soc: nrf53: Add handling of secure-only code in init with TFM enabled

Add handling of secure-only code with TF-M enabled that can only be done
from secure processing environment.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This commit is contained in:
Joakim Andersson 2021-11-23 15:54:59 +01:00 committed by Carles Cufí
commit aef46a8e51
5 changed files with 83 additions and 11 deletions

View file

@ -11,3 +11,9 @@ zephyr_library_sources_ifdef(CONFIG_PM
zephyr_library_sources_ifdef(CONFIG_NRF53_SYNC_RTC
sync_rtc.c
)
if (CONFIG_BUILD_WITH_TFM)
zephyr_library_include_directories(
$<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/install/interface/include
)
endif()

View file

@ -144,7 +144,7 @@ config SOC_DCDC_NRF53X_HV
help
Enable nRF53 series System on Chip High Voltage DC/DC converter.
if !TRUSTED_EXECUTION_NONSECURE
if !TRUSTED_EXECUTION_NONSECURE || BUILD_WITH_TFM
config SOC_ENABLE_LFXO
bool "Enable LFXO"
@ -206,14 +206,14 @@ config SOC_HFXO_CAP_INT_VALUE_X2
capacitance value for the two capacitors. Set it to 14 to get 7.0 pF
for each capacitor, 15 to get 7.5 pF, and so on.
endif # !TRUSTED_EXECUTION_NONSECURE
endif # !TRUSTED_EXECUTION_NONSECURE || BUILD_WITH_TFM
endif # SOC_NRF5340_CPUAPP
config NRF_ENABLE_CACHE
bool "Enable cache"
depends on (SOC_NRF5340_CPUAPP && !TRUSTED_EXECUTION_NONSECURE) \
depends on (SOC_NRF5340_CPUAPP && (!TRUSTED_EXECUTION_NONSECURE || BUILD_WITH_TFM)) \
|| SOC_NRF5340_CPUNET
default y
help
@ -223,6 +223,10 @@ config NRF_ENABLE_CACHE
Instruction cache only (I-Cache) is available in nRF5340
CPUNET (Network MCU).
config BUILD_WITH_TFM
# TF-M nRF53 platform enables the cache unconditionally.
select NRF_ENABLE_CACHE if SOC_NRF5340_CPUAPP
config NRF53_SYNC_RTC
bool "Enable RTC clock synchronization"
default y if LOG && !LOG_MODE_MINIMAL

View file

@ -26,6 +26,7 @@
#elif defined(CONFIG_SOC_NRF5340_CPUNET)
#include <hal/nrf_nvmc.h>
#endif
#include <soc_secure.h>
#define PIN_XL1 0
#define PIN_XL2 1
@ -57,14 +58,18 @@ static int nordicsemi_nrf53_init(const struct device *arg)
key = irq_lock();
#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(CONFIG_NRF_ENABLE_CACHE)
/* Enable the instruction & data cache */
#if !defined(CONFIG_BUILD_WITH_TFM)
/* Enable the instruction & data cache.
* This can only be done from secure code.
* This is handled by the TF-M platform so we skip it when TF-M is
* enabled.
*/
nrf_cache_enable(NRF_CACHE);
#endif
#elif defined(CONFIG_SOC_NRF5340_CPUNET) && defined(CONFIG_NRF_ENABLE_CACHE)
nrf_nvmc_icache_config_set(NRF_NVMC, NRF_NVMC_ICACHE_ENABLE);
#endif
#if defined(CONFIG_SOC_NRF5340_CPUAPP) && \
!defined(CONFIG_TRUSTED_EXECUTION_NONSECURE)
#if defined(CONFIG_SOC_ENABLE_LFXO)
nrf_oscillators_lfxo_cap_set(NRF_OSCILLATORS,
IS_ENABLED(CONFIG_SOC_LFXO_CAP_INT_6PF) ?
@ -74,13 +79,18 @@ static int nordicsemi_nrf53_init(const struct device *arg)
IS_ENABLED(CONFIG_SOC_LFXO_CAP_INT_9PF) ?
NRF_OSCILLATORS_LFXO_CAP_9PF :
NRF_OSCILLATORS_LFXO_CAP_EXTERNAL);
/* This can only be done from secure code. */
#if !defined(CONFIG_BUILD_WITH_TFM)
/* This can only be done from secure code.
* This is handled by the TF-M platform so we skip it when TF-M is
* enabled.
*/
nrf_gpio_pin_mcu_select(PIN_XL1, NRF_GPIO_PIN_MCUSEL_PERIPHERAL);
nrf_gpio_pin_mcu_select(PIN_XL2, NRF_GPIO_PIN_MCUSEL_PERIPHERAL);
#endif
#endif /* !defined(CONFIG_BUILD_WITH_TFM) */
#endif /* defined(CONFIG_SOC_ENABLE_LFXO) */
#if defined(CONFIG_SOC_HFXO_CAP_INTERNAL)
/* This register is only accessible from secure code. */
uint32_t xosc32mtrim = NRF_FICR->XOSC32MTRIM;
uint32_t xosc32mtrim = soc_secure_read_xosc32mtrim();
/* As specified in the nRF5340 PS:
* CAPVALUE = (((FICR->XOSC32MTRIM.SLOPE+56)*(CAPACITANCE*2-14))
* +((FICR->XOSC32MTRIM.OFFSET-8)<<4)+32)>>6;
@ -99,7 +109,6 @@ static int nordicsemi_nrf53_init(const struct device *arg)
#elif defined(CONFIG_SOC_HFXO_CAP_EXTERNAL)
nrf_oscillators_hfxo_cap_set(NRF_OSCILLATORS, false, 0);
#endif
#endif /* defined(CONFIG_SOC_NRF5340_CPUAPP) && ... */
#if defined(CONFIG_SOC_DCDC_NRF53X_APP)
nrf_regulators_dcdcen_set(NRF_REGULATORS, true);

