[noup] nordic_nrf: 54l Add UARTE defines to peripherals config #153
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adjust CRYPTO_HW_ACCELERATOR build scripts to also support nrf_security. Signed-off-by: Sebastian Bøe <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit c136210) (cherry picked from commit 3834117) Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 2bdad64) Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: Ied8e378ef55fe398ea4e45f65b3c270e9e9cd030 Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit 5903966) Signed-off-by: Markus Swarowsky <[email protected]>
Replaces usage of mbedtls_hkdf with PSA Crypto API. Noup: This is essentially the same functionality as in change I41ea9cb2af6627aa7ed3a8454898d16d4b5d6306 from upstream, that can't be cleanly cherry-picked since the code has been refactored. Signed-off-by: Vidar Lillebø <[email protected]> (cherry picked from commit 2ff3fdd) Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: Ib4bcea3f9b7ea2676b612a20b226a8ae6118bb9b Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit ac52dba) Signed-off-by: Markus Swarowsky <[email protected]>
The MDK for nRF9120 used in the nRF9161 target doesn't define the Secure FPU as it doesn't exist, but for other platforms like the 9160 it has a dummy define, with an UNUSED field in the type. The long plan is to get this fixed in the MDK but until then, to make the nrfxlib 3.1.0 update possible this tempfix is applied. Ref: NCSDK-23046 Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: I44042ee9aada99c59a5930440306bb6c40ae4880 (cherry picked from commit 6ad9c58) Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit a489e9f) Signed-off-by: Markus Swarowsky <[email protected]>
…nstance. Add an option to send the log output from the secure firmware on a UART instance that would be shared with the non-secure application. This option is added where the number of UART instances is limited and the application only cares about the receiving the TF-M log on fatal errors. To allow this option to be enabled the log is disabled in the boot process before the non-secure application is started. It is enabled again when an unrecoverable exception has occurred in the secure firmware. NCSDK-18595 upstream PR: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25905 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 19403a8) Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 54af7a2) Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: I65e33f48bd7c6334d04b528c28e8b2d4a3331d0d Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit 8f000f6) Signed-off-by: Markus Swarowsky <[email protected]>
…RT0 instance Add support for selecting which UART instance to use as the secure UART instance. The supported options are UART0 and UART1. Add support for the secure UART instance being shared with the non-secure application. The UART instance is configured as non-secure after it has been uninitialized, and configured as secure when it is initialized again on a fatal error. NCSDK-18595 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit b2346e8) Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 97224b0) Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: I2da826ec4817143ece52baeceaab14999f0d2d96 Signed-off-by: Markus Swarowsky <[email protected]> (cherry picked from commit d2a1b89) Signed-off-by: Markus Swarowsky <[email protected]>
…um profile Disable the cipher crypto module in small, medium and medium-arotless profile. There is no algorithm for this module enabled in the mbedcrypto configuration header for these profiles. Change-Id: Ief1d38a984824c0e746ecbf9b1fe1a8483dba91b Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit e5e8150) Signed-off-by: Markus Swarowsky <[email protected]>
… and keys checks Add missing PSA defined algorithms and keys checks. The checks only covered supported algorithms in mbedtls. However mbedtls supports accelerated PSA crypto support through the psa crypto driver wrappers, which can support additional algorithms and key types. This fixes build error when enabling ECDH key agreement algorithm without enabling any other key derivation algorithms. Change-Id: Ic609d7ac58b7341316d0a071e5229ea9980fafab Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit a527aef) Signed-off-by: Markus Swarowsky <[email protected]>
…o context
Add an API, `tfm_exception_info_get_context()`, which can be used to
retrieve exception info from the exception_info module.
This option is added allow for platform specific handling logic -- for
example, saving the exception info to a non-volatile storage medium
for postmortem analysis.
