This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

NRF9160 Memory partition

Hello guys,

I wanted try run on NRF9160 hardware CC310 cryptographic module.

I installed all software and tried run secure_services demo. Thats works, cool!

In next step I tried run RSA cryptographic fuctions. I found example in downloaded folders and added in secure_services.c my new code which should works with RSA, but I can not compile now.

I added next test code to secure_services demo:

        int keysize;
        int ret;

mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;

        mbedtls_rsa_context rsa;
        mbedtls_ctr_drbg_context ctr_drbg;
        keysize = 2048;
        //for( ; keysize <= 4096; keysize *= 2 )
        //{
        while(1)
        {
            //mbedtls_snprintf( title, sizeof( title ), "RSA-%d", keysize );
            mbedtls_ctr_drbg_init( &ctr_drbg );
            mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );

            mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
            mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
            mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );

            mbedtls_rsa_gen_key( &rsa, myrand, NULL, keysize, 65537 );


           if( ( ret = mbedtls_rsa_export    ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
               ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) )      != 0 )
           {
             for(int i = 0; i < 5; i++)
             {
               i = 5;
             }
           }

           if((ret = mbedtls_rsa_public( &rsa, buf, buf )) != 0)
           {
             for(int i = 0; i < 5; i++)
             {
               i = 5;
             }           
           };
           if((ret = mbedtls_rsa_private( &rsa, myrand, NULL, buf, buf )) != 0)
           {
             for(int i = 0; i < 5; i++)
             {
               i = 5;
             }           
           };

            mbedtls_rsa_free( &rsa );
        }

And received flowing problems:

spm\zephyr\spm_zephyr_prebuilt.elf section `_TEXT_SECTION_NAME_2' will not fit in region `FLASH'

SPM and app are sharing an SPU region. Cannot partition flash correctly into secure and non-secure. Adjust partitions sizes so they are placed in separate regions.

region `FLASH' overflowed by 81920 bytes

ld returned 1 exit status

As I understood this problem with not enough memory for code which are placed in secure partition?

How can I fixed it?

Thanks.

0 DenisAks over 5 years ago in reply to MJD093

Hi,

Thanks for your reply.

In my previous post def **.zip it files which have default settings, they are confused me with boot section. I thought they are correct.

I replaced my files. I deleted build directories in spm and security_service folders.

And what is strange I have same errors.

Here full secure_services demo compile log.

