• State Not Answered
  • Replies 12 replies
  • Subscribers 68 subscribers
  • Views 6110 views
  • Users 0 members are here
Attachments (4) Download All
Nordic Case Info
  • Case ID: 233124
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

NRF9160 Memory partition

DenisAks

Hello guys,

I wanted try run on NRF9160 hardware CC310 cryptographic module.

I installed all software and tried run secure_services demo. Thats works, cool!

In next step I tried run RSA cryptographic fuctions. I found example in downloaded folders and added in secure_services.c my new code which should works with RSA, but I can not compile now.

I added next test code to secure_services demo:

        int keysize;
        int ret;

mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;

        mbedtls_rsa_context rsa;
        mbedtls_ctr_drbg_context ctr_drbg;
        keysize = 2048;
        //for( ; keysize <= 4096; keysize *= 2 )
        //{
        while(1)
        {
            //mbedtls_snprintf( title, sizeof( title ), "RSA-%d", keysize );
            mbedtls_ctr_drbg_init( &ctr_drbg );
            mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );

            mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
            mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
            mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );

            mbedtls_rsa_gen_key( &rsa, myrand, NULL, keysize, 65537 );


           if( ( ret = mbedtls_rsa_export    ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
               ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) )      != 0 )
           {
             for(int i = 0; i < 5; i++)
             {
               i = 5;
             }
           }

           if((ret = mbedtls_rsa_public( &rsa, buf, buf )) != 0)
           {
             for(int i = 0; i < 5; i++)
             {
               i = 5;
             }           
           };
           if((ret = mbedtls_rsa_private( &rsa, myrand, NULL, buf, buf )) != 0)
           {
             for(int i = 0; i < 5; i++)
             {
               i = 5;
             }           
           };

            mbedtls_rsa_free( &rsa );
        }

And received flowing problems:

spm\zephyr\spm_zephyr_prebuilt.elf section `_TEXT_SECTION_NAME_2' will not fit in region `FLASH'

SPM and app are sharing an SPU region. Cannot partition flash correctly into secure and non-secure. Adjust partitions sizes so they are placed in separate regions.

region `FLASH' overflowed by 81920 bytes

ld returned 1 exit status

As I understood this problem with not enough memory for code which are placed in secure partition?

How can I fixed it?

Thanks.

Parents
  • 0

    See /path/to/zephyr/boards/arm/nrf9160_pca10090.

    In this folder you will find all files relating to the hardware set up of the PCA10090, the device tree structure.

    In the files labeled nrf9160_pca10090_common.dts and nrf9160_pca10090_partition_conf.dts, you will find the partition setups for every area in the 1MB flash memory.

    Edit the addresses to increase the size of the non-secure memory (I assume this is a non-secure space issue and not the secure side). For non-secure partition sizes, you are looking at slot0ns and slot1ns in the nrf9160_pca10090_partition_conf.dts. Increase the sizes of these regions and decrease the size of the others if necessary to make the space you need avaliable.

    NOTE: slot0-slot1 and slot0ns-slot1ns MUST BE THE SAME SIZE. The secure and non-secure can be different sizes but the slots for each region must be equal as the slot numbered 0 is the secure/nonsecure application data and the slot numbered 1 is the secure/nonsecure update image storage for firmware updates and must be equal to slot 0

    Scratch is the partition for copying data between slot 0s and slot1s

    See https://docs.zephyrproject.org/1.12.0/devices/dts/flash_partitions.html for the Zephyr information on partitions.

    EDIT: actually, looking at your post again, I think it's the secure size thats too small. Error was on SPM building which, unless I'm mistaken, goes in the secure partition.

  • 0 in reply to MJD093

    Hi,

    Thanks for your reply.

    In my previous post def **.zip it files which have default settings, they are confused me with boot section. I thought they are correct.

    I replaced my files.  I deleted build directories in spm and security_service folders.

    And what is strange I have same errors.

    Here full secure_services demo compile log.

