update to 2.1.0 #105
Merged
update to 2.1.0 #105
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add an API in the EC module to compute a shared secret following the description available in SEC1 paragraph 3.3.1, leveraging the scalar / point multiplication primitives Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: Ib45cf8a23ae37c792870fd6f71f18b20d0c2e9b4
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I3302197995e467a6d3fa3e161fde72d68057f3df
Default attestation token profile should only be set if attestation token profile is not explicitly specified. This change aligns condition in profile header files with config_base.h. Signed-off-by: Bohdan Hunko <Bohdan.Hunko@infineon.com> Change-Id: I519672f93b5b2f76af1d850287549a706de13cb7
Changes nrfx_glue.h to use SPM_ASSERT instead of libc assert so message is written to log on assertion failure. Change-Id: Ided1e3ebec3b11b41d9c3ee3940e1000b81e2445 Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no>
Adds a cut-down startup file for BL1_2 and BL2 based on the BL1_1 version. It removes interrupt handlers, PSP and stack sealing, which are not required in bootloaders. Signed-off-by: Jamie Fox <jamie.fox@arm.com> Change-Id: I7b2e6998210c1c4d43bae3c0e41e663e37dbb06a
Workaround the LPCXpresso55s69 compilation error in fsl_common_arm.c after TFM upgrade to CMSISv6. Change-Id: I22470474f37bfb8dd68961254515df94e022f69d Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
Set the priority of thread mode execution to the highest priority that Non-Secure can boost(0x80). Clear BASEPRI to 0x00 before jumping to Non-Secure as BASEPRI_S impacts the thread mode execution of Non-Secure. A new build option named CONFIG_TFM_SECURE_THREAD_MASK_NS_INTERRUPT is added for this functionality. Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com> Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com> Change-Id: I61bfebb0309c1bd6b82a48c9f6d761ca6cf196b2
From CMSIS6, IARARM compiler only supports the `__NO_RETURN` macro before the function definition. Builds were failing if you compiled with IARARM toolchain. Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com> Change-Id: I0b89fcbb7b1ec94e886bb74c94ebb696ce90c988
Change-Id: I310c27a97dca165c0151b680fca0f7db19bcc338 Signed-off-by: JidongMei <Jidong.Mei@armchina.com>
When reconfiguring an APU region, previously set permissions or APU ids were not cleared out, leading to wrong configuration of permissions or APU ids. Resolve this issue by clearing out the permissions and APU ids before programming the new values. Also, if a region is locked, re-programming a region should not be allowed to avoid any exceptions raised by the NI-Tower. Add a check to disallow re-configuration when a region is locked. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: I9c1f9aa18e20b79f8acaa4d59fd264647ecc6e2e
When configuring PSAM or APU regions, the memory region entry could overlap with another region, which is already enabled in the PSAM or APU. Check if the base address and end address of the new entry overlaps with existing/enabled entry in the node. In case of APU, two foreground regions or two background region should'nt overlap. Whereas, a foreground region can overlap two background region. The APU priorities the foreground access permission in such case. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: I6eb69486b75c10cdf80f54740889cc64239f7210
Refactor 'component_node_type' and 'component_node_id' fields under
'ni_tower_psam_cfgs' and 'ni_tower_apu_cfgs' into a new dev_cfg
structure. This refactoring is necessary to allow device configurations
to be reusable during multiple configurations to a specific PSAM or an
APU.
Template to configure a region within a PSAM,
..
struct ni_tower_psam_dev_cfg PSAM_DEV_CFG = {
.component_node_type = NI_TOWER_ASNI,
.component_node_id = < asni_node_id >,
};
struct ni_tower_dev NI_TOWER_DEV = {
.periphbase = < ni_tower_base_address >,
.config_node_granularity = NI_TOWER_64KB_CONFIG_NODES
};
..
..
