boards: Add non-secure target for nrf54L15dk

This adds the nrf54l15dk/nrf54l15/cpuapp/ns board variant to Zephyr. It allows to build applications for this target. This is an initial support for the non secure target which allows building and running tfm_ipc and config_build. This is NOT full support of the non secure target in upstream Zephyr. There are important limitations, such as: - The hardware Crypto accelerator is not supported and thus the non secur target is NOT secure for production applicatiions in upstream Zephyr. - The BL2 is not supported, so no DFU is supported with this support Most of the code chagnes here are taken from nRF Connect SDK in order to avoid having noups there. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
2025-03-11 14:52:16 +01:00 · 2025-03-11 14:52:16 +01:00 · 47c71e35ee
commit 47c71e35ee
parent 320505ef39
15 changed files with 309 additions and 3 deletions
--- a/boards/nordic/nrf54l15dk/Kconfig
+++ b/boards/nordic/nrf54l15dk/Kconfig
@ -0,0 +1,30 @@
+# Copyright (c) 2025 Nordic Semiconductor ASA
+# SPDX-License-Identifier: Apache-2.0
+
+# nRF54L15 DK board configuration
+
+if BOARD_NRF54L15DK_NRF54L15_CPUAPP_NS
+
+DT_NRF_MPC := $(dt_nodelabel_path,nrf_mpc)
+
+config NRF_TRUSTZONE_FLASH_REGION_SIZE
+	hex
+	default $(dt_node_int_prop_hex,$(DT_NRF_MPC),override-granularity)
+	help
+	  This defines the flash region size from the TrustZone perspective.
+	  It is used when configuring the TrustZone and when setting alignments
+	  requirements for the partitions.
+	  This abstraction allows us to configure TrustZone without depending
+	  on peripheral-specific symbols.
+
+config NRF_TRUSTZONE_RAM_REGION_SIZE
+	hex
+	default $(dt_node_int_prop_hex,$(DT_NRF_MPC),override-granularity)
+	help
+	  This defines the RAM region size from the TrustZone perspective.
+	  It is used when configuring the TrustZone and when setting alignments
+	  requirements for the partitions.
+	  This abstraction allows us to configure TrustZone without depending
+	  on peripheral specific symbols.
+
+endif # BOARD_NRF54L15DK_NRF54L15_CPUAPP_NS
--- a/boards/nordic/nrf54l15dk/Kconfig.defconfig
+++ b/boards/nordic/nrf54l15dk/Kconfig.defconfig
@ -1,6 +1,10 @@
 # Copyright (c) 2024 Nordic Semiconductor ASA
 # SPDX-License-Identifier: Apache-2.0

+# Workaround for not being able to have commas in macro arguments
+DT_CHOSEN_Z_CODE_PARTITION := zephyr,code-partition
+DT_CHOSEN_Z_SRAM_PARTITION := zephyr,sram-secure-partition
+
 if BOARD_NRF54L15DK_NRF54L05_CPUAPP || BOARD_NRF54L15DK_NRF54L10_CPUAPP || \
 	BOARD_NRF54L15DK_NRF54L15_CPUAPP

@ -9,3 +13,21 @@ config ROM_START_OFFSET

 endif # BOARD_NRF54L15DK_NRF54L05_CPUAPP || BOARD_NRF54L15DK_NRF54L10_CPUAPP || \
 	# BOARD_NRF54L15DK_NRF54L15_CPUAPP
+
+if BOARD_NRF54L15DK_NRF54L15_CPUAPP_NS
+
+config BT_CTLR
+	default BT
+
+config FLASH_LOAD_OFFSET
+	default $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_CODE_PARTITION))
+
+config FLASH_LOAD_SIZE
+	default $(dt_chosen_reg_size_hex,$(DT_CHOSEN_Z_CODE_PARTITION))
+
+# By default, if we build for a Non-Secure version of the board,
+# enable building with TF-M as the Secure Execution Environment.
+config BUILD_WITH_TFM
+	default y
+
+endif # BOARD_NRF54L15DK_NRF54L15_CPUAPP_NS
--- a/boards/nordic/nrf54l15dk/Kconfig.nrf54l15dk
+++ b/boards/nordic/nrf54l15dk/Kconfig.nrf54l15dk
@ -4,6 +4,6 @@
 config BOARD_NRF54L15DK
 	select SOC_NRF54L05_CPUAPP if BOARD_NRF54L15DK_NRF54L05_CPUAPP
 	select SOC_NRF54L10_CPUAPP if BOARD_NRF54L15DK_NRF54L10_CPUAPP
-	select SOC_NRF54L15_CPUAPP if BOARD_NRF54L15DK_NRF54L15_CPUAPP
+	select SOC_NRF54L15_CPUAPP if BOARD_NRF54L15DK_NRF54L15_CPUAPP || BOARD_NRF54L15DK_NRF54L15_CPUAPP_NS
 	select SOC_NRF54L15_CPUFLPR if BOARD_NRF54L15DK_NRF54L15_CPUFLPR || \
 					    BOARD_NRF54L15DK_NRF54L15_CPUFLPR_XIP
--- a/boards/nordic/nrf54l15dk/board.cmake
+++ b/boards/nordic/nrf54l15dk/board.cmake
@ -10,5 +10,13 @@ elseif(CONFIG_SOC_NRF54L05_CPUFLPR OR CONFIG_SOC_NRF54L10_CPUFLPR)
  board_runner_args(jlink "--device=RISC-V" "--speed=4000" "-if SW" "--tool-opt=-jlinkscriptfile ${JLINKSCRIPTFILE}")
 endif()

