Hi,
We are working on nrf5340 board with NS and TF-M setup and we have SDK v2.7.0
We need to have a flash partition to store the some secure data may be a size of 4KB inside the TF-M.
Please help us or direct us to any reference.
Hi,
We are working on nrf5340 board with NS and TF-M setup and we have SDK v2.7.0
We need to have a flash partition to store the some secure data may be a size of 4KB inside the TF-M.
Please help us or direct us to any reference.
Hi, any one please guide us through the setup please.
I see they have an example psa_protected_storage. If I set any partition size to 1KB the example does not work, it just goes into arch_system_halt().
How can I modify the partition size?
Hi,
You seem to have found an example that provides what you are looking for:
Jithin A said:example psa_protected_storage.
What exactly did you add here?
Jithin A said:If I set any partition size to 1KB the example does not work, it just goes into arch_system_halt().
And what is the assert output?
I suspect that the data that you added is stacked memory. If yes, then try to adjust your CONFIG_MAIN_STACK_SIZE.
If you want to store larger than 2k objects, you should adjust the CONFIG_TFM_PS_MAX_ASSET_SIZE. This can max. be 4020 due to overhead, and aligning to a flash page.
Kind regards,
Håkon
Hi,
PFA for the file you requested.
I have added a macro: SIZE_OF_TEST_STRING_1 in which I am modifying the partition size when setting.
Please correct me if my understanding is wrong.
Thank you.
Hi,
By changing the sizeof, it does not make the string any larger. You are effectively reading outside of the pointer. This also uses stack memory, as it declares a char array of size 1000, so you will need to adjust the main stack size, as previously mentioned.
I would recommend that you instead declare a static/global array of your wanted size and store that.
Kind regards,
Håkon
Thank you for the quick response, let me try and get back to you shortly.
I tried the way you suggested and now I am getting PSA_ERROR_GENERIC_ERROR (-132) when writing.
Also, I have set CONFIG_TFM_PS_MAX_ASSET_SIZE to 4020
Hi,
You need to expand the partition in order to write larger asset sizes, and you also need to set a different TFM profile.
This is the configuration I am using now:
CONFIG_BUILD_WITH_TFM=y #CONFIG_TFM_PROFILE_TYPE_NOT_SET=y CONFIG_TFM_PROFILE_TYPE_MEDIUM=y CONFIG_TFM_PS_MAX_ASSET_SIZE=4000 CONFIG_MAIN_STACK_SIZE=4096
And here is a larger pm_static.yml (store as pm_static.yml this in your project and delete build folder and regenerate the project):
app:
address: 0x40000
end_address: 0xf4000
region: flash_primary
size: 0xb4000
otp:
address: 0xff8100
end_address: 0xff83fc
region: otp
size: 0x2fc
rpmsg_nrf53_sram:
address: 0x20070000
end_address: 0x20080000
placement:
before:
- end
region: sram_primary
size: 0x10000
sram_nonsecure:
address: 0x20030000
end_address: 0x20080000
orig_span: &id001
- sram_primary
- rpmsg_nrf53_sram
region: sram_primary
size: 0x50000
span: *id001
sram_primary:
address: 0x20030000
end_address: 0x20070000
region: sram_primary
size: 0x40000
sram_secure:
address: 0x20000000
end_address: 0x20030000
orig_span: &id002
- tfm_sram
region: sram_primary
size: 0x30000
span: *id002
tfm:
address: 0x0
end_address: 0x40000
placement:
before:
- app
region: flash_primary
size: 0x40000
tfm_its:
address: 0xf4000
end_address: 0xf6000
inside:
- tfm_storage
placement:
align:
start: 0x4000
before:
- tfm_otp_nv_counters
region: flash_primary
size: 0x2000
tfm_nonsecure:
address: 0x40000
end_address: 0xf4000
orig_span: &id003
- app
region: flash_primary
size: 0xb4000
span: *id003
tfm_otp_nv_counters:
address: 0xf6000
end_address: 0xf8000
inside:
- tfm_storage
placement:
align:
start: 0x4000
before:
- tfm_ps
region: flash_primary
size: 0x2000
tfm_ps:
address: 0xf8000
end_address: 0x100000
inside:
- tfm_storage
placement:
align:
start: 0x4000
before:
- end
region: flash_primary
size: 0x8000
tfm_secure:
address: 0x0
end_address: 0x40000
orig_span: &id004
- tfm
region: flash_primary
size: 0x40000
span: *id004
tfm_sram:
address: 0x20000000
end_address: 0x20030000
inside:
- sram_secure
placement:
after:
- start
region: sram_primary
size: 0x30000
tfm_storage:
address: 0xf4000
end_address: 0x100000
orig_span: &id005
- tfm_ps
- tfm_its
- tfm_otp_nv_counters
region: flash_primary
size: 0xc000
span: *id005
Kind regards,
Håkon
Hi,
You need to expand the partition in order to write larger asset sizes, and you also need to set a different TFM profile.