/* Array of regions within the PSAM */
static struct ni_tower_psam_reg_cfg_info psam_axis_0[] = {
{
< region_start_address >,
< region_end_address >,
< target_id >
}
};
/* Array of all PSAMs to be configured */
struct ni_tower_psam_cfgs psam_table[] = {
{
.dev_cfg = &PSAM_DEV_CFG,
.nh_region_count = 1,
.regions = psam_axis_0,
},
};
ni_tower_program_psam_table(&NI_TOWER_DEV, psam_table, 1);
Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com>
Change-Id: Ie7f3e503d816aff863048a8d6afc1db39f582416
Add functions to PSAM and APU to initialize new configuration to an unconfigured region. These functions find the region number of next available region by iterating over all the region configuration registers in the controller. If a region is not enabled, then add the configuration to that region. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: Iabc545db005efb762db16c9c023d6353f0b03d34
As a preparation to add more host specific memory map definitions, add 'host_css_memory_map.h' file and move existing definitions to it. In context of RSE, host includes all addresses in chip which is not directly accessible by RSE. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: Id113e8d46d5a710aa655a290a9dec3e200c1747d
System Control NI-Tower is the interconnect between the AXI interfaces of RSE, SCP/MCP and the CMN interconnect. Add interface IDs for every xSNI and xMNI interfaces connected to this system control NI-Tower. The interface ID is pre-configured by the platform hardware configurations. These IDs are required to fetch offset address for register bases of NI-Tower components and subfeatures. Also, the target IDs can be used while configuring PSAMs within the NI-Tower. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: I47a21a7e82b453a11c2785754b7ada81476d7eaa
System Control NI-Tower is the interconnect between the AXI interfaces of RSE, SCP/MCP and the CMN interconnect. This NI-Tower has programmable address maps (PSAM) and Access Protection Units (APU) which can be configured during boot time. It uses these to map system addresses to interconnect targets for routing purposes as well as to specify access permissions to configured regions. RSE is required to configure the system control NI-Tower before making any accesses to SCP/MCP or AP address space. Add PSAM region mappings for the rse_main_axis requester interface of the System Control NI-Tower instance under Always-On (AON) power domain. The physical address coming out of RSE ATU will be mapped to the target interface based on this PSAM region mappings. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: I15447ea5e33e8b7fc46bb21841b835d7eb0f1663
Add PSAM region mappings for the scp_axis requester interface of the System Control NI-Tower instance. The physical address coming out of SCP ATU will be mapped to the target interface based on this PSAM region mappings. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: I92f1c870a8288141e27d75cceeb8d56f7c9f09f4
Add PSAM region mappings for the mcp_axis requester interface of the System Control NI-Tower instance. The physical address coming out of MCP ATU will be mapped to the target interface based on this PSAM region mappings. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: Ifddb03640d9e232c079a957125907e71ad751091
As a preparation to add use Cluster Utility and LCP memory map definitions, add 'host_clus_util_lcp__memory_map.h' file. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: I7cec3c00ec9eb667de89a70a19976ff8092be74a
Add PSAM address map to map access from RSE and SCP targeting LCP address space. All access from RSE and SCP that target to LCP is routed via a NIC400 outside of System Control NI-Tower and sent to the 'rse_scp_axis' on the NI-Tower. This is necessitated because address filtering on transactions based on the LCP memory map is required in the NI-Tower, but the target 'lcp_axim' interface APU can only do address filtering for upto 8 LCPs. Hence, for every transaction targeting the LCP, the upper address bits are propagated via AXI USER bits rather than on the AXI address signals and the address filtering is applied based on the lower address bits. With this, NI-Tower has to handle only on a 'single' LCP in the system, regardless of the number of LCPs in the system or regardless of the chip address offset. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: Ib203ea14e5f96e6810dd5dae29f00aec808a533c
Each NI-Tower APU has registers for configuring the address regions it protects along with entity access permission. MCP AXIS APU is the requester side filter that is present at the output of the MCP ATU. Add APU regions for mcp_axis interface to check the permissions targeting the Generic refclk in SCP and the shared RSM SRAM. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: Iaac605e153e1aeeda6d39641d0e6887c6eddc911
RSM AXIM APU is the completer side filter that is present in front of the RSM SRAM (Shared SRAM between RSE/SCP/MCP). Add APU regions for rsm_axim interface to check the permissions targeting the RSM SRAM. Currently, all permissions are allowed. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: I4cfa9b83e8cda91818eb8933db8f2666dd86b966
RSM APBM APU is the completer side filter that is present in front of the ECC record register block for Shared RAM between RSE, SCP and MCP (RSM). Add APU regions for rsm_apbm interface to check the permissions targeting the ECC record register block for Shared RAM between RSE, SCP and MCP. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: I7267cf5a9a9f26585f56501dc9c836f53b476db0
RSE SCP AXIM APU is the completer side filter that is present in front of the SCP. Add APU regions for rse_scp_axis interface to check the permissions for the transactions coming from RSE and targeting the SCP. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: I5c9e110c877c57a9bd2783f1708004407c1dc1af
RSE MCP AXIM APU is the completer side filter that is present in front of the MCP. Add APU regions for rse_mcp_axis interface to check the permissions for the transactions coming from RSE and targeting the MCP. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: I5a0fc6f5929945c5b0d2d41d11e0547553ad829e
NI-Tower has programmable address maps (PSAM) and Access Protection Units (APU) which can be configured during boot time. It uses these to map system addresses to interconnect targets for routing purposes as well as to specify access permissions to configured regions. Configure PSAMs and APUs under Always-On (AON) power domain within the System Control NI-Tower instance. RSE is required to configure the system control NI-Tower before making any accesses to SCP/MCP or AP address space. In addition to this, enable the build of NI-Tower driver and the corresponding platform configuration data for the system control NI-Tower instance by setting the PLATFORM_HAS_NI_TOWER flag. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Change-Id: Ifdbd53fc37fc23b03f3c372a948bd0311e55ebc1
The shared memory for storing measureboot data is not large enough to store the data for all images in RD-Fremont. To ensure there is sufficient space, expand the shared data region. Signed-off-by: Joel Goddard <joel.goddard@arm.com> Change-Id: I2ae50a45756cdf476b84cb69d146754fc53471ad
Configure MCUBoot to load SCP firmware image in RD-Fremont: * Update flash layout and flash map with SCP image details * Load SCP code directly to the start of the SCP ITCM. To do this the ATU is used to map the MCUBoot image header to a different physical area of memory while maintaining a contiguous logical addresses. Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com> Signed-off-by: Shriram K <shriram.k@arm.com> Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com> Signed-off-by: Joel Goddard <joel.goddard@arm.com> Change-Id: I0ac54c1c5773bd3c93fbe9718219402a2547d289
Configure MCUBoot to load MCP firmware image in RD-Fremont:
* Update flash layout and flash map with MCP image details
* Load MCP code directly to the start of the MCP ITCM. To do this the
ATU is used to map the MCUBoot image header to a different physical
area of memory while maintaining a contiguous logical addresses.
