This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

NRF9160 Memory partition

Hello guys,

I wanted try run on NRF9160 hardware CC310 cryptographic module.

I installed all software and tried run secure_services demo. Thats works, cool!

In next step I tried run RSA cryptographic fuctions. I found example in downloaded folders and added in secure_services.c my new code which should works with RSA, but I can not compile now.

I added next test code to secure_services demo:

        int keysize;
        int ret;

mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;

        mbedtls_rsa_context rsa;
        mbedtls_ctr_drbg_context ctr_drbg;
        keysize = 2048;
        //for( ; keysize <= 4096; keysize *= 2 )
        //{
        while(1)
        {
            //mbedtls_snprintf( title, sizeof( title ), "RSA-%d", keysize );
            mbedtls_ctr_drbg_init( &ctr_drbg );
            mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );

            mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
            mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
            mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );

            mbedtls_rsa_gen_key( &rsa, myrand, NULL, keysize, 65537 );


           if( ( ret = mbedtls_rsa_export    ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
               ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) )      != 0 )
           {
             for(int i = 0; i < 5; i++)
             {
               i = 5;
             }
           }

           if((ret = mbedtls_rsa_public( &rsa, buf, buf )) != 0)
           {
             for(int i = 0; i < 5; i++)
             {
               i = 5;
             }           
           };
           if((ret = mbedtls_rsa_private( &rsa, myrand, NULL, buf, buf )) != 0)
           {
             for(int i = 0; i < 5; i++)
             {
               i = 5;
             }           
           };

            mbedtls_rsa_free( &rsa );
        }

And received flowing problems:

spm\zephyr\spm_zephyr_prebuilt.elf section `_TEXT_SECTION_NAME_2' will not fit in region `FLASH'

SPM and app are sharing an SPU region. Cannot partition flash correctly into secure and non-secure. Adjust partitions sizes so they are placed in separate regions.

region `FLASH' overflowed by 81920 bytes

ld returned 1 exit status

As I understood this problem with not enough memory for code which are placed in secure partition?

How can I fixed it?

Thanks.

Parents
  • See /path/to/zephyr/boards/arm/nrf9160_pca10090.

    In this folder you will find all files relating to the hardware set up of the PCA10090, the device tree structure.

    In the files labeled nrf9160_pca10090_common.dts and nrf9160_pca10090_partition_conf.dts, you will find the partition setups for every area in the 1MB flash memory.

    Edit the addresses to increase the size of the non-secure memory (I assume this is a non-secure space issue and not the secure side). For non-secure partition sizes, you are looking at slot0ns and slot1ns in the nrf9160_pca10090_partition_conf.dts. Increase the sizes of these regions and decrease the size of the others if necessary to make the space you need avaliable.

    NOTE: slot0-slot1 and slot0ns-slot1ns MUST BE THE SAME SIZE. The secure and non-secure can be different sizes but the slots for each region must be equal as the slot numbered 0 is the secure/nonsecure application data and the slot numbered 1 is the secure/nonsecure update image storage for firmware updates and must be equal to slot 0

    Scratch is the partition for copying data between slot 0s and slot1s

    See https://docs.zephyrproject.org/1.12.0/devices/dts/flash_partitions.html for the Zephyr information on partitions.

    EDIT: actually, looking at your post again, I think it's the secure size thats too small. Error was on SPM building which, unless I'm mistaken, goes in the secure partition.

  • Ah ok, I was looking for something like that tbh myself. I knew that whatever was causing this to be reduced was something 13 flash sectors in size, which was what you found. If you compile the SPM application, the flash area is like 128KB but in every other sample it gets reduced to 48KB. I guess you found where the flash sector for SPM was getting throttled down.

  • Thanks for your help.

    Very many things have become clear.

    Now I need run and check how works CC310 crypto module.

    I wanted start it from RSA key generation. I have a question can I use debugger in secure memory? And why I had bus fault when I try use printk from spm_request_random_number()?

    BUS FAULT:

    Exception occurred in Secure State
    ***** BUS FAULT *****
      Precise data bus error
      BFAR Address: 0x50008120
    ***** Hardware exception *****
    Current thread ID = 0x200200b0
    Faulting instruction address = 0xffffffff
    Fatal fault in essential thread! Spinning...
    

  • I have changed my value in this definition to 0x12000 as well and the application runs correctly with the new partition size of 72KB.

    [177/319] Linking C executable spm/zephyr/spm_zephyr_prebuilt.elf
    Memory region         Used Size  Region Size  %age Used
               FLASH:         32 KB        72 KB     44.44%
                SRAM:       10000 B        64 KB     15.26%
            IDT_LIST:          40 B         2 KB      1.95%

    So the issue was with the size of flash allocated to MCUBoot, which is strange as that should have been the partition covered under boot_partition. I tried changing that value yesterday and it had no effect on the outcome.

    From Zephyr documentation:

    boot_partition

    This is the partition where the bootloader is expected to be placed. MCUboot’s build system will attempt to link the MCUboot image into this partition.

    I guess it doesn't actually do that and uses this define to set up and partition seperate from the rest of the flash memory. It then links to slot0_partition where the applications secure image is placed.

  • That's a question for Nordic as I honestly wouldn't know. At least you have been able to build the application and flash it Slight smile

Reply Children
No Data
Related