When ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS is enabled, if FPU is
being used (CONTROL.FPCA == 1), store all FP registers before
entering the secure function, and restore them afterwards.
This is needed if any NS thread or ISR that interrupts the secure
function uses FP registers. If they do, a secure UsageFault occurs
unless this change is applied.
This allows k_sched_lock() and k_sched_unlock() to be dropped when
ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS is enabled.
Enable ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS by default when
building TF-M.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Add new kconfigs
Include the ns-app built by TF-M build system for regression tests
Update tfm_ipc sample to use new kconfig
Signed-off-by: Andreas Vibeto <andreas.vibeto@nordicsemi.no>
Add necessary libs and files to the build
Add support for new kconfigs
Add Zephyr-only implementations of tfm_log and tfm_ns_interface.
Add zephyr_tfm_psa_test.c for easily running PSA tests.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Do not allow the TFM_ISOLATION_LEVEL to be non-hidden option,
if the TFM_IPC (PSA_API) option is not set, since, in that case,
only Isolation Level 1 is supported.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add the nanopb library and generator tools as a module.
Nanopb is a small code-size Protocol Buffers implementation in ansi C.
It is especially suitable for use in microcontrollers,
but fits any memory restricted system.
Nanopb home: https://jpa.kapsi.fi/nanopb/
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
We add a Kconfig choice for the TF-M profile, in
TF-M's Kconfig file. The reason for that is to be
able to easily enable additional configurations,
depending on the profile type being selected. We
also enhance the documentation of TFM_PROFILE,
stressing that there is now also profile_large
available as an option. TFM_PROFILE is now made
hidden, forcing the users to select one of the
available choice symbols. IF the TFM_PROFILE is
set to something other than "none", then certain
options shall be made hidden, namely, IPC and
isolation level, as they are determined by the
profile setting.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add a dependency on IPC for the Audit Log secure service,
since the service is not compliant with the IPC model.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update revision of hal_nordic which introduces new radio driver
integration scheme.
The glue cmake has been updated to use the new integration scheme
for the nrf-802154 component.
Added config option to exclude radio driver in hal_nordic from the
build process. This allows the radio driver to be supplied from
other sources.
Signed-off-by: Rafał Kuźnia <rafal.kuznia@nordicsemi.no>
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
The default value is not needed because there is only one choice.
This allows the default choice to be set in a different module.
Signed-off-by: Rafał Kuźnia <rafal.kuznia@nordicsemi.no>
When compiling TF-M with profile_medium, disable the support
for Audit Log due to an upstream bug.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Prevent a thread from being preempted, while executing a Secure
function. This is required to prevent system crashes that could
occur if a thead context switch is triggered in the middle of a
Secure call.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
To allow using TFM NS interface without enabling
CMSIS_RTOS V2 support. And to allow using TFM NS
code that uses logging.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The TF-M NS interface needs to be initialized before
it is used. We add an initialization function that
calls tfm_ns_interface_init(), at boot time, so then
we can use TF-M interface calls (veneers).
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In ARM Non-Secure builds with TF-M it is not, generally,
possible to issue system reset requests from Non-Secure
domain. When the Platform SPM Partition is enabled, the
tfm_platform_system_reset(.) API can be used to request
system resets from TF-M. This commit overrides the weak
sys_arch_reboot() implementation in scb.c so Non-Secure
code is able to issue system resets.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Instruct CMake to include interface libraries when
building a Non-Secure ARM target with TF-M. In
particular, include the reboot.c source file, which
overrides the sys_arch_reboot implementation.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Rename lib.
Disable AUDIT_LOG in regression sample because of a bug upstream.
Update stm32l562e_dk_ns overlay.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
There was an inconsistency in the API as z_nrf_rtc_timer_chan_alloc
returned int but other function were using uint32_t for channel
argument. Updated api to use int32_t everywhere.
Update nrf_802154 driver which was using this api to use int32_t.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
This commit enables the TF-M IPC sample application on stm32l562e_dk
board.
It provides device tree flash partition as an overlay in order to
configure and flash the bl2, secure/non secure firmwares.
Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
This commit allows to append an optional --hex-addr argument to
the wrapper script if speficied. This can adjust the base address
of the output hex file when signing the non-secure or secure
firmware images.