    Building ‘spm/zephyr/include/generated/driver-validation.h’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/include/generated/driver-validation.h’
Building ‘spm/zephyr/CMakeFiles/spm_driver_validation_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_driver_validation_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/include/generated/kobj-types-enum.h’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/include/generated/kobj-types-enum.h’
Building ‘spm/zephyr/include/generated/otype-to-str.h’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/CMakeFiles/spm_kobj_types_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_kobj_types_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/misc/generated/syscalls.json’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/misc/generated/syscalls.json’
Building ‘spm/zephyr/include/generated/syscall_list.h’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/include/generated/syscall_list.h’
Building ‘spm/zephyr/CMakeFiles/spm_syscall_list_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/include/generated/syscall_dispatch.c’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_syscall_list_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/include/generated/syscall_macros.h’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/include/generated/syscall_macros.h’
Building ‘spm/zephyr/CMakeFiles/spm_syscall_macros_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_syscall_macros_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_offsets’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_offsets’ from solution ‘build’ in configuration ‘Common’
1> Compiling ‘offsets.c’
Building ‘spm/zephyr/include/generated/offsets.h’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/include/generated/offsets.h’
Building ‘spm/zephyr/CMakeFiles/spm_offsets_h’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_offsets_h’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_app’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_arch__arm__core’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_arch__arm__core__cortex_m’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_arch__arm__core__cortex_m__mpu’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_drivers__serial’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_kernel’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_lib__libc__minimal’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_mbedcrypto_vanilla’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_mbeddrbg’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_zephyr’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/linker.cmd’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/linker.cmd’
Building ‘spm/zephyr/CMakeFiles/spm_linker_script_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_linker_script_target’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_zephyr_prebuilt’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/spm_app/libspm_app.a’ from solution ‘build’ in configuration ‘Common’
2> Compiling ‘main.c’
Building ‘spm/zephyr/libspm_zephyr.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_app.a’
2> Compiling ‘isr_tables.c’
1> Compiling ‘sw_isr_common.c’
2> Compiling ‘arm_core_cmse.c’
