This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

NRF9160 partitions issue with hardware CC310 crypto library

Hello everyone!

I've tried to run mbedtls crypto functions which are using cc310 hardware implementation and I have partitions overlap issue.


Our main goal is to test RSA-related functions to understand better how we can work with this library.
I've found an "mbedtls_rsa_self_test" routine which already calls everything which we need use.
This function is located into the "secure_service.c" file (ncs\nrf\subsys\spm\secure_service.c).
To use this "mbedtls_rsa_self_test" function we uncommented line #define MBEDTLS_SELF_TEST placed in "\ncs\mbedtls\include\mbedtls\config.h"

It is important to note, that according to the nrfxlib documentation, the only one way to work with cc310 module is using secure mode. https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrfxlib/crypto/doc/nrf_cc310_mbedcrypto.html
This part is described in the "Usage restrictions" section:
"On the nRF9160 SiP, the nrf_cc310_mbedcrypto library is restricted to only work in secure processing environment. The library uses mutexes to ensure single usage of hardware modules."

Here is a part of the source code where I call this routine:

__TZ_NONSECURE_ENTRY_FUNC
int spm_request_random_number(u8_t *output, size_t len, size_t *olen)
{
int err;

mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", err );


if (len != MBEDTLS_ENTROPY_MAX_GATHER) {
return -EINVAL;
}

err = mbedtls_hardware_poll(&rng_workbuf, output, len, olen);

#if 1
if(mbedtls_rsa_self_test(1) != 0)
{
mbedtls_printf( "RSA failed\n");
}
#endif
return err;
}

The thing is that build fails while we are using such solution. I see some linker error, which says that partition size limit is exceeded. I've already posted a ticket with a very similar issue, you can check it here: https://devzone.nordicsemi.com/f/nordic-q-a/50155/nrf9160-memory-partition 

I tried to change Zephyr's partitions, you can find all the necessary information in the attached files.
As far as I understood, all libraries which are required for mdedTLS should be called from the security region only. In this case they will be located into the mcuboot partition, that's why I also increased size reserved for spm. It was done using the "spm_menuconfig" option in the menuconfig (Project -> Configure nRF SDK Project). I've found "Modules -> Nordic nRF Connect -> SPM -> Current app is SPM - > Flash space reserved for SPM" parameter and changed it's value from 0xc000 (48Kb) to to 0x1CCCC (115Kb).

Unfortunately, it led me to the following error:

1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: SPM and app are sharing an SPU region. Cannot partition flash correctly into secure and non-secure. Adjust partitions sizes so they are placed in separate regions.
1> collect2.exe: error: ld returned 1 exit status
Build failed

It is obvious that I do somethibng wrong here, so I really need some help with those partitions and with mbedtls_rsa_self_test.
I hope that someone can help me with it. Thanks in advance anyone who will at least try to understand what is going on here!
IDE which I am using is "Segger Embedded Studio V4.18 (Nordic Edition)"

Here is a full build log which I see:

Building ‘spm/zephyr/include/generated/driver-validation.h’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/CMakeFiles/spm_driver_validation_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_driver_validation_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/include/generated/kobj-types-enum.h’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/include/generated/otype-to-str.h’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/CMakeFiles/spm_kobj_types_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_kobj_types_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/misc/generated/syscalls.json’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/include/generated/syscall_list.h’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/CMakeFiles/spm_syscall_list_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/include/generated/syscall_dispatch.c’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_syscall_list_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/include/generated/syscall_macros.h’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/CMakeFiles/spm_syscall_macros_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_syscall_macros_h_target’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_offsets’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_offsets’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/include/generated/offsets.h’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/CMakeFiles/spm_offsets_h’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_offsets_h’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_app’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_arch__arm__core’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_arch__arm__core__cortex_m’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_arch__arm__core__cortex_m__mpu’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_drivers__serial’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_kernel’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_lib__libc__minimal’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_mbedcrypto_vanilla’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_mbeddrbg’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_zephyr’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/linker.cmd’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/CMakeFiles/spm_linker_script_target’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_linker_script_target’ from solution ‘build’ in configuration ‘Common’
Building ‘cmake_object_order_depends_target_spm_zephyr_prebuilt’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/spm_app/libspm_app.a’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/libspm_zephyr.a’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/arch/arm/core/libspm_arch__arm__core.a’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/arch/arm/core/cortex_m/libspm_arch__arm__core__cortex_m.a’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/arch/arm/core/cortex_m/mpu/libspm_arch__arm__core__cortex_m__mpu.a’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/lib/libc/minimal/libspm_lib__libc__minimal.a’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/drivers/serial/libspm_drivers__serial.a’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/modules/nrfxlib/nrf_security/src/mbedtls/libspm_mbeddrbg.a’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/modules/nrfxlib/nrf_security/src/mbedtls/libspm_mbedcrypto_vanilla.a’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/kernel/libspm_kernel.a’ from solution ‘build’ in configuration ‘Common’
Building ‘spm/zephyr/spm_zephyr_prebuilt.elf’ from solution ‘build’ in configuration ‘Common’
1> Linking ‘spm_zephyr_prebuilt.elf’
1> Memory region Used Size Region Size %age Used
1> FLASH: 64 KB 117964 B 55.56%
1> SRAM: 11252 B 64 KB 17.17%
1> c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/bin/ld.exe: SPM and app are sharing an SPU region. Cannot partition flash correctly into secure and non-secure. Adjust partitions sizes so they are placed in separate regions.
1> collect2.exe: error: ld returned 1 exit status
1> IDT_LIST: 40 B 2 KB 1.95%
Build failed

NXM.zipnrf9160_pca10090_boot_0x25000.zip

Related