Now that we have consolidated tf-m signing, the combined
binary is always named tfm_merged, so we need to modify
the QEMU targets in the tfm-integration samples.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Place the new signing code in the TFM module CMakeLists.txt.
Make some small tweaks and add a sentence to the docs.
In the process, make a few changes to the signing code:
- Change some names of files created.
- Minimize the number of files created.
- Use hex files instead of bin files. This is so we don't need to know
the offset when creating hex files from bin files.
Also add signing for MCUBOOT_IMAGE_NUMBER=1 based on the code from the
v2m_musca_b1 board, though, this board does not build with =1 now
because of (I assume) some flash aliasing which places the S and NS
images 0x10000000 apart, where the manual algorithm places them next to
each other. It builds with =2, though.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Remove missing printout, and add the last line of printout.
Note that it's not possible to run this on hardware using Twister as of
now, since west flash will not flash tfm_s.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Musca-S1 is a Cortex-M33 based SoC. It's similar to the
Musca-B1, but among other things the embedded flash has
been replaced with embedded MRAM (eMRAM) memory.
The Musca-S1 files have been created based on the Musca-B1
SoC and board files.
Add the Musca-S1 board to the list of allowed platforms
for the TF-M integration examples.
Change-Id: I4f517d28d0a5b8c4a3fc3fab73adb5519acfc3c2
Signed-off-by: David Vincze <david.vincze@linaro.org>
Add a section about executable files produced by the build, as well as
how to access them.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Remove the DTS overlay files for nRF5340 DK and PDK,
since the SRAM partition changes are matching the
default SRAM partitioning in these boards.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add Kconfig options that will be used by the module
to call the function with the desired parameters.
Refactor the tfm_integration samples and
the supported boards.
Update west.yml to bring in Cmake changes that use the new KConfigs.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Make it easier to add TF-M in an app by selecting and implying the
necessary configs so the app doesn't have to specify the configs itself.
Remove unneeded configs from the prj.conf files in the tfm samples.
Also, fix case in key file name.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Add support for nRF5340 DK in the TF-M integration
samples (nrf5340dk_nrf5340_cpuappns build target).
Add the required DTS overlays needed for the samples
to build and run successfully.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add nucleo_l552ze_q_ns board to the allowed list of platforms
for the tfm_ipc sample. This allows the sample to be built for
the nucleo_l552ze_q_ns platform by sanity check.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Fix the name of the sample in the .yaml file so it matches
the sample directory, and does not collide with tfm_ipc.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In the samples' documentation we update the requirements
for building TF-M binaries according to the latest upstream
TF-M documentation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add documentation on how to build and run the TF-M integration
samples on nRF platforms.
The arm-none-eabi-gcc does not need to be on the PATH anymore
for building and running the tfm_ipc sample on nucleo so remove
the note from the sample docs.
Fix some paths for TFM binaries for the LPC board as well.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit adapts the DTS overlay for nucleo_l552ze_q_ns
board, to comply with the changes applied in the flash
layout of the TF-M build.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Changes required in TF-M integration samples CMakeLists.txt
files due to the new upstream TF-M build system. In brief,
configuration related to PSA API (IPC), Regression, and
Isolation level needs to be passed, now, directly, not
via invoking a given TF-M CMake configuration.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Adding support for TF-M in the Nordic nRF9160 DK.
Allow the TF-M integration samples to be built and
executed for nRF9160 DK.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
TF-M related information in the relevant board definitions
needs to be updated in the wake of the new TF-M Build
system.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Provide device tree flash partition in order to configure
and flash non secure binary.
Flash partitioning depends on TFM configuration and use case,
so it is provided as an overlay in the sample it is used.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
Configure build variable BL2 depending on board configuration. BL2 is
set to True by default. BL2 enabled building TFM with MCUboot.
Signed-off-by: Andrei Gansari <andrei.gansari@nxp.com>
This commit adds the signing commands and the configuration required
to build a non secure image for a nucleo_l552ze_q.
Signed-off-by: Nolwenn Violette <nolwenn.violette01@st.com>
This provides a better error message when building with CMake and
forgetting ZEPHYR_BASE or not registering Zephyr in the CMake package
registry. See parent commit for more details (split from parent for
better readability).
Signed-off-by: Marc Herbert <marc.herbert@intel.com>
This commit adds a `tfm_level_1` samples app that shows how
to use the PSA APIs in IPC mode in a real-world example.
It makes use of the crypto, initial attestation and secure
storage modules.
Signed-off-by: Kevin Townsend <kevin@ktownsend.com>
This commit adds a minimal sample application showing how
TF-M can be used in IPC mode, with Zephyr providing the
non-secure processing environment image, and linking against
the PSA APIs implemented in TF-M.
This commit also include work from the commit quoted below,
which is included here for attribution purposes:
tfm_ipc: cmake: now using tfm_ipc library created by TF-M module
This commit removes the need for local knowledge of the TF-M
repository structure and files.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Signed-off-by: Karl Zhang <karl.zhang@linaro.org>
This commits adds a config option to build a PSA trusted-firmware-m
(TF-M) application image for the secure processing environment, and
configures the Zephyr application image for the non-secure processing
environment. The secure and non-secure environment images will be
linked together via the veneer function table that is produced as an
artifact of the TF-M build process.
Signed-off-by: Karl Zhang <karl.zhang@linaro.org>
