Static Partition Alignment

Hello,

I assume you only intend to write some data to the device during production, and this data will not change during the lifetime of the product. In that case you can check out the OTP memory in the UICR (fyi: the OTP can be programmed several times during prototype development through the SWD interface, but it's not programmable several times internally from the MCU, which is why I guess they call it OTP). Anyways, you can find a discussion here that may be useful. From the dicussion it seems like it's only if you enable CONFIG_SECURE_BOOT (NSIB) that you can't use the OTP memory region to store your own data:
https://devzone.nordicsemi.com/f/nordic-q-a/100971/which-registers-in-the-uicr-of-the-nrf5340-are-reserved-for-user-access 

There is also some description in the nRF5340 PS if you search for 'OTP'.

Kenneth

Thanks for your reply.

Before we moved over to zephyr we used the custom data section of the UICR on our old nRF52 board to store this information, however, we thought we couldn't use UICR with TF-M in zephyr.

I've just searched through our firmware and found CONFIG_SECURE_BOOT is set to 1 in the multiprotocol_rpmsg networ core image, but not in our application. Would this prevent us from using OTP memory in the UICR?

Thanks for your reply.

Before we moved over to zephyr we used the custom data section of the UICR on our old nRF52 board to store this information, however, we thought we couldn't use UICR with TF-M in zephyr.

I've just searched through our firmware and found CONFIG_SECURE_BOOT is set to 1 in the multiprotocol_rpmsg networ core image, but not in our application. Would this prevent us from using OTP memory in the UICR?

Then it shouldnt' be a problem to use UICR for the application as you see fit no. The other case you refer to is for the nRF9160 and does not apply here.

Kenneth

If you look further down the post, the nordic employee suggests this is an issue for the nRF5340 too.

"Unfortunately, this is not yet implemented on our side.

One can add ranges by appending this array: https://github.com/nrfconnect/sdk-trusted-firmware-m/blob/v1.6.0-ncs3/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/services/include/tfm_read_ranges.h#L25

Similarly for nrf5340, https://github.com/nrfconnect/sdk-trusted-firmware-m/blob/v1.6.0-ncs3/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/services/include/tfm_read_ranges.h"

I've tried adding some code to read directly from the OTP area of the UICR and using  "tfm_platform_mem_read" to read from the secure area but these both failed.

Do I first need to add the UICR range into the nRF5340 tfm-read ranges?

Thanks,

That was a bummer, I will transfer the case to someone that can suggest how to do this using partion then.

Kenneth

Hello,

Yes, the UICR ranges you want to access from the app need to be added to the tfm-read ranges. Below is an example patch I made for the tfm_read_ranges.h header located in /v2.7.0/nrf/modules/trusted-firmware-m/tfm_boards/services/include:

diff --git a/modules/trusted-firmware-m/tfm_boards/services/include/tfm_read_ranges.h b/modules/trusted-firmware-m/tfm_boards/services/include/tfm_read_ranges.h
index a11c412a3..a393c1b73 100644
--- a/modules/trusted-firmware-m/tfm_boards/services/include/tfm_read_ranges.h
+++ b/modules/trusted-firmware-m/tfm_boards/services/include/tfm_read_ranges.h
@@ -39,6 +39,11 @@
 #define FICR_RESTRICTED_ADDR (FICR_BASE + 0x130)
 #define FICR_RESTRICTED_SIZE 0x8
 
+#ifdef NRF_UICR_S_BASE
+#define UICR_CUSTOMER_DATA_ADDR     ((uint32_t) &NRF_UICR_S->OTP[0])
+#define UICR_CUSTOMER_DATA_SIZE 	(sizeof(uint32_t))
+#endif
+
 #if defined(FICR_SIPINFO_PARTNO_PARTNO_Pos)
 #define FICR_SIPINFO_ADDR (FICR_BASE + offsetof(NRF_FICR_Type, SIPINFO))
 #define FICR_SIPINFO_SIZE (sizeof(FICR_SIPINFO_Type))
@@ -74,6 +79,11 @@ static const struct tfm_read_service_range ranges[] = {
 #if defined(NRF_APPLICATION_CPUC_S)
 	{.start = CPUC_CPUID_ADDR, .size = CPUC_CPUID_SIZE},
 #endif
+#if defined(UICR_CUSTOMER_DATA_ADDR)
+	{ .start  = UICR_CUSTOMER_DATA_ADDR, .size = UICR_CUSTOMER_DATA_SIZE }, 
+#endif 
 };
 
+
+
 #endif /* TFM_READ_RANGES_H__ */

And here is the test code I used to verify that it worked:

#include <soc_secure.h>

int main(void)
{
	int err;
	uint32_t read_buffer;

	printf("Hello World! %s\n", CONFIG_BOARD_TARGET);

	err = soc_secure_mem_read(&read_buffer, (void *)&NRF_UICR_S->OTP[0], sizeof(uint32_t));
	if (err) {
		printf("soc_secure_mem_read() failed. (err %d)\n", err);
	} else {
		printf("NRF_UICR_S->OTP[0] : 0x%x\n", read_buffer);
	}

	return 0;
}

Writing the OTP register with nrfjprog:

$ nrfjprog --memwr 0xff8100  --val 0x12345

Since the OTP region may be used to store secrets, TF-M does not expose this memory region by default. 

Best regards,

Vidar

Hi Vidar, 

Thanks for your reply.

Apologies I should have mentioned I'm using nRF connect sdk v2.2.0.The tfm_read_ranges.h file is in a different directory but seems to work the same with the changes applied.
I found the file in "NRF_SDK\2.2.0\nrf\include\tfm\tfm_read_ranges.h"

I think the function to read from the secure flash are different in this SDK version too, I used "secure_read_word" instead.

Thanks,