1> Compiling ‘arm_core_tz.c’
2> Compiling ‘crc32_sw.c’
1> Compiling ‘crc16_sw.c’
2> Compiling ‘crc8_sw.c’
1> Compiling ‘crc7_sw.c’
2> Compiling ‘fdtable.c’
1> Compiling ‘mempool.c’
2> Compiling ‘rb.c’
1> Compiling ‘thread_entry.c’
2> Compiling ‘work_q.c’
1> Compiling ‘printk.c’
2> Compiling ‘configs.c’
1> Compiling ‘soc.c’
2> Compiling ‘mpu_regions.c’
1> Compiling ‘system_nrf9160.c’
2> Compiling ‘nrfx_glue.c’
1> Compiling ‘power.c’
2> Compiling ‘reboot.c’
2> Compiling ‘policy_residency.c’
1> Compiling ‘uart_console.c’
2> Compiling ‘nrf_power_clock.c’
1> Compiling ‘sys_clock_init.c’
1> Compiling ‘nrf_rtc_timer.c’
2> Compiling ‘spm.c’
1> Compiling ‘secure_services.c’
1> C:/ncs/nrf/subsys/spm/secure_services.c:148:13: warning: unused variable 'ret' [-Wunused-variable]
1> C:/ncs/nrf/subsys/spm/secure_services.c:146:6: warning: unused variable 'i' [-Wunused-variable]
1> C:/ncs/nrf/subsys/spm/secure_services.c:143:23: warning: unused variable 'rsa' [-Wunused-variable]
1> C:/ncs/nrf/subsys/spm/secure_services.c:142:21: warning: unused variable 'pk' [-Wunused-variable]
1> C:/ncs/nrf/subsys/spm/secure_services.c:298:9: warning: implicit declaration of function 'memcpy' [-Wimplicit-function-declaration]
1> C:/ncs/nrf/subsys/spm/secure_services.c:303:1: warning: no return statement in function returning non-void [-Wreturn-type]
1> C:/ncs/nrf/subsys/spm/secure_services.c:181:1: warning: control reaches end of non-void function [-Wreturn-type]
Building ‘spm/zephyr/arch/arm/core/libspm_arch__arm__core.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_zephyr.a’
2> Assembling ‘exc_exit.S’
1> Assembling ‘swap_helper.S’
2> Assembling ‘cpu_idle.S’
1> Assembling ‘fault_s.S’
2> Assembling ‘isr_wrapper.S’
1> Compiling ‘irq_init.c’
2> Compiling ‘swap.c’
1> Compiling ‘irq_manage.c’
2> Compiling ‘fault.c’
1> Compiling ‘thread.c’
2> Compiling ‘fatal.c’
1> Compiling ‘sys_fatal_error_handler.c’
2> Compiling ‘thread_abort.c’
Building ‘spm/zephyr/arch/arm/core/cortex_m/libspm_arch__arm__core__cortex_m.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_arch__arm__core.a’
2> Assembling ‘vector_table.S’
1> Assembling ‘reset.S’
2> Assembling ‘nmi_on_reset.S’
1> Compiling ‘prep_c.c’
2> Compiling ‘scb.c’
1> Compiling ‘nmi.c’
2> Compiling ‘exc_manage.c’
Building ‘spm/zephyr/arch/arm/core/cortex_m/mpu/libspm_arch__arm__core__cortex_m__mpu.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_arch__arm__core__cortex_m.a’
2> Compiling ‘arm_core_mpu.c’
1> Compiling ‘arm_mpu.c’
Building ‘spm/zephyr/lib/libc/minimal/libspm_lib__libc__minimal.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_arch__arm__core__cortex_m__mpu.a’
2> Compiling ‘atoi.c’
1> Compiling ‘strtol.c’
1> Compiling ‘malloc.c’
2> Compiling ‘strtoul.c’
1> Compiling ‘bsearch.c’
2> Compiling ‘exit.c’
1> Compiling ‘strncasecmp.c’
2> Compiling ‘strstr.c’
1> Compiling ‘string.c’
2> Compiling ‘prf.c’
1> Compiling ‘stdout_console.c’
1> Compiling ‘sprintf.c’
2> Compiling ‘fprintf.c’
Building ‘spm/zephyr/drivers/serial/libspm_drivers__serial.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_lib__libc__minimal.a’
2> Compiling ‘uart_nrfx_uarte.c’
Building ‘spm/zephyr/modules/nrfxlib/nrf_security/src/mbedtls/libspm_mbeddrbg.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_drivers__serial.a’
