soc: nordic_nrf: Refactor soc_secure handling

Refactor soc_secure handling to not use TF-M directly in the header. Move from nRF53 to common since nRF91 also supports TF-M. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2022-03-18 17:00:14 +01:00 · 2022-03-18 17:00:14 +01:00 · 6a14a0233b
parent 28d9278358
commit 6a14a0233b
5 changed files with 102 additions and 59 deletions
--- a/soc/arm/nordic_nrf/common/CMakeLists.txt
+++ b/soc/arm/nordic_nrf/common/CMakeLists.txt
@ -3,3 +3,10 @@

 zephyr_library_sources_ifdef(CONFIG_SOC_FAMILY_NRF soc_nrf_common.S)
 zephyr_include_directories(.)
+
+if (CONFIG_BUILD_WITH_TFM)
+  zephyr_sources(soc_secure.c)
+  zephyr_library_include_directories(
+    $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/install/interface/include
+  )
+endif()
--- a/soc/arm/nordic_nrf/common/soc_secure.c
+++ b/soc/arm/nordic_nrf/common/soc_secure.c
@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2022 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <soc_secure.h>
+#include <errno.h>
+
+#include "nrf.h"
+
+#include "tfm_platform_api.h"
+#include "tfm_ioctl_api.h"
+
+#if defined(GPIO_PIN_CNF_MCUSEL_Msk)
+void soc_secure_gpio_pin_mcu_select(uint32_t pin_number, nrf_gpio_pin_mcusel_t mcu)
+{
+	uint32_t result;
+	enum tfm_platform_err_t err;
+
+	err = tfm_platform_gpio_pin_mcu_select(pin_number, mcu, &result);
+	__ASSERT(err == TFM_PLATFORM_ERR_SUCCESS, "TFM platform error (%d)", err);
+	__ASSERT(result == 0, "GPIO service error (%d)", result);
+}
+#endif /* defined(GPIO_PIN_CNF_MCUSEL_Msk) */
+
+int soc_secure_mem_read(void *dst, void *src, size_t len)
+{
+	enum tfm_platform_err_t status;
+	uint32_t result;
+
+	status = tfm_platform_mem_read(dst, (uintptr_t)src, len, &result);
+
+	switch (status) {
+	case TFM_PLATFORM_ERR_INVALID_PARAM:
+		return -EINVAL;
+	case TFM_PLATFORM_ERR_NOT_SUPPORTED:
+		return -ENOTSUP;
+	case TFM_PLATFORM_ERR_SUCCESS:
+		if (result == 0) {
+			return 0;
+		}
+		/* Fallthrough */
+	default:
+		return -EPERM;
+	}
+}
--- a/soc/arm/nordic_nrf/common/soc_secure.h
+++ b/soc/arm/nordic_nrf/common/soc_secure.h
@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2019 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#include <stdint.h>
+#include <nrf.h>
+#include <hal/nrf_gpio.h>
+#include <hal/nrf_ficr.h>
+
+#if defined(CONFIG_TRUSTED_EXECUTION_NONSECURE)
+#if defined(GPIO_PIN_CNF_MCUSEL_Msk)
+void soc_secure_gpio_pin_mcu_select(uint32_t pin_number, nrf_gpio_pin_mcusel_t mcu);
+#endif
+
+int soc_secure_mem_read(void *dst, void *src, size_t len);
+
+#if defined(CONFIG_SOC_HFXO_CAP_INTERNAL)
+static inline uint32_t soc_secure_read_xosc32mtrim(void)
+{
+	uint32_t xosc32mtrim;
+	int err;
+
+	err = soc_secure_mem_read(&xosc32mtrim,
+				  (void *)&NRF_FICR_S->XOSC32MTRIM,
+				  sizeof(xosc32mtrim));