Building ‘spm/zephyr/include/generated/driver-validation.h’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/include/generated/driver-validation.h’
Building ‘spm/zephyr/CMakeFiles/spm_driver_validation_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_driver_validation_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/include/generated/kobj-types-enum.h’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/include/generated/kobj-types-enum.h’
Building ‘spm/zephyr/include/generated/otype-to-str.h’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/CMakeFiles/spm_kobj_types_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_kobj_types_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/misc/generated/syscalls.json’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/misc/generated/syscalls.json’
Building ‘spm/zephyr/include/generated/syscall_list.h’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/include/generated/syscall_list.h’
Building ‘spm/zephyr/CMakeFiles/spm_syscall_list_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/include/generated/syscall_dispatch.c’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_syscall_list_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/include/generated/syscall_macros.h’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/include/generated/syscall_macros.h’
Building ‘spm/zephyr/CMakeFiles/spm_syscall_macros_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_syscall_macros_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_offsets’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_offsets’ from solution ‘build’ in configuration ‘Common’
1> Compiling ‘offsets.c’
Building ‘spm/zephyr/include/generated/offsets.h’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/include/generated/offsets.h’
Building ‘spm/zephyr/CMakeFiles/spm_offsets_h’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_offsets_h’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_app’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_arch__arm__core’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_arch__arm__core__cortex_m’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_arch__arm__core__cortex_m__mpu’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_drivers__serial’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_kernel’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_lib__libc__minimal’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_mbedcrypto_vanilla’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_mbeddrbg’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_zephyr’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/linker.cmd’ from solution ‘build’ in configuration ‘Common’
1> Combining ‘spm/zephyr/linker.cmd’
Building ‘spm/zephyr/CMakeFiles/spm_linker_script_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_linker_script_target’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_zephyr_prebuilt’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/spm_app/libspm_app.a’ from solution ‘build’ in configuration ‘Common’
2> Compiling ‘main.c’
Building ‘spm/zephyr/libspm_zephyr.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_app.a’
2> Compiling ‘isr_tables.c’
1> Compiling ‘sw_isr_common.c’
2> Compiling ‘arm_core_cmse.c’
1> Compiling ‘arm_core_tz.c’
2> Compiling ‘crc32_sw.c’
1> Compiling ‘crc16_sw.c’
2> Compiling ‘crc8_sw.c’
1> Compiling ‘crc7_sw.c’
2> Compiling ‘fdtable.c’
1> Compiling ‘mempool.c’
2> Compiling ‘rb.c’
1> Compiling ‘thread_entry.c’
2> Compiling ‘work_q.c’
1> Compiling ‘printk.c’
2> Compiling ‘configs.c’
1> Compiling ‘soc.c’
2> Compiling ‘mpu_regions.c’
1> Compiling ‘system_nrf9160.c’
2> Compiling ‘nrfx_glue.c’
1> Compiling ‘power.c’
2> Compiling ‘reboot.c’
2> Compiling ‘policy_residency.c’
1> Compiling ‘uart_console.c’
2> Compiling ‘nrf_power_clock.c’
1> Compiling ‘sys_clock_init.c’
1> Compiling ‘nrf_rtc_timer.c’
2> Compiling ‘spm.c’
1> Compiling ‘secure_services.c’
1> C:/ncs/nrf/subsys/spm/secure_services.c:148:13: warning: unused variable 'ret' [-Wunused-variable]
1> C:/ncs/nrf/subsys/spm/secure_services.c:146:6: warning: unused variable 'i' [-Wunused-variable]
1> C:/ncs/nrf/subsys/spm/secure_services.c:143:23: warning: unused variable 'rsa' [-Wunused-variable]
1> C:/ncs/nrf/subsys/spm/secure_services.c:142:21: warning: unused variable 'pk' [-Wunused-variable]
1> C:/ncs/nrf/subsys/spm/secure_services.c:298:9: warning: implicit declaration of function 'memcpy' [-Wimplicit-function-declaration]
1> C:/ncs/nrf/subsys/spm/secure_services.c:303:1: warning: no return statement in function returning non-void [-Wreturn-type]
1> C:/ncs/nrf/subsys/spm/secure_services.c:181:1: warning: control reaches end of non-void function [-Wreturn-type]
Building ‘spm/zephyr/arch/arm/core/libspm_arch__arm__core.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_zephyr.a’
2> Assembling ‘exc_exit.S’
1> Assembling ‘swap_helper.S’
