88 lines
3.3 KiB
ReStructuredText
88 lines
3.3 KiB
ReStructuredText
Trusted Firmware-M Integration
|
|
##############################
|
|
|
|
The Trusted Firmware-M (TF-M) section contains information about the
|
|
integration between TF-M and Zephyr RTOS. Use this information to help
|
|
understand how to integrate TF-M with Zephyr for Cortex-M platforms and make
|
|
use of its secure run-time services in Zephyr applications.
|
|
|
|
Board Definitions
|
|
*****************
|
|
|
|
TF-M will be built for the secure processing environment along with Zephyr if
|
|
the :kconfig:`CONFIG_BUILD_WITH_TFM` flag is set to ``y``.
|
|
|
|
Generally, this value should never be set at the application level, however,
|
|
and all config flags required for TF-M should be set in a board variant with
|
|
the ``_ns`` suffix.
|
|
|
|
This board variant must define an appropriate flash, SRAM and peripheral
|
|
configuration that takes into account the initialisation process in the secure
|
|
processing environment. :kconfig:`CONFIG_TFM_BOARD` must also be set via
|
|
`modules/trusted-firmware-m/Kconfig.tfm <https://github.com/zephyrproject-rtos/zephyr/blob/main/modules/trusted-firmware-m/Kconfig.tfm>`__
|
|
to the board name that TF-M expects for this target, so that it knows which
|
|
target to build for the secure processing environment.
|
|
|
|
Example: ``mps2_an521_ns``
|
|
==========================
|
|
|
|
The ``mps2_an521`` target is a dual-core Arm Cortex-M33 evaluation board that,
|
|
when using the default board variant, would generate a secure Zephyr binary.
|
|
|
|
The optional ``mps2_an521_ns`` target, however, sets these additional
|
|
kconfig flags that indicate that Zephyr should be built as a
|
|
non-secure image, linked with TF-M as an external project, and optionally the
|
|
secure bootloader:
|
|
|
|
* :kconfig:`CONFIG_TRUSTED_EXECUTION_NONSECURE` ``y``
|
|
* :kconfig:`CONFIG_ARM_TRUSTZONE_M` ``y``
|
|
|
|
Comparing the ``mps2_an521.dts`` and ``mps2_an521_ns.dts`` files, we can see
|
|
that the ``_ns`` version defines offsets in flash and SRAM memory, which leave
|
|
the required space for TF-M and the secure bootloader:
|
|
|
|
::
|
|
|
|
reserved-memory {
|
|
#address-cells = <1>;
|
|
#size-cells = <1>;
|
|
ranges;
|
|
|
|
/* The memory regions defined below must match what the TF-M
|
|
* project has defined for that board - a single image boot is
|
|
* assumed. Please see the memory layout in:
|
|
* https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/ext/target/mps2/an521/partition/flash_layout.h
|
|
*/
|
|
|
|
code: memory@100000 {
|
|
reg = <0x00100000 DT_SIZE_K(512)>;
|
|
};
|
|
|
|
ram: memory@28100000 {
|
|
reg = <0x28100000 DT_SIZE_M(1)>;
|
|
};
|
|
};
|
|
|
|
This reserves 1 MB of code memory and 1 MB of RAM for secure boot and TF-M,
|
|
such that our non-secure Zephyr application code will start at 0x10000, with
|
|
RAM at 0x28100000. 512 KB code memory is available for the NS zephyr image,
|
|
along with 1 MB of RAM.
|
|
|
|
This matches the flash memory layout we see in ``flash_layout.h`` in TF-M:
|
|
|
|
::
|
|
|
|
* 0x0000_0000 BL2 - MCUBoot (0.5 MB)
|
|
* 0x0008_0000 Secure image primary slot (0.5 MB)
|
|
* 0x0010_0000 Non-secure image primary slot (0.5 MB)
|
|
* 0x0018_0000 Secure image secondary slot (0.5 MB)
|
|
* 0x0020_0000 Non-secure image secondary slot (0.5 MB)
|
|
* 0x0028_0000 Scratch area (0.5 MB)
|
|
* 0x0030_0000 Protected Storage Area (20 KB)
|
|
* 0x0030_5000 Internal Trusted Storage Area (16 KB)
|
|
* 0x0030_9000 NV counters area (4 KB)
|
|
* 0x0030_A000 Unused (984 KB)
|
|
|
|
``mps2/an521`` will be passed in to Tf-M as the board target, specified via
|
|
:kconfig:`CONFIG_TFM_BOARD`.
|