Setup secure storage memory for data storage inside TFM

Hi, any one please guide us through the setup please.

I see they have an example psa_protected_storage. If I set any partition size to 1KB the example does not work, it just goes into  arch_system_halt().

How can I modify the partition size?

Hi,

You seem to have found an example that provides what you are looking for:

Jithin A said:

example psa_protected_storage.

What exactly did you add here?

Jithin A said:

If I set any partition size to 1KB the example does not work, it just goes into  arch_system_halt().

And what is the assert output? 

I suspect that the data that you added is stacked memory. If yes, then try to adjust your CONFIG_MAIN_STACK_SIZE.

If you want to store larger than 2k objects, you should adjust the CONFIG_TFM_PS_MAX_ASSET_SIZE. This can max. be 4020 due to overhead, and aligning to a flash page.

Kind regards,

Håkon

Hi  Håkon Alseth,

Thank you for the response, please see below comments.

Håkon Alseth said:

What exactly did you add here?

--> Nothing, plain example as is.

Håkon Alseth said:

And what is the assert output?

--> Reason holds 2

Håkon Alseth said:

I suspect that the data that you added is stacked memory. If yes, then try to adjust your CONFIG_MAIN_STACK_SIZE.

--> I don't think so, the data is a string with only 20-30 chars defined global which I believe is not stacked.

I just adjusted the partition size to be 1000 instead and nothing else changed.

Håkon Alseth said:

If you want to store larger than 2k objects, you should adjust the CONFIG_TFM_PS_MAX_ASSET_SIZE. This can max. be 4020 due to overhead, and aligning to a flash page.

--> Yet the same result. For reference I have attached the logs screenshot.

You can see it's not able execute the application.

Please let me know if my setup is wrong or missing something.

Thank you.

Hi,

Jithin A said:

I just adjusted the partition size to be 1000 instead and nothing else changed.

Can you share your changes?

Kind regards,

Håkon

Hi,

Jithin A said:

I just adjusted the partition size to be 1000 instead and nothing else changed.

Can you share your changes?

Kind regards,

Håkon

Hi, 

PFA for the file you requested.

I have added a macro: SIZE_OF_TEST_STRING_1 in which I am modifying the partition size when setting.

Please correct me if my understanding is wrong.

Thank you.

psa_protected_storage.zip

Hi,

By changing the sizeof, it does not make the string any larger. You are effectively reading outside of the pointer. This also uses stack memory, as it declares a char array of size 1000, so you will need to adjust the main stack size, as previously mentioned.

I would recommend that you instead declare a static/global array of your wanted size and store that.

Kind regards,

Håkon

Thank you for the quick response, let me try and get back to you shortly.

I tried the way you suggested and now I am getting PSA_ERROR_GENERIC_ERROR (-132) when writing. 

Also, I have set CONFIG_TFM_PS_MAX_ASSET_SIZE to 4020

Hi,

You need to expand the partition in order to write larger asset sizes, and you also need to set a different TFM profile.

This is the configuration I am using now:

CONFIG_BUILD_WITH_TFM=y
#CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
CONFIG_TFM_PROFILE_TYPE_MEDIUM=y
CONFIG_TFM_PS_MAX_ASSET_SIZE=4000
CONFIG_MAIN_STACK_SIZE=4096

And here is a larger pm_static.yml (store as pm_static.yml this in your project and delete build folder and regenerate the project):

app:
  address: 0x40000
  end_address: 0xf4000
  region: flash_primary
  size: 0xb4000
otp:
  address: 0xff8100
  end_address: 0xff83fc
  region: otp
  size: 0x2fc
rpmsg_nrf53_sram:
  address: 0x20070000
  end_address: 0x20080000
  placement:
    before:
    - end
  region: sram_primary
  size: 0x10000
sram_nonsecure:
  address: 0x20030000
  end_address: 0x20080000
  orig_span: &id001
  - sram_primary
  - rpmsg_nrf53_sram
  region: sram_primary
  size: 0x50000
  span: *id001
sram_primary:
  address: 0x20030000
  end_address: 0x20070000
  region: sram_primary
  size: 0x40000
sram_secure:
  address: 0x20000000
  end_address: 0x20030000
  orig_span: &id002
  - tfm_sram
  region: sram_primary
  size: 0x30000
  span: *id002
tfm:
  address: 0x0
  end_address: 0x40000
  placement:
    before:
    - app
  region: flash_primary
  size: 0x40000
tfm_its:
  address: 0xf4000
  end_address: 0xf6000
  inside:
  - tfm_storage
  placement:
    align:
      start: 0x4000
    before:
    - tfm_otp_nv_counters
  region: flash_primary
  size: 0x2000
tfm_nonsecure:
  address: 0x40000
  end_address: 0xf4000
  orig_span: &id003
  - app
  region: flash_primary
  size: 0xb4000
  span: *id003
tfm_otp_nv_counters:
  address: 0xf6000
  end_address: 0xf8000
  inside:
  - tfm_storage
  placement:
    align:
      start: 0x4000
    before:
    - tfm_ps
  region: flash_primary
  size: 0x2000
tfm_ps:
  address: 0xf8000
  end_address: 0x100000
  inside:
  - tfm_storage
  placement:
    align:
      start: 0x4000
    before:
    - end
  region: flash_primary
  size: 0x8000
tfm_secure:
  address: 0x0
  end_address: 0x40000
  orig_span: &id004
  - tfm
  region: flash_primary
  size: 0x40000
  span: *id004
tfm_sram:
  address: 0x20000000
  end_address: 0x20030000
  inside:
  - sram_secure
  placement:
    after:
    - start
  region: sram_primary
  size: 0x30000
tfm_storage:
  address: 0xf4000
  end_address: 0x100000
  orig_span: &id005
  - tfm_ps
  - tfm_its
  - tfm_otp_nv_counters
  region: flash_primary
  size: 0xc000
  span: *id005

Kind regards,

Håkon