2> Compiling ‘ctr_drbg.c’
1> Compiling ‘entropy.c’
Building ‘spm/zephyr/modules/nrfxlib/nrf_security/src/mbedtls/libspm_mbedcrypto_vanilla.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_mbeddrbg.a’
2> Compiling ‘aes.c’
1> Compiling ‘aesni.c’
2> Compiling ‘arc4.c’
1> Compiling ‘aria.c’
1> Compiling ‘asn1parse.c’
2> Compiling ‘asn1write.c’
1> Compiling ‘base64.c’
2> Compiling ‘bignum.c’
1> Compiling ‘blowfish.c’
1> Compiling ‘camellia.c’
2> Compiling ‘ccm.c’
1> Compiling ‘chacha20.c’
2> Compiling ‘chachapoly.c’
1> Compiling ‘cipher.c’
2> Compiling ‘cmac.c’
1> Compiling ‘des.c’
1> Compiling ‘dhm.c’
2> Compiling ‘ecdh.c’
1> Compiling ‘ecdsa.c’
2> Compiling ‘ecjpake.c’
1> Compiling ‘ecp.c’
2> Compiling ‘ecp_curves.c’
1> Compiling ‘entropy_poll.c’
2> Compiling ‘error.c’
1> Compiling ‘gcm.c’
2> Compiling ‘havege.c’
1> Compiling ‘hkdf.c’
2> Compiling ‘hmac_drbg.c’
1> Compiling ‘md2.c’
2> Compiling ‘md.c’
1> Compiling ‘md4.c’
2> Compiling ‘md5.c’
1> Compiling ‘md_wrap.c’
2> Compiling ‘memory_buffer_alloc.c’
1> Compiling ‘nist_kw.c’
2> Compiling ‘oid.c’
1> Compiling ‘padlock.c’
2> Compiling ‘pk.c’
1> Compiling ‘pk_wrap.c’
2> Compiling ‘pkcs12.c’
1> Compiling ‘pkcs5.c’
1> Compiling ‘pkwrite.c’
2> Compiling ‘pkparse.c’
1> Compiling ‘platform.c’
2> Compiling ‘platform_util.c’
1> Compiling ‘poly1305.c’
2> Compiling ‘ripemd160.c’
1> Compiling ‘rsa.c’
1> Compiling ‘sha1.c’
2> Compiling ‘rsa_internal.c’
1> Compiling ‘sha256.c’
2> Compiling ‘sha512.c’
1> Compiling ‘threading.c’
2> Compiling ‘timing.c’
1> Compiling ‘version.c’
2> Compiling ‘version_features.c’
1> Compiling ‘xtea.c’
2> Compiling ‘cipher_wrap.c’
2> Compiling ‘pem.c’
Building ‘spm/zephyr/kernel/libspm_kernel.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_mbedcrypto_vanilla.a’
2> Compiling ‘device.c’
1> Compiling ‘errno.c’
2> Compiling ‘idle.c’
1> Compiling ‘init.c’
2> Compiling ‘mailbox.c’
1> Compiling ‘mem_slab.c’
2> Compiling ‘mempool.c’
1> Compiling ‘msg_q.c’
2> Compiling ‘mutex.c’
1> Compiling ‘pipes.c’
1> Compiling ‘sched.c’
2> Compiling ‘queue.c’
2> Compiling ‘sem.c’
2> Compiling ‘stack.c’
1> Compiling ‘system_work_q.c’
1> Compiling ‘thread.c’
2> Compiling ‘thread_abort.c’
1> Compiling ‘version.c’
2> Compiling ‘work_q.c’
1> Compiling ‘smp.c’
1> Compiling ‘timeout.c’
2> Compiling ‘timer.c’
1> Archiving ‘libspm_kernel.a’
Building ‘spm/zephyr/spm_zephyr_prebuilt.elf’ from solution ‘build’ in configuration ‘Common’
1> Compiling ‘empty_file.c’
1> Linking ‘spm_zephyr_prebuilt.elf’
1> Memory region         Used Size  Region Size  %age Used
1>            FLASH:         64 KB        48 KB    133.33%
1>             SRAM:        4912 B        64 KB      7.50%
1>         IDT_LIST:          40 B         2 KB      1.95%
1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: spm\zephyr\spm_zephyr_prebuilt.elf section `.gnu.sgstubs' will not fit in region `FLASH'
1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: SPM and app are sharing an SPU region. Cannot partition flash correctly into secure and non-secure. Adjust partitions sizes so they are placed in separate regions.
1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: region `FLASH' overflowed by 16384 bytes
1> collect2.exe: error: ld returned 1 exit status
Build failed