2> Assembling ‘cpu_idle.S’
1> Assembling ‘fault_s.S’
2> Assembling ‘isr_wrapper.S’
1> Compiling ‘irq_init.c’
2> Compiling ‘swap.c’
1> Compiling ‘irq_manage.c’
2> Compiling ‘fault.c’
1> Compiling ‘thread.c’
2> Compiling ‘fatal.c’
1> Compiling ‘sys_fatal_error_handler.c’
2> Compiling ‘thread_abort.c’
Building ‘spm/zephyr/arch/arm/core/cortex_m/libspm_arch__arm__core__cortex_m.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_arch__arm__core.a’
2> Assembling ‘vector_table.S’
1> Assembling ‘reset.S’
2> Assembling ‘nmi_on_reset.S’
1> Compiling ‘prep_c.c’
2> Compiling ‘scb.c’
1> Compiling ‘nmi.c’
2> Compiling ‘exc_manage.c’
Building ‘spm/zephyr/arch/arm/core/cortex_m/mpu/libspm_arch__arm__core__cortex_m__mpu.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_arch__arm__core__cortex_m.a’
2> Compiling ‘arm_core_mpu.c’
1> Compiling ‘arm_mpu.c’
Building ‘spm/zephyr/lib/libc/minimal/libspm_lib__libc__minimal.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_arch__arm__core__cortex_m__mpu.a’
2> Compiling ‘atoi.c’
1> Compiling ‘strtol.c’
1> Compiling ‘malloc.c’
2> Compiling ‘strtoul.c’
1> Compiling ‘bsearch.c’
2> Compiling ‘exit.c’
1> Compiling ‘strncasecmp.c’
2> Compiling ‘strstr.c’
1> Compiling ‘string.c’
2> Compiling ‘prf.c’
1> Compiling ‘stdout_console.c’
1> Compiling ‘sprintf.c’
2> Compiling ‘fprintf.c’
Building ‘spm/zephyr/drivers/serial/libspm_drivers__serial.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_lib__libc__minimal.a’
2> Compiling ‘uart_nrfx_uarte.c’
Building ‘spm/zephyr/modules/nrfxlib/nrf_security/src/mbedtls/libspm_mbeddrbg.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_drivers__serial.a’
2> Compiling ‘ctr_drbg.c’
1> Compiling ‘entropy.c’
Building ‘spm/zephyr/modules/nrfxlib/nrf_security/src/mbedtls/libspm_mbedcrypto_vanilla.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_mbeddrbg.a’
2> Compiling ‘aes.c’
1> Compiling ‘aesni.c’
2> Compiling ‘arc4.c’
1> Compiling ‘aria.c’
1> Compiling ‘asn1parse.c’
2> Compiling ‘asn1write.c’
1> Compiling ‘base64.c’
2> Compiling ‘bignum.c’
1> Compiling ‘blowfish.c’
1> Compiling ‘camellia.c’
2> Compiling ‘ccm.c’
1> Compiling ‘chacha20.c’
2> Compiling ‘chachapoly.c’
1> Compiling ‘cipher.c’
2> Compiling ‘cmac.c’
1> Compiling ‘des.c’
1> Compiling ‘dhm.c’
2> Compiling ‘ecdh.c’
1> Compiling ‘ecdsa.c’
2> Compiling ‘ecjpake.c’
1> Compiling ‘ecp.c’
2> Compiling ‘ecp_curves.c’
1> Compiling ‘entropy_poll.c’
2> Compiling ‘error.c’
1> Compiling ‘gcm.c’
2> Compiling ‘havege.c’
1> Compiling ‘hkdf.c’
2> Compiling ‘hmac_drbg.c’
1> Compiling ‘md2.c’
2> Compiling ‘md.c’
1> Compiling ‘md4.c’
2> Compiling ‘md5.c’
1> Compiling ‘md_wrap.c’
2> Compiling ‘memory_buffer_alloc.c’
1> Compiling ‘nist_kw.c’
2> Compiling ‘oid.c’
1> Compiling ‘padlock.c’
2> Compiling ‘pk.c’
1> Compiling ‘pk_wrap.c’
2> Compiling ‘pkcs12.c’
1> Compiling ‘pkcs5.c’
1> Compiling ‘pkwrite.c’
2> Compiling ‘pkparse.c’
1> Compiling ‘platform.c’
2> Compiling ‘platform_util.c’
1> Compiling ‘poly1305.c’
2> Compiling ‘ripemd160.c’
1> Compiling ‘rsa.c’
1> Compiling ‘sha1.c’
2> Compiling ‘rsa_internal.c’
1> Compiling ‘sha256.c’
2> Compiling ‘sha512.c’
1> Compiling ‘threading.c’
2> Compiling ‘timing.c’
1> Compiling ‘version.c’
2> Compiling ‘version_features.c’
1> Compiling ‘xtea.c’
2> Compiling ‘cipher_wrap.c’
2> Compiling ‘pem.c’
Building ‘spm/zephyr/kernel/libspm_kernel.a’ from solution ‘build’ in configuration ‘Common’
1> Archiving ‘libspm_mbedcrypto_vanilla.a’
2> Compiling ‘device.c’
1> Compiling ‘errno.c’
2> Compiling ‘idle.c’
1> Compiling ‘init.c’
2> Compiling ‘mailbox.c’
1> Compiling ‘mem_slab.c’
2> Compiling ‘mempool.c’
1> Compiling ‘msg_q.c’
2> Compiling ‘mutex.c’
1> Compiling ‘pipes.c’
1> Compiling ‘sched.c’
2> Compiling ‘queue.c’
2> Compiling ‘sem.c’
2> Compiling ‘stack.c’
1> Compiling ‘system_work_q.c’
1> Compiling ‘thread.c’
2> Compiling ‘thread_abort.c’
1> Compiling ‘version.c’
2> Compiling ‘work_q.c’
1> Compiling ‘smp.c’
1> Compiling ‘timeout.c’
2> Compiling ‘timer.c’
1> Archiving ‘libspm_kernel.a’
Building ‘spm/zephyr/spm_zephyr_prebuilt.elf’ from solution ‘build’ in configuration ‘Common’
1> Compiling ‘empty_file.c’
1> Linking ‘spm_zephyr_prebuilt.elf’
1> Memory region         Used Size  Region Size  %age Used
1>            FLASH:         64 KB        48 KB    133.33%
1>             SRAM:        4912 B        64 KB      7.50%
1>         IDT_LIST:          40 B         2 KB      1.95%
1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: spm\zephyr\spm_zephyr_prebuilt.elf section `.gnu.sgstubs' will not fit in region `FLASH'
1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: SPM and app are sharing an SPU region. Cannot partition flash correctly into secure and non-secure. Adjust partitions sizes so they are placed in separate regions.
1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: region `FLASH' overflowed by 16384 bytes
1> collect2.exe: error: ld returned 1 exit status
Build failed

