We move the Zephyr-specific CMakeLists.txt file into
the main Zephyr tree. We also move the zephyr_init.c
source file.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the prompt from MBEDTLS_USER_CONFIG_FILE unless
MBEDTLS_USER_CONFIG_ENABLE is true.
This fixes issues where other parts would specify a default value for
MBEDTLS_USER_CONFIG_FILE that would become stuck and not updated if
user re-configured the system using menuconfig.
Disabling the prompt ensures that only when a user specifically enables
MBEDTLS_USER_CONFIG_ENABLE and specify a custom user value in
MBEDTLS_USER_CONFIG_FILE the setting will be fixed.
Also updates the manifest with related change in the mbedtls project.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Introducing MBEDTLS_PROMPTLESS and CUSTOM_MBEDTLS_CFG_FILE settings.
The MBEDTLS_PROMPTLESS can be set to true whenever configuration of
mbedTLS is done from a subsystem or module.
Such an example is OpenThread, which selects mbedTLS for some predefined
crypto settings using OPENTHREAD_MBEDTLS=y.
Unfortunately, extensive use of select can easily cause stuck symbol
syndrome making it harder than neccesarry for users to later reconfigure
as they easily get stuck in incompatible configurations.
Providing a MBEDTLS_PROMPTLESS allows such configurations to disable the
MBEDTLS prompt itself when selected but avoid stuck symbol if user
select another security configuration.
Similar with CUSTOM_MBEDTLS_CFG_FILE which ensures that user must
explicitly select this symbol before providing a custom mbedTLS config
file.
Today, other parts the Kconfig tree may set a default value for
MBEDTLS_CFG_FILE but that value is stuck and thus changed Kconfig
selections elsewhere in the tree will not adjust the value.
Introducing CUSTOM_MBEDTLS_CFG_FILE ensures it is known when the user
has provided the value.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
This commit allows a subsystem to specify additional CMake flags to be
given to the TF-M build.
The additional CMake flags can be provided through the TFM_CMAKE_OPTIONS
property on the zephyr_property_target.
Using the zephyr_property_target allows Zephyr modules to append extra
TFM_CMAKE_OPTIONS regardless of the CMake processing order.
It splits the ExternalProject_Add into a two step process with the CMake
invocation executed using add_custom_target() and the build process
using ExternalProject_Add(). The reason for this split is because CMake
generator expressions passed through ExternalProject_Add to CMake will
quoted so that `$<TARGET_PROPERTY:<tgt>,<prop>>` becomes
`"-DFOO=bar -DBAR=foo"` instead of `-DFOO=bar -DBAR=foo` which again
results in CMake failures.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
When ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS is enabled, if FPU is
being used (CONTROL.FPCA == 1), store all FP registers before
entering the secure function, and restore them afterwards.
This is needed if any NS thread or ISR that interrupts the secure
function uses FP registers. If they do, a secure UsageFault occurs
unless this change is applied.
This allows k_sched_lock() and k_sched_unlock() to be dropped when
ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS is enabled.
Enable ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS by default when
building TF-M.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Add new kconfigs
Include the ns-app built by TF-M build system for regression tests
Update tfm_ipc sample to use new kconfig
Signed-off-by: Andreas Vibeto <andreas.vibeto@nordicsemi.no>
Add necessary libs and files to the build
Add support for new kconfigs
Add Zephyr-only implementations of tfm_log and tfm_ns_interface.
Add zephyr_tfm_psa_test.c for easily running PSA tests.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Do not allow the TFM_ISOLATION_LEVEL to be non-hidden option,
if the TFM_IPC (PSA_API) option is not set, since, in that case,
only Isolation Level 1 is supported.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add the nanopb library and generator tools as a module.
Nanopb is a small code-size Protocol Buffers implementation in ansi C.
It is especially suitable for use in microcontrollers,
but fits any memory restricted system.
Nanopb home: https://jpa.kapsi.fi/nanopb/
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
We add a Kconfig choice for the TF-M profile, in
TF-M's Kconfig file. The reason for that is to be
able to easily enable additional configurations,
depending on the profile type being selected. We
also enhance the documentation of TFM_PROFILE,
stressing that there is now also profile_large
available as an option. TFM_PROFILE is now made
hidden, forcing the users to select one of the
available choice symbols. IF the TFM_PROFILE is
set to something other than "none", then certain
options shall be made hidden, namely, IPC and
isolation level, as they are determined by the
profile setting.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add a dependency on IPC for the Audit Log secure service,
since the service is not compliant with the IPC model.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update revision of hal_nordic which introduces new radio driver
integration scheme.