    1> Linking ‘spm_zephyr_prebuilt.elf’
    1> Memory region         Used Size  Region Size  %age Used
    1>            FLASH:         64 KB        48 KB    133.33%
    1>             SRAM:        4912 B        64 KB      7.50%
    1>         IDT_LIST:          40 B         2 KB      1.95%
    1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: spm\zephyr\spm_zephyr_prebuilt.elf section `.gnu.sgstubs' will not fit in region `FLASH'
    1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: SPM and app are sharing an SPU region. Cannot partition flash correctly into secure and non-secure. Adjust partitions sizes so they are placed in separate regions.
    1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: region `FLASH' overflowed by 16384 bytes
    1> collect2.exe: error: ld returned 1 exit status
    Build failed

    I tried it several times and also restarted my pc and etc.. Same error.

    Maybe I can change or check something else?

    I want to do still some tests.

    ----------------------------------------------------------------------------------------------------------------

    EDIT:

    Also I found in spm menu config (placed at C:\ncs\nrf\susbsys\spm\Kconfig   this:

    # Define used by partition_manager.py to deduce size of partition
    config PM_PARTITION_SIZE_MCUBOOT
        hex "Flash space reserved for bootloader."
        default 0xc000
        help
          Flash space set aside for the MCUBoot. Note, the name
          of this configuration needs to match the requirements set by the
          script 'partition_manager.py'. See pm.yaml.

    What this mean? This space 0xc000 = 48kB

    I think so compiler try place rsa functions with bootloader in one section. Does it make sense?

  • 0 in reply to DenisAks

    I changed 0xc000 to 0x12000 and now all compiled ok.

    But in the debugger I can't go inside funcion __TZ_NONSECURE_ENTRY_FUNC rsa_test().

    Is this how it should be?

  • 0 in reply to DenisAks

    Ah ok, I was looking for something like that tbh myself. I knew that whatever was causing this to be reduced was something 13 flash sectors in size, which was what you found. If you compile the SPM application, the flash area is like 128KB but in every other sample it gets reduced to 48KB. I guess you found where the flash sector for SPM was getting throttled down.

  • 0 in reply to MJD093

    Thanks for your help.

    Very many things have become clear.

    Now I need run and check how works CC310 crypto module.

    I wanted start it from RSA key generation. I have a question can I use debugger in secure memory? And why I had bus fault when I try use printk from spm_request_random_number()?

    BUS FAULT:

    Exception occurred in Secure State
***** BUS FAULT *****
  Precise data bus error
  BFAR Address: 0x50008120
***** Hardware exception *****
Current thread ID = 0x200200b0
Faulting instruction address = 0xffffffff
Fatal fault in essential thread! Spinning...

  • 0 in reply to DenisAks

    I have changed my value in this definition to 0x12000 as well and the application runs correctly with the new partition size of 72KB.

    [177/319] Linking C executable spm/zephyr/spm_zephyr_prebuilt.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:         32 KB        72 KB     44.44%
            SRAM:       10000 B        64 KB     15.26%
        IDT_LIST:          40 B         2 KB      1.95%

    So the issue was with the size of flash allocated to MCUBoot, which is strange as that should have been the partition covered under boot_partition. I tried changing that value yesterday and it had no effect on the outcome.

    From Zephyr documentation:

    boot_partition

    This is the partition where the bootloader is expected to be placed. MCUboot’s build system will attempt to link the MCUboot image into this partition.

    I guess it doesn't actually do that and uses this define to set up and partition seperate from the rest of the flash memory. It then links to slot0_partition where the applications secure image is placed.

Reply
  • 0 in reply to DenisAks

    I have changed my value in this definition to 0x12000 as well and the application runs correctly with the new partition size of 72KB.

    [177/319] Linking C executable spm/zephyr/spm_zephyr_prebuilt.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:         32 KB        72 KB     44.44%
            SRAM:       10000 B        64 KB     15.26%
        IDT_LIST:          40 B         2 KB      1.95%

    So the issue was with the size of flash allocated to MCUBoot, which is strange as that should have been the partition covered under boot_partition. I tried changing that value yesterday and it had no effect on the outcome.

    From Zephyr documentation:

    boot_partition

    This is the partition where the bootloader is expected to be placed. MCUboot’s build system will attempt to link the MCUboot image into this partition.

    I guess it doesn't actually do that and uses this define to set up and partition seperate from the rest of the flash memory. It then links to slot0_partition where the applications secure image is placed.

Children
No Data
Related