitions
needs to be updated in the wake of the new TF-M Build
system.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Provide device tree flash partition in order to configure
and flash non secure binary.
Flash partitioning depends on TFM configuration and use case,
so it is provided as an overlay in the sample it is used.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Configure build variable BL2 depending on board configuration. BL2 is
set to True by default. BL2 enabled building TFM with MCUboot.
Signed-off-by: Andrei Gansari <andrei.gansari@nxp.com>
This commit adds the signing commands and the configuration required
to build a non secure image for a nucleo_l552ze_q.
Signed-off-by: Nolwenn Violette <nolwenn.violette01@st.com>
Joakim Andersson