Change Highlights:
* Moved `struct exception_info_t` from `exception_info.c` to
`exception_info.h`
* Defined `tfm_exception_info_get_context()` which exposes access to
the static scope `exception_info` struct from exception_info.h
Signed-off-by: Chris Coleman <[email protected]>
Change-Id: I635ef2cc79bf5221300064a3a2813d504f62d46a
Signed-off-by: Joakim Andersson <[email protected]>
(cherry picked from commit 9dd58c9)
Signed-off-by: Markus Swarowsky <[email protected]>
…ters Change exception handler to use system registers instead of handler provided information to provide active exception information to the exception information handler. This frees up one register argument to the store and dump function. Change-Id: I70a29438fd5ac0bad6945588c5ae7431cd66d060 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 90e0c06) Signed-off-by: Markus Swarowsky <[email protected]>
…ormation Store the callee saved registers in the exception information logging. We store the current exception frame, which has the registers of the caller saved registers when the exception occurs, but the callee saved register information is lost during the exception handling. This provides us with an incomplete picture of the state at the time the exception occurred. Change-Id: I3d15f9eccf1aa8c2c1b99e75e38229ab82420f36 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit dbdcfa0) Signed-off-by: Markus Swarowsky <[email protected]>
Move the SPU fault handling to only dump fault information on UART when TFM_EXCEPTION_INFO_DUMP is enabled. Store the exception info for later retrieval as the SPU handler clears the events. Change-Id: I3da12c30dc845e81e8725c687aefb498c82c90d7 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 7eace88) Signed-off-by: Markus Swarowsky <[email protected]>
Unify the target configuration header, the target configuration source has already been unified. Change-Id: I23e3b47ac8e80fb5e54a24660fbb4e8313f54c78 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 7316fe1) Signed-off-by: Markus Swarowsky <[email protected]>
…ation Refactor peripheral SPU configuration to use peripheral ID instead of address. Remove helper function that is only used once. Refactor peripheral SPU init configuration to be a loop over an array of peripheral IDs. This is done to save flash-usage of this function. Change-Id: If22956dcc791dcee4cddc3715edc65af8bafad58 Signed-off-by: Joakim Andersson <[email protected]> (cherry picked from commit 8f8929b) Signed-off-by: Markus Swarowsky <[email protected]>
If MBEDTLS_P256M_ENABLED is not set then do not add the compile definitions and includes to the target upstream PR:https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/26339 Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: I1bd8fda71e6c3fa90acc79c31bf967e60ac42e3a Signed-off-by: Markus Swarowsky <[email protected]>
Move CMake code for adding a startup file into common code. This improves portability. https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25902 Signed-off-by: Sebastian Bøe <[email protected]> Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: Ic59d3d01744eae3bb2ef2e0175a5294f7269c610 (cherry picked from commit 0f3bed474c9eabfe4423de27ee85ee26ca6a7d41) Signed-off-by: Markus Swarowsky <[email protected]>
The MBEDTLS_PSA_CRYPTO_CONFIG_FILE gets already defined in the mbedtls_common target and is included in the nrf-config.h file. TF-M adds the compile definition again, causing a redefined warning when building Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: Idd813911f6886da279c16bcd8b81d07039a4db50
[nrf fromlist] because this was cherry-picked from https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25904/1 Document FlashInfo fields. NB: I found this commit was missing from the TF-M upmerge branch. I don't know how it went missing. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I9f92711edd754f7972a36baba2cd5c8e2675b03a Signed-off-by: Markus Swarowsky <[email protected]>
[nrf fromlist] because this was cherry-picked from https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25899/2 Remove unused driver functions. We are currently implementing several functions that TF-M is not using. This is bad practice as they are untested and may therefore be unreliable if TF-M were to start to use them. They also bloat the size of the binary and have a code maintenance cost. It would be better to implement the functions when they become used. NB: I found this commit was missing from the TF-M upmerge branch. I don't know how it went missing. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: Icd7df7caa38ea890742b4b70118d642b196c4d71 Signed-off-by: Markus Swarowsky <[email protected]>
[nrf fromlist] because this was cherry-picked from https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25903/1 Remove the function ARM_Flash_Uninitialize is it is only used in BL1 and BL2 integration and nordic is not compatible with BL1 or BL2. It is bad practice to have an unused function available as it is untested and may therefore be unreliable if TF-M were to start to using it. It also bloats the size of the binary and has a code maintenance cost. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I319b13b916e78f7692fab23a4f542877b8484bcb Signed-off-by: Markus Swarowsky <[email protected]>