+if(CONFIG_BOARD_NRF54L15DK_NRF54L15_CPUAPP_NS)
+  set(TFM_PUBLIC_KEY_FORMAT "full")
+endif()
+
+if(CONFIG_TFM_FLASH_MERGED_BINARY)
+  set_property(TARGET runners_yaml_props_target PROPERTY hex_file tfm_merged.hex)
+endif()
+
 include(${ZEPHYR_BASE}/boards/common/nrfutil.board.cmake)
 include(${ZEPHYR_BASE}/boards/common/jlink.board.cmake)
--- a/boards/nordic/nrf54l15dk/board.yml
+++ b/boards/nordic/nrf54l15dk/board.yml
@ -9,3 +9,5 @@ board:
    variants:
    - name: xip
      cpucluster: cpuflpr
+    - name: ns
+      cpucluster: cpuapp
--- a/boards/nordic/nrf54l15dk/nrf54l15dk_nrf54l15_cpuapp_ns.dts
+++ b/boards/nordic/nrf54l15dk/nrf54l15dk_nrf54l15_cpuapp_ns.dts
@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/dts-v1/;
+
+#define USE_NON_SECURE_ADDRESS_MAP 1
+
+#include <nordic/nrf54l15_cpuapp.dtsi>
+#include "nrf54l_05_10_15_cpuapp_common.dtsi"
+
+/ {
+	compatible = "nordic,nrf54l15dk_nrf54l15-cpuapp";
+	model = "Nordic nRF54L15 DK nRF54L15 Application MCU";
+
+	chosen {
+		zephyr,code-partition = &slot0_ns_partition;
+		zephyr,sram = &sram0_ns;
+		zephyr,entropy = &psa_rng;
+	};
+
+	/delete-node/ rng;
+
+	psa_rng: psa-rng {
+		status = "okay";
+	};
+};
+
+/ {
+	/*
+	 * Default SRAM planning when building for nRF54L15 with ARM TrustZone-M support
+	 * - Lowest 80 kB SRAM allocated to Secure image (sram0_s).
+	 * - Upper 80 kB SRAM allocated to Non-Secure image (sram0_ns).
+	 *
+	 * nRF54L15 has 256 kB of volatile memory (SRAM) but the last 96kB are reserved for
+	 * the FLPR MCU.
+	 * This static layout needs to be the same with the upstream TF-M layout in the
+	 * header flash_layout.h of the relevant platform. Any updates in the layout
+	 * needs to happen both in the flash_layout.h and in this file at the same time.
+	 */
+	reserved-memory {
+		#address-cells = <1>;
+		#size-cells = <1>;
+		ranges;
+
+		sram0_s: image_s@20000000 {
+			/* Secure image memory */
+			reg = <0x20000000 DT_SIZE_K(80)>;
+		};
+
+		sram0_ns: image_ns@20014000 {
+			/* Non-Secure image memory */
+			reg = <0x20014000 DT_SIZE_K(80)>;
+		};
+	};
+};
+
+&cpuapp_rram {
+	partitions {
+		compatible = "fixed-partitions";
+		#address-cells = <1>;
+		#size-cells = <1>;
+
+		/* nRF54L15 has 1524 kB of non volatile memory (RRAM) but the
+		 * last 96kB are reserved for the FLPR MCU.
+		 *
+		 * This static layout needs to be the same with the upstream TF-M layout in the
+		 * header flash_layout.h of the relevant platform. Any updates in the layout
+		 * needs to happen both in the flash_layout.h and in this file at the same time.
+		 */
+		slot0_partition: partition@0 {
+			label = "image-0";
+			reg = <0x0000000 DT_SIZE_K(512)>;
+		};
+
+		tfm_ps_partition: partition@80000 {
+			label = "tfm-ps";
+			reg = <0x00080000 DT_SIZE_K(16)>;
+		};
+
+		tfm_its_partition: partition@84000 {
+			label = "tfm-its";
+			reg = <0x00084000 DT_SIZE_K(16)>;
+		};
+
+		tfm_otp_partition: partition@88000 {
+			label = "tfm-otp";
+			reg = <0x00088000 DT_SIZE_K(8)>;