The glue cmake has been updated to use the new integration scheme
for the nrf-802154 component.
Added config option to exclude radio driver in hal_nordic from the
build process. This allows the radio driver to be supplied from
other sources.
Signed-off-by: Rafał Kuźnia <rafal.kuznia@nordicsemi.no>
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
The default value is not needed because there is only one choice.
This allows the default choice to be set in a different module.
Signed-off-by: Rafał Kuźnia <rafal.kuznia@nordicsemi.no>
When compiling TF-M with profile_medium, disable the support
for Audit Log due to an upstream bug.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Prevent a thread from being preempted, while executing a Secure
function. This is required to prevent system crashes that could
occur if a thead context switch is triggered in the middle of a
Secure call.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
To allow using TFM NS interface without enabling
CMSIS_RTOS V2 support. And to allow using TFM NS
code that uses logging.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The TF-M NS interface needs to be initialized before
it is used. We add an initialization function that
calls tfm_ns_interface_init(), at boot time, so then
we can use TF-M interface calls (veneers).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In ARM Non-Secure builds with TF-M it is not, generally,
possible to issue system reset requests from Non-Secure
domain. When the Platform SPM Partition is enabled, the
tfm_platform_system_reset(.) API can be used to request
system resets from TF-M. This commit overrides the weak
sys_arch_reboot() implementation in scb.c so Non-Secure
code is able to issue system resets.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Instruct CMake to include interface libraries when
building a Non-Secure ARM target with TF-M. In
particular, include the reboot.c source file, which
overrides the sys_arch_reboot implementation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Rename lib.
Disable AUDIT_LOG in regression sample because of a bug upstream.
Update stm32l562e_dk_ns overlay.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
There was an inconsistency in the API as z_nrf_rtc_timer_chan_alloc
returned int but other function were using uint32_t for channel
argument. Updated api to use int32_t everywhere.
Update nrf_802154 driver which was using this api to use int32_t.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
This commit enables the TF-M IPC sample application on stm32l562e_dk
board.
It provides device tree flash partition as an overlay in order to
configure and flash the bl2, secure/non secure firmwares.
Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
This commit allows to append an optional --hex-addr argument to
the wrapper script if speficied. This can adjust the base address
of the output hex file when signing the non-secure or secure
firmware images.
Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
Make sure that CONFIG_NET_TCP_ISN_RFC6528 is not set when compiling
Civetweb. There are compile issues in Civetweb if both mbedtls and
POSIX API option are set, and this happens if the TCP ISN option is
enabled.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The shim layer could in some circumstances not be properly
configured which would result in an unbound radio interrupt
handler.
Signed-off-by: Rafał Kuźnia <rafal.kuznia@nordicsemi.no>
This commit moves all hal_nordic radio driver code that is
strictly dependent on Zephyr into the Zephyr repository.
Signed-off-by: Rafał Kuźnia <rafal.kuznia@nordicsemi.no>
Introduce an option to instruct the build system
to flash the Non-Secure (Zephyr) firmware image
together with the TF-M (Secure) firmware image
as a single merged binary, instead of just flashing
the Non-Secure application.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Place the new signing code in the TFM module CMakeLists.txt.
Make some small tweaks and add a sentence to the docs.
In the process, make a few changes to the signing code:
- Change some names of files created.
- Minimize the number of files created.
- Use hex files instead of bin files. This is so we don't need to know
the offset when creating hex files from bin files.
Also add signing for MCUBOOT_IMAGE_NUMBER=1 based on the code from the
v2m_musca_b1 board, though, this board does not build with =1 now
because of (I assume) some flash aliasing which places the S and NS
images 0x10000000 apart, where the manual algorithm places them next to
each other. It builds with =2, though.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Add device tree nodes for QDEC peripheral instances
for nRF5340 Application core.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The choice allowed for using TFM's own default. We now need full
knowledge over whether BL2 is enabled or not (e.g. to do signing),
so remove this option and simplify to a bool.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
'IPC' and 'REGRESSION' are passed to the <option>
argument of cmake_parse_arguments, hence they are always defined,
and 'if (DEFINED)' would always return TRUE.
Use 'if' directly instead of 'if DEFINED' to check if these
options are set or not.
Ref: NCSDK-7702
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
