Flash Partition Management with Trusted Firmware-M

Question

Backround: We are planning to use TF-M with a two-stage bootloader (NSIB & MCUBoot) using dual-slots for secure and non-secure images. We need to support configurable fixed flash partitions (i.e. for event or configuration storage) and would like to retain the option to use an external flash in the future. 
 I have read through the nRF Connect SDK documentation, however it is not clear to me how the Partition Managed is used to configure fixed flash partitions for targets using TF-M. Could you please provide an example partition configuration on the nRF9160 (using internal flash) with: dual-slots for secure / non-secure images, secure storage (i.e. certificates), event storage (for telemetry) and configuration?

Sigurd Hellesvik · Accepted Answer

vytautas said: but surely it can't function the same way for MCUBoot, given that you would be overwriting code you are currently executing. 
 First, MCUboot runs from S0. Then you upload update to S1, with newer version. Then reboot. MCUboot will now boot from newest version: S1. Then you upload update to S0, with newer version. Then reboot. MCUboot will now boot from newest version: S0. Etc. 
 vytautas said: Who determines which (S0 or S1) partition the MCUBoot update (of MCUBoot itself!) should go to? 
 You "simply" have to upload to the slot MCUboot does not run from. I had to ask devs for how to read this. They say " https://github.com/nrfconnect/sdk-nrf/blob/main/samples/tfm/tfm_psa_template/src/main.c#L92 shows how to do it in TF-M " 
 I am not yet sure how to do it without TF-M, but I think you should be able to use the FW Info lib.

Flash Partition Management with Trusted Firmware-M

Top Replies