+	__ASSERT(err == 0, "Secure read error (%d)", err);
+
+	return xosc32mtrim;
+}
+#endif /* defined(CONFIG_SOC_HFXO_CAP_INTERNAL) */
+
+#else /* defined(CONFIG_TRUSTED_EXECUTION_NONSECURE) */
+#if defined(GPIO_PIN_CNF_MCUSEL_Msk)
+static inline void soc_secure_gpio_pin_mcu_select(uint32_t pin_number,
+						  nrf_gpio_pin_mcusel_t mcu)
+{
+	nrf_gpio_pin_mcu_select(pin_number, mcu);
+}
+#endif /* defined(GPIO_PIN_CNF_MCUSEL_Msk) */
+
+#if defined(CONFIG_SOC_HFXO_CAP_INTERNAL)
+static inline uint32_t soc_secure_read_xosc32mtrim(void)
+{
+	return NRF_FICR_S->XOSC32MTRIM;
+}
+#endif /* defined(CONFIG_SOC_HFXO_CAP_INTERNAL) */
+#endif /* defined(CONFIG_TRUSTED_EXECUTION_NONSECURE) */
--- a/soc/arm/nordic_nrf/nrf53/CMakeLists.txt
+++ b/soc/arm/nordic_nrf/nrf53/CMakeLists.txt
@ -11,9 +11,3 @@ zephyr_library_sources_ifdef(CONFIG_PM
 zephyr_library_sources_ifdef(CONFIG_NRF53_SYNC_RTC
  sync_rtc.c
  )
-
-if (CONFIG_BUILD_WITH_TFM)
-  zephyr_library_include_directories(
-    $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/install/interface/include
-  )
-endif()
--- a/soc/arm/nordic_nrf/nrf53/soc_secure.h
+++ b/soc/arm/nordic_nrf/nrf53/soc_secure.h
@ -1,53 +0,0 @@
-/*
- * Copyright (c) 2019 Nordic Semiconductor ASA
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-#include <stdint.h>
-#include <hal/nrf_gpio.h>
-
-#if defined(CONFIG_SOC_NRF5340_CPUAPP)
-#if defined(CONFIG_BUILD_WITH_TFM)
-/* Use TF-M platform services */
-#include "tfm_ioctl_api.h"
-#include "hal/nrf_gpio.h"
-
-static inline void soc_secure_gpio_pin_mcu_select(uint32_t pin_number, nrf_gpio_pin_mcusel_t mcu)
-{
-	uint32_t result;
-	enum tfm_platform_err_t err;
-
-	err = tfm_platform_gpio_pin_mcu_select(pin_number, mcu, &result);
-	__ASSERT(err == TFM_PLATFORM_ERR_SUCCESS, "TFM platform error (%d)", err);
-	__ASSERT(result == 0, "GPIO service error (%d)", result);
-}
-
-#if defined(CONFIG_SOC_HFXO_CAP_INTERNAL)
-static inline uint32_t soc_secure_read_xosc32mtrim(void)
-{
-	uintptr_t ptr = (uintptr_t)&NRF_FICR_S->XOSC32MTRIM;
-	enum tfm_platform_err_t err;
-	uint32_t result;
-	uint32_t xosc32mtrim;
-
-	err = tfm_platform_mem_read(&xosc32mtrim, ptr, 4, &result);
-	__ASSERT(err == TFM_PLATFORM_ERR_SUCCESS, "TFM platform error (%d)", err);
-	__ASSERT(result == 0, "Read service error (%d)", result);
-
-	return xosc32mtrim;
-}
-#endif /* defined(CONFIG_SOC_HFXO_CAP_INTERNAL) */
-#else
-#include <nrf.h>
-/* Do this directly from secure processing environment. */
-static inline void soc_secure_gpio_pin_mcu_select(uint32_t pin_number, nrf_gpio_pin_mcusel_t mcu)
-{
-	nrf_gpio_pin_mcu_select(pin_number, mcu);
-}
-
-static inline uint32_t soc_secure_read_xosc32mtrim(void)
-{
-	return NRF_FICR_S->XOSC32MTRIM;
-}
-#endif /* defined CONFIG_BUILD_WITH_TFM */
-#endif /* defined(CONFIG_SOC_NRF5340_CPUAPP) */