• State Not Answered
  • Replies 14 replies
  • Subscribers 75 subscribers
  • Views 1016 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 333378
Options

Setup secure storage memory for data storage inside TFM

Jithin A

Hi,

We are working on nrf5340 board with NS and TF-M setup and we have SDK v2.7.0

We need to have a flash partition to store the some secure data may be a size of 4KB inside the TF-M.

Please help us or direct us to any reference.

Parents
  • 0

    Hi, any one please guide us through the setup please.

    I see they have an example psa_protected_storage. If I set any partition size to 1KB the example does not work, it just goes into  arch_system_halt().

    How can I modify the partition size?

  • 0 in reply to Jithin A

    Hi,

     

    You seem to have found an example that provides what you are looking for:

    Jithin A said:
    example psa_protected_storage.

    What exactly did you add here?

    Jithin A said:
    If I set any partition size to 1KB the example does not work, it just goes into  arch_system_halt().

    And what is the assert output? 

    I suspect that the data that you added is stacked memory. If yes, then try to adjust your CONFIG_MAIN_STACK_SIZE.

     

    If you want to store larger than 2k objects, you should adjust the CONFIG_TFM_PS_MAX_ASSET_SIZE. This can max. be 4020 due to overhead, and aligning to a flash page.

     

    Kind regards,

    Håkon

  • 0 in reply to Håkon Alseth

    Hi Håkon,

    Thank you for the response.

    The above suggestion did not work for me, I am seeing the same -132 error when I run the code.

    I removed build directory and rebuilt the project, yet the same result.

    I can confirm the partitions.yml in build/zephyr/partition.yml updated your setup.

  • 0 in reply to Jithin A

    Hi,

     

    Sorry about this, I forgot to erase the partitions when testing, so it had the layout of a former flashed firmware.

    This was my working configuration. I see that there is a problem with the PS partition size, which is for some reason set to 0x4000, while the partition size is actually 0x8000, so I set it explicitly:

    CONFIG_BUILD_WITH_TFM=y
# CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
# CONFIG_TFM_PROFILE_TYPE_MEDIUM=y
CONFIG_TFM_PROFILE_TYPE_SMALL=y
CONFIG_TFM_PS_MAX_ASSET_SIZE=3800
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_PM_PARTITION_SIZE_TFM_PROTECTED_STORAGE=0x8000

     

    Kind regards,

    Håkon

  • 0 in reply to Håkon Alseth

    Hi Håkon

    Thank you that worked for me.

    One last question, I found this TF-M profile table and I see TFM PROTECTED STORAGE is set to OFF in the SMALL profile. If so, how is it working on our setup.

    If I set to any other profile except SMALL, I get -132 error and why is so?

  • 0 in reply to Jithin A

    Hi,

     

    My deepest apologies for sharing incorrect information.

    Note that we recommend to either use minimal or full TFM profile, as shown here:

    https://docs.nordicsemi.com/bundle/ncs-2.7.0/page/nrf/security/tfm.html#minimal_build

      

    If you have CONFIG_TFM_PROFILE_TYPE_NOT_SET that implies a "full" implementation, and you need to adjust this configuration:

    # Adjust even higher if storing larger files
CONFIG_TFM_CRYPTO_IOVEC_BUFFER_SIZE=6400

    Jithin A said:
    I found this TF-M profile table and I see TFM PROTECTED STORAGE is set to OFF in the SMALL profile.

    I think there's an issue with how kconfig shows the tfm subsys vs. what is actually set in the cmake files to the TFM build. I see that the configuration is greyed out, but it does indeed pass this to the tfm image:

    build/$IMAGE_NAME/tfm/CMakeCache.txt:TFM_PARTITION_PROTECTED_STORAGE:BOOL=ON

     

    Sorry for all the back-and-forth in this matter.

     

    Kind regards,

    Håkon

  • 0 in reply to Håkon Alseth

    Hi,

    Thank you for letting me know, will test above and let you know.

Reply Children
No Data
Related
Terms of service