Signed-off-by: Arnold Gabriel Benedict <arnoldgabriel.benedict@arm.com>
Signed-off-by: Shriram K <shriram.k@arm.com>
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Signed-off-by: Joel Goddard <joel.goddard@arm.com>
Change-Id: Id45ec2a4e0c554a69338882873c2e204b42a779b
Add MSCP driver which contains drivers for configuring registers in SCP or MCP address space. At present add support to release CPU from halt. Signed-off-by: Joel Goddard <joel.goddard@arm.com> Change-Id: Iaba10e11eb9e4a504e6852cbb0207be913872120
…ver." This reverts commit 0b898c9. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This reverts commit 97e8b1c. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
…3.1" This reverts commit d94b1d8. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This reverts commit 225dab4. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This reverts commit e99f0c8. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This reverts commit 52adfa1. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This reverts commit a7edb69. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This reverts commit 4ab34cf. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This forces DWARF version 4 output so that zephyr debugging and usage still works with the pyelftools library which does not currently support v5. Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> (cherry picked from commit 231235f) Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no> Change-Id: I4b1fe5a2151aca5d04acca570f229bb9f0b7cdea (cherry picked from commit 4ab34cf) Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Avoids including `t_cose` and `qcbor` in the build unless the initial attestation secure partition is enabled via the `TFM_PARTITION_INITIAL_ATTESTATION` flag. This is required to avoid automatically downloading QCBOR at build time -- pulled in as a dependency of t_cose -- unless required. This commit should be reverted once an acceptable upstream solution has been found for this situation, and merged there. Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org> (cherry picked from commit 05bc9f0) Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no> (cherry picked from commit a7edb69) Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Add zephyr module file to to include CMakeLists.txt and Kconfig located in the zephyr repository. Originally included in: 69dc29a but this will change the root folder of the module. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: David Brown <david.brown@linaro.org> (cherry picked from commit 2bc3041) Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no> (cherry picked from commit 52adfa1) Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
tomi-font
force-pushed
the
update_to_2.1.0
branch
from
31f9f88 to
07c3f07
Compare
Save the lpcxpresso55s69 platform SDK files that get downloaded when building TF-M. The version used is defined by the CMake variable NXP_SDK_GIT_TAG found in platform/ext/target/nxp/lpcxpresso55s69/config.cmake. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This reverts commit 7de505f. This needs to be reverted for boards based on Nordic chips that aren't one of the DKs; all the boards make use of their partition folder, so it cannot live only inside the chip's DK directory. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
If NRF_SECURE_UART_INSTANCE is not defined (which it is only in NCS), bring back the default behavior of assigning Driver_USART1 to TFM_DRIVER_STDIO. This fixes the issue of undefined references to Driver_USART0 in non-NCS environments that was introduced by commit 2ed1f3f/ Change-Id Iffdce1df87fd603cf76f435028896c12f1d2c276. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
…S==1 Fixes a build issue for USART driver when building the NS side Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: Ieab76ce9b3961f2f06ae8abd719c8eacfd067528 (cherry picked from commit 94833c5) Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
tomi-font
force-pushed
the
update_to_2.1.0
branch
3 times, most recently
from
b3ba2ae to
fed2966
Compare
ithinuel
approved these changes
May 17, 2024
tomi-font
force-pushed
the
update_to_2.1.0
branch
from
8fdbaa4 to
fec12c2
Compare
…RSION Fix a typo. Change-Id: Iccfe6dd0bc0c344eb4fdc8e6c780cdb35433b5b8 Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no> (cherry picked from commit f38236c) Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Introduce the CMake variable TFM_TESTS_REVISION_CHECKS to allow not performing the revision checks in the tf-m-tests repo. This is needed for TF-M forks where the upstream tags are not found, which makes the build fail. Change-Id: I10371841925f9fb811f0d47a2e0dc2c9e8e7cfac Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no> (cherry picked from commit 17e9e9c) Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Fix "unused variable" compilation warning. Change-Id: I460c4d612184ea57e47ee8da050495435c21912d Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no> (cherry picked from commit ca9be3b) Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
tomi-font
force-pushed
the
update_to_2.1.0
branch
from
fec12c2 to
222d12f
Compare
Turns out it's called by the BL2 in Zephyr's TF-M PSA arch tests. This undoes commit 99f05ce. Change-Id: Ic3c1549c46ca53c7c7ab680a6fe2ab3811cca692 Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no> (cherry picked from commit 55a6684) Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.