+		};
+
+		slot0_ns_partition: partition@8A000 {
+			label = "image-0-nonsecure";
+			reg = <0x0008A000 DT_SIZE_K(844)>;
+		};
+
+		storage_partition: partition@15D000 {
+			label = "storage";
+			reg = <0x00015D000 DT_SIZE_K(32)>;
+		};
+	};
+};
+
+&uart30 {
+	/* Disable so that TF-M can use this UART */
+	status = "disabled";
+
+	current-speed = <115200>;
+	pinctrl-0 = <&uart30_default>;
+	pinctrl-1 = <&uart30_sleep>;
+	pinctrl-names = "default", "sleep";
+};
--- a/boards/nordic/nrf54l15dk/nrf54l15dk_nrf54l15_cpuapp_ns.yaml
+++ b/boards/nordic/nrf54l15dk/nrf54l15dk_nrf54l15_cpuapp_ns.yaml
@ -0,0 +1,21 @@
+# Copyright (c) 2025 Nordic Semiconductor ASA
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+
+identifier: nrf54l15dk/nrf54l15/cpuapp/ns
+name: nRF54l15-DK-nRF54l15-Application-Non-Secure
+type: mcu
+arch: arm
+toolchain:
+  - gnuarmemb
+  - zephyr
+ram: 256
+flash: 1524
+supported:
+  - adc
+  - gpio
+  - i2c
+  - spi
+  - counter
+  - watchdog
+  - adc
+  - i2s
--- a/boards/nordic/nrf54l15dk/nrf54l15dk_nrf54l15_cpuapp_ns_defconfig
+++ b/boards/nordic/nrf54l15dk/nrf54l15dk_nrf54l15_cpuapp_ns_defconfig
@ -0,0 +1,36 @@
+# Copyright (c) 2025 Nordic Semiconductor ASA
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+
+CONFIG_ARM_MPU=y
+CONFIG_HW_STACK_PROTECTION=y
+CONFIG_NULL_POINTER_EXCEPTION_DETECTION_NONE=y
+CONFIG_ARM_TRUSTZONE_M=y
+
+# This Board implies building Non-Secure firmware
+CONFIG_TRUSTED_EXECUTION_NONSECURE=y
+
+# Don't enable the cache in the non-secure image as it is a
+# secure-only peripheral on 54l
+CONFIG_CACHE_MANAGEMENT=n
+CONFIG_EXTERNAL_CACHE=n
+
+CONFIG_UART_CONSOLE=y
+CONFIG_CONSOLE=y
+CONFIG_SERIAL=y
+CONFIG_GPIO=y
+
+# Start SYSCOUNTER on driver init
+CONFIG_NRF_GRTC_START_SYSCOUNTER=y
+
+# Disable TFM BL2 since it is not supported
+CONFIG_TFM_BL2=n
+
+# Support for silence logging is not supported at the moment
+# Tracked by: NCSDK-31930
+CONFIG_TFM_LOG_LEVEL_SILENCE=n
+
+# The oscillators are configured as secure and cannot be configured
+# from the non secure application directly. This needs to be set
+# otherwise nrfx will try to configure them, resulting in a bus
+# fault.
+CONFIG_SOC_NRF54LX_SKIP_CLOCK_CONFIG=y
--- a/modules/trusted-firmware-m/Kconfig.tfm
+++ b/modules/trusted-firmware-m/Kconfig.tfm
@ -25,6 +25,7 @@ config TFM_BOARD
 	default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf9160" if SOC_NRF9160
 	default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf9120" if SOC_NRF9120
 	default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf5340_cpuapp" if SOC_NRF5340_CPUAPP
+	default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf54l15_cpuapp" if SOC_NRF54L15_CPUAPP
 	help
 	  The board name used for building TFM. Building with TFM requires that
 	  TFM has been ported to the given board/SoC.
--- a/modules/trusted-firmware-m/nordic/include/RTE_Device.h
+++ b/modules/trusted-firmware-m/nordic/include/RTE_Device.h
@ -29,10 +29,10 @@
 	) \
 }

