• State Not Answered
  • Replies 3 replies
  • Subscribers 85 subscribers
  • Views 135 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 359486
Options

MCUBOOT with nrf9161-sica

Uri Rotshtein

I’m working on a custom board based on the nRF9160 (SICA variant) and trying to enable MCUboot + TF-M with sysbuild. I’m running into an issue where the system never reaches the application after MCUboot hands over control.

Wrench Environment

  • NCS version: 3.2.2

  • Zephyr: 4.2.99

  • Toolchain: NCS toolchain (default)

  • Board: custom (rit_nordic3_nrf9160/ns)

  • Using sysbuild with MCUboot and TF-M

Problem description

The device boots into MCUboot correctly, validates the image, and attempts to jump to slot0. However, nothing executes afterward:

  • No Zephyr banner

  • No TF-M logs (e.g. [Sec Thread] Secure image initializing!)

  • No RTT output

  • No UART output from the application

MCUboot log

*** Booting MCUboot v2.3.0-dev ***
I: Starting bootloader
...
I: Image version: v1.1.0
?: Jumping to the first image slot

After this line → system is silent

What we verified

  • MCUboot builds and runs correctly

  • Image is properly signed and validated (ECDSA OK)

  • Partition layout looks correct (slot0 @ 0x10000, slot1 @ 0x80000)

  • TF-M is being built (build/.../tfm exists)

  • Using sysbuild (--sysbuild)

What we tried

1. Logging / console debugging

  • Switched to RTT:

    CONFIG_USE_SEGGER_RTT=y
CONFIG_LOG_BACKEND_RTT=y
CONFIG_RTT_CONSOLE=y
CONFIG_UART_CONSOLE=n

  • Result: still no output after MCUboot jump

2. UART console

  • Initially UART console worked for MCUboot logs

  • Disabled UART console → still no application output

3. Partition Manager

  • Verified layout using partition_manager_report

  • Matches expected MCUboot + TF-M layout

4. TF-M dependency check

  • Tried disabling TF-M → build fails due to missing psa/crypto.h

  • So TF-M is required in our application

5. DTS cleanup

We started with a minimal SICA DTS:

#include <nordic/nrf9160ns_sica.dtsi>

Then adjusted our board DTS to:

/dts-v1/;

#include <nordic/nrf9160ns_sica.dtsi>
#include "rit_nordic3_nrf9160-pinctrl.dtsi"
#include "rit_nordic3_nrf9160-partitioning.dtsi"
#include "rit_nordic3_nrf9160.dtsi"

/ {
    chosen {
        zephyr,flash = &flash0;
        zephyr,sram = &sram0_ns;
        zephyr,code-partition = &slot0_partition;
    };
};

Also removed:

  • duplicate includes

  • flash/sram overrides

  • extra soc {} node

Current understanding

It looks like:

  • MCUboot works and jumps correctly

  • Failure happens immediately after jump

  • TF-M does not seem to start at all

  • Likely a secure memory / SPU / TF-M platform integration issue

Given we are using the SICA variant, we suspect:

  • missing or incorrect secure attribution configuration

  • board DTS / platform not fully aligned with TF-M expectations

Questions

  1. Is nrf9160ns_sica.dtsi alone sufficient for TF-M + MCUboot setups?

  2. Are there additional required configurations for SPU / secure memory when using SICA?

  3. Is there a reference board or example using SICA + TF-M + MCUboot?

  4. What is the minimal set of requirements for a custom board DTS to work with TF-M?

Goal

We want:

  • MCUboot + TF-M working on a custom SICA-based board

  • Ability to run application (with console/menu) after boot

Any guidance or reference configuration would be greatly appreciated.

Thanks!

Parents Reply Children
Related
Terms of service