Setup secure storage memory for data storage inside TFM

Hi,

Sorry about this, I forgot to erase the partitions when testing, so it had the layout of a former flashed firmware.

This was my working configuration. I see that there is a problem with the PS partition size, which is for some reason set to 0x4000, while the partition size is actually 0x8000, so I set it explicitly:

CONFIG_BUILD_WITH_TFM=y
# CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
# CONFIG_TFM_PROFILE_TYPE_MEDIUM=y
CONFIG_TFM_PROFILE_TYPE_SMALL=y
CONFIG_TFM_PS_MAX_ASSET_SIZE=3800
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_PM_PARTITION_SIZE_TFM_PROTECTED_STORAGE=0x8000

Kind regards,

Håkon

Hi Håkon

Thank you that worked for me.

One last question, I found this TF-M profile table and I see TFM PROTECTED STORAGE is set to OFF in the SMALL profile. If so, how is it working on our setup.

If I set to any other profile except SMALL, I get -132 error and why is so?

Hi,

My deepest apologies for sharing incorrect information.

Note that we recommend to either use minimal or full TFM profile, as shown here:

https://docs.nordicsemi.com/bundle/ncs-2.7.0/page/nrf/security/tfm.html#minimal_build

If you have CONFIG_TFM_PROFILE_TYPE_NOT_SET that implies a "full" implementation, and you need to adjust this configuration:

# Adjust even higher if storing larger files
CONFIG_TFM_CRYPTO_IOVEC_BUFFER_SIZE=6400

Jithin A said:

I found this TF-M profile table and I see TFM PROTECTED STORAGE is set to OFF in the SMALL profile.

I think there's an issue with how kconfig shows the tfm subsys vs. what is actually set in the cmake files to the TFM build. I see that the configuration is greyed out, but it does indeed pass this to the tfm image:

build/$IMAGE_NAME/tfm/CMakeCache.txt:TFM_PARTITION_PROTECTED_STORAGE:BOOL=ON

Sorry for all the back-and-forth in this matter.

Kind regards,

Håkon

Hi,

Thank you for letting me know, will test above and let you know.