We added the option for sharing a UART instance for the secure and non-secure application. To do that we have to call stdio_uninit from the secure side in order to configure the UART as non-secure. This was done before but got dropped with the latest update. Change-Id: Ic65ab61ba22b59b893f96e1c63f7e2f8da61c45b
The spu_peripheral_config_(non_)secure calls takes the ID of the peripheral as the argument and not the register address. Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: I2546cd8e4ed4c09c742911bd0807f732de335f7c
TF-M checks if P256M is available during build time using MBEDCRYPTO_PATH which is set to the TF-M repo to use custom mbed TLS cmake configurations, but this means the script can not be found. But as mbed TLS software crypto is not used anyway we can hardcode P256M to be disabled. Signed-off-by: Markus Swarowsky <[email protected]> Change-Id: I94fde1f41e3493e840823cae284256176a364863 Signed-off-by: Markus Swarowsky <[email protected]>
Add support for 54l Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I3574d73222dd23d202e5259a863f2e1b4b001739
…nifest This commit is [nrf noup] because I would like to user-test this for a few months in case of unintended side-effects before upstreaming. In the TF-M build scripts we run the manifest tool twice, first from CMake and then from ninja. It is bad practice to configure CMake projects like this. Instead, if configuration from CMake is necessary, one should configure from CMake only, and then re-run CMake when necessary, not just the command. This organization has been causing problems for our users as they have been required to rebuild TF-M twice. This is due to this scenario playing out: CMake generates config_impl.cmake by invoking the manifest tool at Configure time. CMake generates build.ninja. Ninja generates config_impl.cmake by invoking the manifest tool at build time. When the user then invokes ninja a second time config_impl.cmake will be newer than build.ninja. But CMake is supposed to be includ'ing config_impl.cmake, so build.ninja is now considered out-of-date wrt. config_impl.cmake. ninja therefore invokes CMake again, and then ninja afterwards. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: Icef588479d27fa3a172b40b09eacad417922fba5
This is noup commit as upstream TF-M relies on the mbed TLS PSA Core hat does not support the PAKE API's according to 1.2 at the moment. Once this exists then this can be up streamed, or removed if TF-M adds it themself. Added PAKE API support accoding the PSA crypto spec 1.2 Ref: NCSDK-22416 Change-Id: Ie3254db411e21b0d9408ca1c81f74917be2e632f Signed-off-by: Markus Swarowsky <[email protected]>
Add missing SPU functions for nRF54L15. SPU support in nrfx seems limited at the moment for nRF54L15 and this is a workaround. That's a noup because we expect to revert it when support is more mature. Ref: NCSDK-26277 Signed-off-by: Georgios Vasilakis <[email protected]>
This reverts commit a22fef3. Signed-off-by: Andrzej Głąbek <[email protected]>
Following APIs are in psa/crypto.h hence they need to be linkable by partitions/applications: * psa_key_derivation_input_integer * psa_key_derivation_verify_bytes * psa_key_derivation_verify_key Only psa_key_derivation_input_integer is currently implemented by Mbed TLS 3.5.0 as the PSA Crypto backend hence it's the only one requiring full plumbing from interface through service up to the Crypto backend library call. Signed-off-by: Summer Qin <[email protected]> Change-Id: I69f262e5a95e04935c8bec05b0b6b509f4b65ad4 (cherry picked from commit cec79b0) Signed-off-by: Vidar Lillebø <[email protected]>
Please check the advisory document for details. Signed-off-by: Anton Komlev <[email protected]> Change-Id: I3fc948c948379e5a36cc577bdbac7c5f7a2c3d1e Ref: NCSDK-26942 (cherry picked from commit e6f5d8c) Signed-off-by: Markus Swarowsky <[email protected]>
fromlist: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/27311 It is supported to disable PS_ENCRYPTION, but when one tries to do so you get a compilation error because ps_object_defs.h is using encryption symbols unconditionally. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: Iebfc88ada9ccc45152224108cd8530de331ef1c5
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Improve MPC configuration documentation. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I191ca14ba8a6880217cc740a77ea2806af1e0d61 Signed-off-by: Markus Swarowsky <[email protected]> diff --git a/platform/ext/target/nordic_nrf/common/core/target_cfg.c b/platform/ext/target/nordic_nrf/common/core/target_cfg.c index fa1a8eda6..66929256a 100644 --- a/platform/ext/target/nordic_nrf/common/core/target_cfg.c +++ b/platform/ext/target/nordic_nrf/common/core/target_cfg.c @@ -963,10 +963,30 @@ enum tfm_plat_err_t nrf_mpc_init_cfg(void) /* On 54l the NRF_MPC00->REGION[]'s are fixed in HW and the * OVERRIDE indexes (that are useful to us) start at 0 and end * (inclusive) at 4. + * + * Note that the MPC regions configure all volatile and non-volatile memory as secure, so we only + * need to explicitly OVERRIDE the non-secure addresses to permit