How to implement a custom service using a SPI interface on TF-M

Hi Sir/Madam, 

Our project needs to use TEE on nRF5340 which seems to be implemented by TF-M for now and future. After investigating the implementation, I didn't find a service sample that uses a peripheral from the secure world. Specifically, our project needs to get a SPI-wired biometric sensor managed by TEE environment. So far, I can't find either the nRF53's SPIM driver in TF-M's nRF53 platform or a custom service using the physical driver. Do you have an example similar to that or some suggestions how to achieve that? 

Thank you!

Jun Li @ Intel Corporation

Parents Reply Children
  • Hi Einar, 

    I read the ioctl's implementation and thought it is just for reading memory block from somewhere. How can I use it to control a SPI device? I guess our application RoT could directly access the spi master driver from nordic SDK? 

  • Hi,

    jli157@intel said:
    I read the ioctl's implementation and thought it is just for reading memory block from somewhere.

    Yes, that is how it is provided in the SDK, but you can modify it to your needs, adding more/arbitrary features in the same partition.

    jli157@intel said:
    How can I use it to control a SPI device?

    You can expand it with whatever you need of functionality. If you need to control a SPI device, you can include nrfx SPI driver implementation file in the build and use that to control the SPI peripheral. 

    (There is ongoing work to make it possible to add new partitions out of tree so this can be done in a cleaner way at some point in the future)

  • Understood. we can expose the SPI API as a platform service like what you have done on exposing memory access on ioctl.

    I've already found an out-of-tree partition solution from  one of ARM's TF-M pull requests: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/10562 which is much useful. 

    Thank you, Einar!

Related