1> Linking ‘spm_zephyr_prebuilt.elf’
1> Memory region         Used Size Region Size %age Used
1>            FLASH:         64 KB        48 KB    133.33%
1>             SRAM:        4912 B        64 KB      7.50%
1>         IDT_LIST:          40 B         2 KB      1.95%
1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: spm\zephyr\spm_zephyr_prebuilt.elf section `.gnu.sgstubs' will not fit in region `FLASH'
1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: SPM and app are sharing an SPU region. Cannot partition flash correctly into secure and non-secure. Adjust partitions sizes so they are placed in separate regions.
1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: region `FLASH' overflowed by 16384 bytes
1> collect2.exe: error: ld returned 1 exit status
Build failed

I tried it several times and also restarted my pc and etc.. Same error.

Maybe I can change or check something else?

I want to do still some tests.

----------------------------------------------------------------------------------------------------------------

EDIT:

Also I found in spm menu config (placed at C:\ncs\nrf\susbsys\spm\Kconfig this:

# Define used by partition_manager.py to deduce size of partition
config PM_PARTITION_SIZE_MCUBOOT
   hex "Flash space reserved for bootloader."
   default 0xc000
   help
      Flash space set aside for the MCUBoot. Note, the name
      of this configuration needs to match the requirements set by the
      script 'partition_manager.py'. See pm.yaml.

What this mean? This space 0xc000 = 48kB

I think so compiler try place rsa functions with bootloader in one section. Does it make sense?

0 DenisAks over 5 years ago in reply to DenisAks

I changed 0xc000 to 0x12000 and now all compiled ok.

But in the debugger I can't go inside funcion __TZ_NONSECURE_ENTRY_FUNC rsa_test().

Is this how it should be?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 MJD093 over 5 years ago in reply to DenisAks

Ah ok, I was looking for something like that tbh myself. I knew that whatever was causing this to be reduced was something 13 flash sectors in size, which was what you found. If you compile the SPM application, the flash area is like 128KB but in every other sample it gets reduced to 48KB. I guess you found where the flash sector for SPM was getting throttled down.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 DenisAks over 5 years ago in reply to MJD093
Thanks for your help.

Very many things have become clear.

Now I need run and check how works CC310 crypto module.

I wanted start it from RSA key generation. I have a question can I use debugger in secure memory? And why I had bus fault when I try use printk from spm_request_random_number()?

BUS FAULT:

Exception occurred in Secure State ***** BUS FAULT ***** Precise data bus error BFAR Address: 0x50008120 ***** Hardware exception ***** Current thread ID = 0x200200b0 Faulting instruction address = 0xffffffff Fatal fault in essential thread! Spinning...
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 MJD093 over 5 years ago in reply to DenisAks
I have changed my value in this definition to 0x12000 as well and the application runs correctly with the new partition size of 72KB.

[177/319] Linking C executable spm/zephyr/spm_zephyr_prebuilt.elf Memory region Used Size Region Size %age Used FLASH: 32 KB 72 KB 44.44% SRAM: 10000 B 64 KB 15.26% IDT_LIST: 40 B 2 KB 1.95%

So the issue was with the size of flash allocated to MCUBoot, which is strange as that should have been the partition covered under boot_partition. I tried changing that value yesterday and it had no effect on the outcome.

From Zephyr documentation:

boot_partition

This is the partition where the bootloader is expected to be placed. MCUboot’s build system will attempt to link the MCUboot image into this partition.

I guess it doesn't actually do that and uses this define to set up and partition seperate from the rest of the flash memory. It then links to slot0_partition where the applications secure image is placed.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel