Move to CMake 3.20.0.
At the Toolchain WG it was decided to move to CMake 3.20.0.
The main reason for increasing CMake version is better toolchain
support.
Better toolchain support is added in the following CMake versions:
- armclang, CMake 3.15
- Intel oneAPI, CMake 3.20
- IAR, CMake 3.15 and 3.20
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
This commit adds a high-level overview of Trusted Firmware-M,
describing the basic architecture and integration work with Zephyr.
Co-authored-by: Marti Bolivar <marti.bolivar@nordicsemi.no>
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
Some devicetre overlays do not reflect the recent rename to make NS
variants of boards with TF-M support have more consistent names; fix
it.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
We add a test variant in tfm_ipc test, to validate the
scenario where TF-M is built without BL2 (MCUboot). We
test this on QEMU only (MPS2 AN521).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Due to changes in flash_layout.h for STM32L562, in the current
TF-M module update, we need to modify the DTS overlay files in
the TF-M samples where the board is supported.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
NS regression tests are hanging on qemu for AN521. The problem is
present in the upstream project as well (issue is filed) so disable
the tests for now on QEMU.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Switch to calling the sys_arch_reboot() API directly,
instead of going through the generic sys_reboot API.
This is to avoid locking the IRQs before the reset is
called, which is breaking the PSA call execution.
Also, align sample code to use the same secure service
(platform reset) to show case the PSA connect and close
APIs, instead of a random one (since the reset service
has to work to ultimately perform the system reset).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit updates the NS board variant from
`nrf9160dk_nrf9160ns` to `nrf9160dk_nrf9160_ns`
to maintain consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit updates the NS board variant from
`nrf5340dk_nrf5340_cpuappns` to `nrf5340dk_nrf5340_cpuapp_ns`
to maintain consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit update the NS board variant from
`v2m_musca_s1_nonsecure` to `v2m_musca_s1_ns` to maintain
consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit update the NS board variant from
`v2m_musca_b1_nonsecure` to `v2m_musca_b1_ns` to maintain
consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit update the NS board variant from `mps2_an521_nonsecure`
to `mps2_an521_ns` to maintain consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
This commit update the NS board variant from `bl5340_dvk_cpuappns`
to `bl5340_dvk_cpuapp_ns` to maintain consistency across zephyr.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
Include the lpcxpresso55s69_ns board to the list of platforms
that support running the sample for the TF-M regression tests.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Removing the CONFIG_TEST=y setting from the TF-M
integration samples prj.conf. TEST does not need
to be enabled in these samples.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The README.rst in `samples/tfm_integration/tfm_ipc` was incorrectly
referring to `psa_level_1`. README.rst has been updated to refer to
`tfm_ipc` example.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@linaro.org>
The example in folder `samples/tfm_integration/psa_level_1` contains
code that demonstrate usage of PSA crypto APIs in Zephyr rather than the
PSA levels. Therefore renaming the sample as `psa_crypto`.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@linaro.org>
This commit extends the psa_level_1 sample's use of the PSA
Cryptography 1.0 API to demonstrate the following functionality:
- Generate a persistent key (secp256r1)
- Display the public key based on the private key above
- Calculates the SHA256 hash of a payload
- Signs the hash with the persistent key
- Verifies the signature using the public key
- Destroys the key
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
The AUDIT_LOG partition cannot be used in TF-M builds
with the IPC mode (CONFIG_TFM_IPC=y); we have added a
relevant dependency for this. So we can cleanup the
CONFIG_TFM_PARTITION_AUDIT_LOG=n from the configuration
files of the samples.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update overlay file for nucleo_l552ze_q_ns board,
since now the sample does not enable REGRESSION,
and thus regular TF-M flash layout for the board
is used.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Removes the dependency on the external test service from the
CONFIG_TFM_REGRESSION_S test suite, instead
demonstrating how to make direct IPC calls to the CRYPTO
service that is available as a part of standard TF-M builds.
Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
Instead of exposing publicly the TF-M NS interface include
directories, we include them when we build relevant projects.
This is required, as the TF-M include directories contains
psa crypto sources that are also provided by the mbedtls
crypto module. The downside of this solution is that the
TF-M includes need to be added explicitly in each application
that uses TF-M APIs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit allows a subsystem to specify additional CMake flags to be
given to the TF-M build.
The additional CMake flags can be provided through the TFM_CMAKE_OPTIONS
property on the zephyr_property_target.
Using the zephyr_property_target allows Zephyr modules to append extra
TFM_CMAKE_OPTIONS regardless of the CMake processing order.
It splits the ExternalProject_Add into a two step process with the CMake
invocation executed using add_custom_target() and the build process
using ExternalProject_Add(). The reason for this split is because CMake
generator expressions passed through ExternalProject_Add to CMake will
quoted so that `$<TARGET_PROPERTY:<tgt>,<prop>>` becomes
`"-DFOO=bar -DBAR=foo"` instead of `-DFOO=bar -DBAR=foo` which again
results in CMake failures.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
TF-M NS interface is initialized by the TF-M module
code, so it does not need to be re-initialized in the
sample code.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add new kconfigs
Include the ns-app built by TF-M build system for regression tests
Update tfm_ipc sample to use new kconfig
Signed-off-by: Andreas Vibeto <andreas.vibeto@nordicsemi.no>
Add nucleo_l552ze_q_ns boards to the list of platforms
that can build and run the psa_level1 tf-m integration
sample. We add a dts overlay as well.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We do not need to force TFM Isolation Level 2 for the
STM32 board that can build with TM-M. We remove the
respective Kconfig setting. We also remove the Kconfig
overlay for STM32L562 board in the psa_level1 sample,
which was used for forcing Isolation Level 1; this is
not needed any more.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
To allow using TFM NS interface without enabling
CMSIS_RTOS V2 support. And to allow using TFM NS
code that uses logging.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Rename lib.
Disable AUDIT_LOG in regression sample because of a bug upstream.
Update stm32l562e_dk_ns overlay.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
This commit enables the TF-M IPC sample application on stm32l562e_dk
board.
It provides device tree flash partition as an overlay in order to
configure and flash the bl2, secure/non secure firmwares.
Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
Now that we have consolidated tf-m signing, the combined
binary is always named tfm_merged, so we need to modify
the QEMU targets in the tfm-integration samples.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Place the new signing code in the TFM module CMakeLists.txt.
Make some small tweaks and add a sentence to the docs.
In the process, make a few changes to the signing code:
- Change some names of files created.
- Minimize the number of files created.
- Use hex files instead of bin files. This is so we don't need to know
the offset when creating hex files from bin files.
Also add signing for MCUBOOT_IMAGE_NUMBER=1 based on the code from the
v2m_musca_b1 board, though, this board does not build with =1 now
because of (I assume) some flash aliasing which places the S and NS
images 0x10000000 apart, where the manual algorithm places them next to
each other. It builds with =2, though.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Remove missing printout, and add the last line of printout.
Note that it's not possible to run this on hardware using Twister as of
now, since west flash will not flash tfm_s.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Musca-S1 is a Cortex-M33 based SoC. It's similar to the
Musca-B1, but among other things the embedded flash has
been replaced with embedded MRAM (eMRAM) memory.
The Musca-S1 files have been created based on the Musca-B1
SoC and board files.
Add the Musca-S1 board to the list of allowed platforms
for the TF-M integration examples.
Change-Id: I4f517d28d0a5b8c4a3fc3fab73adb5519acfc3c2
Signed-off-by: David Vincze <david.vincze@linaro.org>
Add a section about executable files produced by the build, as well as
how to access them.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Remove the DTS overlay files for nRF5340 DK and PDK,
since the SRAM partition changes are matching the
default SRAM partitioning in these boards.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Torsten Rasmussen