michaelh/zephyr
1
0
Fork 0
Code Releases Activity
zephyr/samples/tfm_integration/tfm_secure_partition
History
Tomi Fontanilles 8cd04a50e8 samples: tfm_secure_partition: fix build of the ARoT 
With the update of MbedTLS to 3.6.0 the configuration files
(mbedtls/mbedtls_config.h, psa/crypto_config.h)
are not found anymore by default.

Make the ARoT's CMake target inherit from psa_crypto_config;
it defines what is needed to find the MbedTLS
configuration files.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
2024-05-02 09:42:34 -07:00
..
dummy_partition samples: tfm_secure_partition: fix build of the ARoT 2024-05-02 09:42:34 -07:00
src tfm: nordic_nrf: Remove include of tfm_api.h, update install path 2024-01-17 16:52:52 +01:00
CMakeLists.txt tf-m: Change NS include path for TF-M 2.0.0 2024-01-17 16:52:52 +01:00
prj.conf samples: tfm_secure_partition: Update sample for TF-M 1.7.0 2023-01-27 14:25:30 -05:00
README.rst samples: tfm: wrap lines at 100 characters. 2023-10-03 17:38:36 +02:00
sample.yaml samples: tfm_integration: lpc55s69: enable tfm samples 2024-03-15 10:33:46 -05:00

README.rst 

.. _tfm_secure_partition:

TF-M Secure Partition Sample
############################

Overview
********

A Secure Partition is an isolated module that resides in TF-M. It exposes a number of functions or
"secure services" to other partitions and/or to the non-secure firmware. TF-M already contains
standard partitions such as crypto, protected_storage, or firmware_update, but it's also possible to
create your own partitions.

This sample creates a dummy secure partition and secure service for TF-M and instructs the TF-M
build system to build it into the secure firmware. The dummy secure service is then called in the
main file (in the non-secure firmware).

This dummy partition has a single secure service, which can index one of 5 dummy secrets inside the
partition, and retrieve a hash of the secret.

The partition is located in the ``dummy_partition`` directory. It contains the partition sources,
build files and build configuration files. The partition is built by the TF-M build system, refer to
:ref:`tfm_build_system` for more details.

For more information on how to add custom secure partitions refer to TF-M's guide:
https://tf-m-user-guide.trustedfirmware.org/integration_guide/services/tfm_secure_partition_addition.html

When adapting this partition for your own purposes, please change all occurrences of
"dummy_partition", "DUMMY_PARTITION", "dp", and "DP" to your own partition name. Also, look through
both the secure and non-secure CMakeLists.txt file and make relevant changes, as well as the yaml
files inside "partition".

Building and Running
********************

This sample can be built with or without CONFIG_TFM_IPC, since it contains code for both.

On Target
=========

Refer to :ref:`tfm_ipc` for detailed instructions.

On QEMU
=======

Refer to :ref:`tfm_ipc` for detailed instructions.

Sample Output
=============

   .. code-block:: console

      *** Booting Zephyr OS build zephyr-v3.0.0-3061-g9bb87f4d46e9  ***
      Digest: be45cb2605bf36bebde684841a28f0fd43c69850a3dce5fedba69928ee3a8991
      Digest: 1452c8f04245d355722fdbfb03c69bcfd380b7dff911a3e425013397251f6a4e
      Digest: d3b4349010abb691b9584b6fd6b41ec54596ef7b98d853fb4f5bfa690f50f222
      Digest: 5afbcfede855ca834ff5b4e8a44a32206a51381f3cf52f5001a3241f017ac41a
      Digest: 983318380c325099da63de2e7ca57c1630693b28b4754e08817533295dbfcfbb
      No valid secret for key, received expected error code