Signed-off-by: Yestin Sun <sunyi0804@gmail.com>
Make sure that CONFIG_NET_TCP_ISN_RFC6528 is not set when compiling
Civetweb. There are compile issues in Civetweb if both mbedtls and
POSIX API option are set, and this happens if the TCP ISN option is
enabled.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The shim layer could in some circumstances not be properly
configured which would result in an unbound radio interrupt
handler.
Signed-off-by: Rafał Kuźnia <rafal.kuznia@nordicsemi.no>
This commit moves all hal_nordic radio driver code that is
strictly dependent on Zephyr into the Zephyr repository.
Signed-off-by: Rafał Kuźnia <rafal.kuznia@nordicsemi.no>
Introduce an option to instruct the build system
to flash the Non-Secure (Zephyr) firmware image
together with the TF-M (Secure) firmware image
as a single merged binary, instead of just flashing
the Non-Secure application.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Place the new signing code in the TFM module CMakeLists.txt.
Make some small tweaks and add a sentence to the docs.
In the process, make a few changes to the signing code:
- Change some names of files created.
- Minimize the number of files created.
- Use hex files instead of bin files. This is so we don't need to know
the offset when creating hex files from bin files.
Also add signing for MCUBOOT_IMAGE_NUMBER=1 based on the code from the
v2m_musca_b1 board, though, this board does not build with =1 now
because of (I assume) some flash aliasing which places the S and NS
images 0x10000000 apart, where the manual algorithm places them next to
each other. It builds with =2, though.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Add device tree nodes for QDEC peripheral instances
for nRF5340 Application core.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The choice allowed for using TFM's own default. We now need full
knowledge over whether BL2 is enabled or not (e.g. to do signing),
so remove this option and simplify to a bool.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
'IPC' and 'REGRESSION' are passed to the <option>
argument of cmake_parse_arguments, hence they are always defined,
and 'if (DEFINED)' would always return TRUE.
Use 'if' directly instead of 'if DEFINED' to check if these
options are set or not.
Ref: NCSDK-7702
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
This commit moves TFM CMakeLists.txt into Zephyr and relocates the
Kconfig.tfm file under the modules/tfm folder.
Updates the manifest to point to related TFM changes.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
This commit brings in several latest bugfixes for the hal_nordic repo.
It also removes a Kconfig entry that these changes yield deprecated.
Signed-off-by: Jedrzej Ciupis <jedrzej.ciupis@nordicsemi.no>
This commit changes serialized radio initialization
priority. This fixes race condition where serialization
backend would boot earlier than the radio driver itself.
Signed-off-by: Pawel Kwiek <pawel.kwiek@nordicsemi.no>
Mark the PPI/DPPI channels and groups used by the 802.15.4 driver
as occupied and thus unavailable for allocation through nrfx_ppi.
Signed-off-by: Adam Zelik <adam.zelik@nordicsemi.no>
nRF5340 PDK is removed so there is no reason to keep it
in the list of supported tf-m targets.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Adds a hidden config symbol HAS_MCUX_FLEXSPI selected by NXP SoCs when
the FlexSPI peripheral is present. It will be used as a dependency for a
new FlexSPI flash driver to prevent users from accidentally enabling the
driver on platforms that don't have the necessary hardware.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
Add Kconfig option for indicating that a given SoC contains the NXP
Kinetis Pulse Width Timer (PWT).
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
The introduction of Zephyr module glue code in the Zephyr repository
introduces a Kconfig variable in the form of:
`config ZEPHYR_<MODULE_NAME>_MODULE`.
All Kconfig variables go into `autoconf.h`, therefore it is necessary
to sanitize the Kconfig variable, so that it does not contain special
characters. To ensure consistent variable name, then the module name
will be sanitized in all variable use in both Kconfig and CMake.
The sanitization is done be replacing all special characters with an
underscore, `_`.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
This patch updates hal_nordic module revision to start using RPMsg
Service for serialization of 802.15.4. The serialization module is
implemented in the hal_nordic module.
Signed-off-by: Hubert Miś <hubert.mis@nordicsemi.no>