-#endif
+#else

 /* Configuration settings for Driver_USART1. */
-#if DT_PINCTRL_HAS_NAME(DT_NODELABEL(uart1), default) && DOMAIN_NS != 1U
+#if DT_PINCTRL_HAS_NAME(DT_NODELABEL(uart1), default)

 #define RTE_USART1 1

@ -44,6 +44,20 @@
 	) \
 }

+#elif DT_PINCTRL_HAS_NAME(DT_NODELABEL(uart30), default)
+
+#define RTE_USART30 1
+
+#define RTE_USART30_PINS \
+{ \
+	DT_FOREACH_CHILD_VARGS( \
+		DT_PINCTRL_BY_NAME(DT_NODELABEL(uart30), default, 0), \
+		DT_FOREACH_PROP_ELEM, psels, UART_PIN_INIT \
+	) \
+}
+
+#endif
+
 #endif

 /* Configuration settings for Driver_FLASH0. */
--- a/modules/trusted-firmware-m/nordic/include/tfm_peripherals_config.h
+++ b/modules/trusted-firmware-m/nordic/include/tfm_peripherals_config.h
@ -12,9 +12,15 @@ extern "C" {
 #endif

 #ifdef SECURE_UART1
+
+#if defined(NRF54L15_XXAA)
+#define TFM_PERIPHERAL_UARTE30_SECURE 1
+#else
 #define TFM_PERIPHERAL_UARTE1_SECURE 1
 #endif

+#endif /* SECURE_UART1 */
+
 #if TEST_NS_SLIH_IRQ || TEST_NS_FLIH_IRQ
 #define TFM_PERIPHERAL_TIMER0_SECURE 1
 #endif
@ -29,6 +35,8 @@ extern "C" {
    #include <tfm_peripherals_config_nrf91.h>
 #elif defined(NRF5340_XXAA_APPLICATION)
    #include <tfm_peripherals_config_nrf5340_application.h>
+#elif defined(NRF54L15_XXAA)
+    #include <tfm_peripherals_config_nrf54l15.h>
 #else
    #error "Unknown device."
 #endif
--- a/modules/trusted-firmware-m/nordic/nrf54l15_cpuapp/CMakeLists.txt
+++ b/modules/trusted-firmware-m/nordic/nrf54l15_cpuapp/CMakeLists.txt
@ -0,0 +1,23 @@
+#
+# Copyright (c) 2025, Nordic Semiconductor ASA.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+set(NRF_BOARD_SELECTED True)
+
+add_subdirectory(${Trusted\ Firmware\ M_SOURCE_DIR}/platform/ext/target/nordic_nrf/common/nrf54l15 nrf54l15)
+
+add_subdirectory(.. common)
+
+install(FILES       ${CMAKE_CURRENT_LIST_DIR}/ns/cpuarch_ns.cmake
+        DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+        RENAME      cpuarch.cmake)
+
+install(FILES       config.cmake
+        DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(DIRECTORY   ${Trusted\ Firmware\ M_SOURCE_DIR}/platform/ext/target/nordic_nrf/nrf54l15dk_nrf54l15_cpuapp/tests
+
+        DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+)
--- a/modules/trusted-firmware-m/nordic/nrf54l15_cpuapp/config.cmake
+++ b/modules/trusted-firmware-m/nordic/nrf54l15_cpuapp/config.cmake
@ -0,0 +1,9 @@
+#
+# Copyright (c) 2025, Nordic Semiconductor ASA.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+set(NRF_SOC_VARIANT nrf54l15 CACHE STRING "nRF SoC Variant")
+
+include(${PLATFORM_PATH}/common/nrf54l15/config.cmake)
--- a/modules/trusted-firmware-m/nordic/nrf54l15_cpuapp/cpuarch.cmake
+++ b/modules/trusted-firmware-m/nordic/nrf54l15_cpuapp/cpuarch.cmake
@ -0,0 +1,9 @@
+#
+# Copyright (c) 2025, Nordic Semiconductor ASA.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+set(PLATFORM_PATH platform/ext/target/nordic_nrf)
+
+include(${PLATFORM_PATH}/common/nrf54l15/cpuarch.cmake)
--- a/modules/trusted-firmware-m/nordic/nrf54l15_cpuapp/ns/cpuarch_ns.cmake
+++ b/modules/trusted-firmware-m/nordic/nrf54l15_cpuapp/ns/cpuarch_ns.cmake
@ -0,0 +1,10 @@
+#
+# Copyright (c) 2025, Nordic Semiconductor ASA.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+set(PLATFORM_DIR  ${CMAKE_CURRENT_LIST_DIR})
+set(PLATFORM_PATH ${CMAKE_CURRENT_LIST_DIR})
+
+include(${CMAKE_CURRENT_LIST_DIR}/common/nrf54l15/cpuarch.cmake)