View file

@ -0,0 +1,53 @@
/*
* Copyright (c) 2019 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <stdint.h>
#include <hal/nrf_gpio.h>
#if defined(CONFIG_SOC_NRF5340_CPUAPP)
#if defined(CONFIG_BUILD_WITH_TFM)
/* Use TF-M platform services */
#include "tfm_ioctl_api.h"
#include "hal/nrf_gpio.h"
static inline void soc_secure_gpio_pin_mcu_select(uint32_t pin_number, nrf_gpio_pin_mcusel_t mcu)
{
uint32_t result;
enum tfm_platform_err_t err;
err = tfm_platform_gpio_pin_mcu_select(pin_number, mcu, &result);
__ASSERT(err == TFM_PLATFORM_ERR_SUCCESS, "TFM platform error (%d)", err);
__ASSERT(result == 0, "GPIO service error (%d)", result);
}
#if defined(CONFIG_SOC_HFXO_CAP_INTERNAL)
static inline uint32_t soc_secure_read_xosc32mtrim(void)
{
uintptr_t ptr = (uintptr_t)&NRF_FICR_S->XOSC32MTRIM;
enum tfm_platform_err_t err;
uint32_t result;
uint32_t xosc32mtrim;
err = tfm_platform_mem_read(&xosc32mtrim, ptr, 4, &result);
__ASSERT(err == TFM_PLATFORM_ERR_SUCCESS, "TFM platform error (%d)", err);
__ASSERT(result == 0, "Read service error (%d)", result);
return xosc32mtrim;
}
#endif /* defined(CONFIG_SOC_HFXO_CAP_INTERNAL) */
#else
#include <nrf.h>
/* Do this directly from secure processing environment. */
static inline void soc_secure_gpio_pin_mcu_select(uint32_t pin_number, nrf_gpio_pin_mcusel_t mcu)
{
nrf_gpio_pin_mcu_select(pin_number, mcu);
}
static inline uint32_t soc_secure_read_xosc32mtrim(void)
{
return NRF_FICR_S->XOSC32MTRIM;
}
#endif /* defined CONFIG_BUILD_WITH_TFM */
#endif /* defined(CONFIG_SOC_NRF5340_CPUAPP) */

View file

@ -218,7 +218,7 @@ manifest:
groups:
- debug
- name: trusted-firmware-m
revision: c8134809a9439571c54d36ef39210270dbee8f67
revision: 5d32c3e64b3d589548e881eeeeb37d84944c90af
path: modules/tee/tf-m/trusted-firmware-m
groups:
- tee