non-secure access. + * + * Explicitly configuring memory as secure is not necessary. + * + * The last OVERRIDE in 54L is fixed in HW and exists to prevent + * other bus masters than the KMU from accessing CRACEN protected RAM. + * + * Note that we must take care not to configure an OVERRIDE that + * affects an active bus transaction. + * + * Note that we don't configure the NSC region to be NS because + * from the MPC's perspective it is secure. NSC is only configurable from the SAU. + * + * Note that OVERRIDE[n].MASTERPORT has a reasonable reset value + * so it is left unconfigured. + * + * Note that there are two owners in 54L. KMU with owner ID 1, and everything else with owner ID 0. */ - uint32_t index = 0; - /* Configure the non-secure partition of the non-volatile + uint32_t index = 0; + /* + * Configure the non-secure partition of the non-volatile * memory. This MPC region is intended to cover both the * non-secure partition in the NVM and also the FICR. The FICR * starts after the NVM and ends just before the UICR. @@ -1001,13 +1021,8 @@ enum tfm_plat_err_t nrf_mpc_init_cfg(void) tfm_core_panic(); } - /* TODO: NCSDK-25050: Review configuration. Any other addresses we need to override? */ - /* Note that we don't configure the NSC region to be NS because it is secure */ - /* Note that OVERRIDE[n].MASTERPORT has a reasonable reset value - * so it is left unconfigured. - */ return TFM_PLAT_ERR_SUCCESS; }
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Lock and disable any unused MPC overrides to prevent malicious configuration. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I1956f113012d6b67100d814a52d7ce1490663953
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Adds handling of MPC and SPC errors. Signed-off-by: Vidar Lillebø <[email protected]>
…e base addr Refactor spu_peripheral_config to use base addresses instead of IDs as future platforms will need the base address to identify which spu instance to use. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: Ife60d1e76adffeb62f5ad32e0a85da8cfa467203
…resses fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Refactor spu_peripheral_config to use base addresses instead of IDs as future platforms will need the base address to identify which spu instance to use. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: Ife60d1e76adffeb62f5ad32e0a85da8cfa467203
…tances Add driver function. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: Ib1e442a54d599c4e42e74903d49920f24e9d8ec9
Port spu_peripheral_config to also support the new API. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I1763874ce74ad39cbf0ef256ef8edc669038d226
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Configure pins as secure on 54L. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: Id50ef81807c5109c01ed6405376f3cfa882c66e0
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Delete dead code in target_cfg.c. It is redundant with the memset. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I96ffb4002d70a08c827d47fe87ae938b57731f0c
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Refactor UART security configuration to use spu_peripheral_config_secure. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I00d21c4401fa7c67d51eaf14804c992262c73710
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Configure misc. peripherals as Secure. See the code for which peripherals and why. Signed-off-by: Sebastian Bøe <[email protected]> Change-Id: I3cf4f42d5d3bc0aa4dc266e0c1d8035ad69372a1
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Due to dependencies problems between the ITS and crypto partitions refactoring the ITS encryption interface to use the HUK library and the cracen driver directly. Signed-off-by: Markus Swarowsky <[email protected]>
…ecure Dont configure the volatile memory controller as a non-secure peripheral (cherry picked from commit c670a6a) Change-Id: I2489defaf6deb89beba7447ba079ea3e5afebca5 Signed-off-by: Markus Rekdal <[email protected]>
mswarowsky
force-pushed
the
tfm_regression
branch
from
2488a91 to
1ac3d47
Compare
Fix linking errors with psa_crypto_config observed in TFM test applications. To be reverted during the next TFM upmerge, as this isolated change is already part of a larger commit upstream. Signed-off-by: Robert Lubos <[email protected]>
mswarowsky
force-pushed
the
tfm_regression
branch
from
95f9864 to
8ad5f2f
Compare
Adds support for handling secure interrupts and secure peripherals for nRF54L. Signed-off-by: Vidar Lillebø <[email protected]>
mswarowsky
force-pushed
the
tfm_regression
branch
2 times, most recently
from
f330678 to
87a1a92
Compare
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Adding missing definitions for UART ports to build the regression tests Ref: NCSDK-27431 Signed-off-by: Markus Swarowsky <[email protected]>
fixup! [nrf noup] platform: nordic_nrf: Add support for 54l Adding missing definitions for UART ports to build the regression tests Ref: NCSDK-27431 Signed-off-by: Markus Swarowsky <[email protected]>
mswarowsky
force-pushed
the
tfm_regression
branch
from
87a1a92 to
bb857da
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is needed to make the tfm_regression tests run