Hello,
I am currently struggling with setup and configuration of firmware for nRF5340. The idea is to use two stage bootloader setup, XIP split to external flash and build NS with TF-M.
Unfortunately I am unable to make this exact configuration to work. As a base for exploration and reproduction of the issue I used tfm_psa_template sample (as it was the only sample I found most closely demonstrating my setup).
I first did some minor changes for me to help me out:
- Removed APPROTECT to make stuff easier to debug (SB_CONFIG_APPROTECT_LOCK=n and SB_CONFIG_SECURE_APPROTECT_LOCK=n)
- Removed initial attestation from sample as it is not in my interest yet (comment out CONFIG_TFM_PARTITION_INITIAL_ATTESTATION and CONFIG_TFM_ATTEST_VERIFICATION_SERVICE_URL from prj.conf, and commented out related code in main.c - include file, get_attestation_token function and its call inside main)
After those initial changes I tested it on nRF5340dk and confirmed that everything still works as intended
On UART logs we can observe that we correctly went b0-mcuboot-application:
*** Using Zephyr OS v4.1.99-1f51b946c59e *** Attempting to boot slot 0. Attempting to boot from address 0x8200. I: Trying to get Firmware version I: Verifying signature against key 0. I: Hash: 0xc2...c5 I: Firmware signature verified. Firmware version 1 I: Setting monotonic counter (version: 1, slot: 0) �*** Booting My Application v2.1.0-dev-9b4ae4cbc9e2 *** *** Using nRF Connect SDK v3.1.1-c7b597ab943c *** *** Using Zephyr OS v4.1.99-1f51b946c59e *** I: Starting bootloader I: Image index: 0, Swap type: none I: Image index: 1, Swap type: none I: Image index: 2, Swap type: none I: Bootloader chainload address offset: 0x20000 I: Image version: v0.0.0 �*** Booting nRF Connect SDK v3.1.1-c7b597ab943c *** *** Using Zephyr OS v4.1.99-1f51b946c59e *** build time: Dec 11 2025 07:23:34 FW info S0: Magic: 0x281ee6de8fcebb4c00003502 Total Size: 140 Size: 0x000085b0 Version: 1 Address: 0x00008200 Boot address: 0x00008200 Valid: 0x9102ffff (CONFIG_FW_INFO_VALID_VAL=0x9102ffff) FW info S1: Magic: 0x281ee6de8fcebb4c00003502 Total Size: 140 Size: 0x000085b0 Version: 1 Address: 0x00014200 Boot address: 0x00014200 Valid: 0x9102ffff (CONFIG_FW_INFO_VALID_VAL=0x9102ffff) Active slot: S0
Then I added XIP split to sample and it breaks. I did following further changes:
- Added SB_CONFIG_QSPI_XIP_SPLIT_IMAGE=y to sysbuild.conf
- Added following lines to CMakeLists.txt to relocate something to external flash
zephyr_code_relocate(LIBRARY mbedtls_zephyr LOCATION EXTFLASH_TEXT NOCOPY) zephyr_code_relocate(LIBRARY mbedtls_zephyr LOCATION EXTFLASH_RODATA NOCOPY)
- Added following pm_static.yml file to have split partition on external flash defined correctly
mcuboot_secondary: address: 0x0 device: DT_CHOSEN(nordic_pm_ext_flash) end_address: 0xd4000 region: external_flash size: 0xd4000 mcuboot_secondary_1: address: 0xd4000 device: DT_CHOSEN(nordic_pm_ext_flash) end_address: 0x114000 region: external_flash size: 0x40000 external_flash: address: 0x114000 device: DT_CHOSEN(nordic_pm_ext_flash) end_address: 0x800000 region: external_flash size: 0x6ec000 mcuboot_primary_2: address: 0x114000 device: DT_CHOSEN(nordic_pm_ext_flash) end_address: 0x214000 orig_span: &id003 - mcuboot_primary_2_pad - mcuboot_primary_2_app region: external_flash size: 0x100000 span: *id003 mcuboot_primary_2_pad: address: 0x114000 end_address: 0x114200 region: external_flash size: 0x200 mcuboot_primary_2_app: address: 0x114200 device: DT_CHOSEN(nordic_pm_ext_flash) end_address: 0x214000 region: external_flash size: 0xFFE00 mcuboot_secondary_2: address: 0x214000 device: DT_CHOSEN(nordic_pm_ext_flash) end_address: 0x314000 region: external_flash size: 0x100000
With those changes in place, I no longer get into application code as bootloader no longer recognizes bootable image:
*** Booting nRF Connect SDK v3.1.1-c7b597ab943c *** *** Using Zephyr OS v4.1.99-1f51b946c59e *** Attempting to boot slot 0. Attempting to boot from address 0x8200. I: Trying to get Firmware version I: Verifying signature against key 0. I: Hash: 0x43...c9 I: Firmware signature verified. Firmware version 1 I: Setting monotonic counter (version: 1, slot: 0) �*** Booting My Application v2.1.0-dev-9b4ae4cbc9e2 *** *** Using nRF Connect SDK v3.1.1-c7b597ab943c *** *** Using Zephyr OS v4.1.99-1f51b946c59e *** I: Starting bootloader I: Image index: 0, Swap type: none I: Image index: 1, Swap type: none I: Image index: 2, Swap type: none I: Image index: 3, Swap type: none E: Unable to find bootable image
Please help me making this setup work
Regards!