This is the configuration I am using now:
CONFIG_BUILD_WITH_TFM=y #CONFIG_TFM_PROFILE_TYPE_NOT_SET=y CONFIG_TFM_PROFILE_TYPE_MEDIUM=y CONFIG_TFM_PS_MAX_ASSET_SIZE=4000 CONFIG_MAIN_STACK_SIZE=4096
And here is a larger pm_static.yml (store as pm_static.yml this in your project and delete build folder and regenerate the project):
app:
address: 0x40000
end_address: 0xf4000
region: flash_primary
size: 0xb4000
otp:
address: 0xff8100
end_address: 0xff83fc
region: otp
size: 0x2fc
rpmsg_nrf53_sram:
address: 0x20070000
end_address: 0x20080000
placement:
before:
- end
region: sram_primary
size: 0x10000
sram_nonsecure:
address: 0x20030000
end_address: 0x20080000
orig_span: &id001
- sram_primary
- rpmsg_nrf53_sram
region: sram_primary
size: 0x50000
span: *id001
sram_primary:
address: 0x20030000
end_address: 0x20070000
region: sram_primary
size: 0x40000
sram_secure:
address: 0x20000000
end_address: 0x20030000
orig_span: &id002
- tfm_sram
region: sram_primary
size: 0x30000
span: *id002
tfm:
address: 0x0
end_address: 0x40000
placement:
before:
- app
region: flash_primary
size: 0x40000
tfm_its:
address: 0xf4000
end_address: 0xf6000
inside:
- tfm_storage
placement:
align:
start: 0x4000
before:
- tfm_otp_nv_counters
region: flash_primary
size: 0x2000
tfm_nonsecure:
address: 0x40000
end_address: 0xf4000
orig_span: &id003
- app
region: flash_primary
size: 0xb4000
span: *id003
tfm_otp_nv_counters:
address: 0xf6000
end_address: 0xf8000
inside:
- tfm_storage
placement:
align:
start: 0x4000
before:
- tfm_ps
region: flash_primary
size: 0x2000
tfm_ps:
address: 0xf8000
end_address: 0x100000
inside:
- tfm_storage
placement:
align:
start: 0x4000
before:
- end
region: flash_primary
size: 0x8000
tfm_secure:
address: 0x0
end_address: 0x40000
orig_span: &id004
- tfm
region: flash_primary
size: 0x40000
span: *id004
tfm_sram:
address: 0x20000000
end_address: 0x20030000
inside:
- sram_secure
placement:
after:
- start
region: sram_primary
size: 0x30000
tfm_storage:
address: 0xf4000
end_address: 0x100000
orig_span: &id005
- tfm_ps
- tfm_its
- tfm_otp_nv_counters
region: flash_primary
size: 0xc000
span: *id005
Kind regards,
Håkon
Hi Håkon,
Thank you for the response.
The above suggestion did not work for me, I am seeing the same -132 error when I run the code.
I removed build directory and rebuilt the project, yet the same result.
I can confirm the partitions.yml in build/zephyr/partition.yml updated your setup.
Hi,
Sorry about this, I forgot to erase the partitions when testing, so it had the layout of a former flashed firmware.
This was my working configuration. I see that there is a problem with the PS partition size, which is for some reason set to 0x4000, while the partition size is actually 0x8000, so I set it explicitly:
CONFIG_BUILD_WITH_TFM=y # CONFIG_TFM_PROFILE_TYPE_NOT_SET=y # CONFIG_TFM_PROFILE_TYPE_MEDIUM=y CONFIG_TFM_PROFILE_TYPE_SMALL=y CONFIG_TFM_PS_MAX_ASSET_SIZE=3800 CONFIG_MAIN_STACK_SIZE=4096 CONFIG_PM_PARTITION_SIZE_TFM_PROTECTED_STORAGE=0x8000
Kind regards,
Håkon
Hi Håkon
Thank you that worked for me.
One last question, I found this TF-M profile table and I see TFM PROTECTED STORAGE is set to OFF in the SMALL profile. If so, how is it working on our setup.
If I set to any other profile except SMALL, I get -132 error and why is so?
Hi,
My deepest apologies for sharing incorrect information.
Note that we recommend to either use minimal or full TFM profile, as shown here:
https://docs.nordicsemi.com/bundle/ncs-2.7.0/page/nrf/security/tfm.html#minimal_build
If you have CONFIG_TFM_PROFILE_TYPE_NOT_SET that implies a "full" implementation, and you need to adjust this configuration:
# Adjust even higher if storing larger files CONFIG_TFM_CRYPTO_IOVEC_BUFFER_SIZE=6400
Jithin A said:I found this TF-M profile table and I see TFM PROTECTED STORAGE is set to OFF in the SMALL profile.
I think there's an issue with how kconfig shows the tfm subsys vs. what is actually set in the cmake files to the TFM build. I see that the configuration is greyed out, but it does indeed pass this to the tfm image:
build/$IMAGE_NAME/tfm/CMakeCache.txt:TFM_PARTITION_PROTECTED_STORAGE:BOOL=ON
Sorry for all the back-and-forth in this matter.
Kind regards,
Håkon
Hi,
Thank you for letting me know, will test above and let you know.