How to implement a custom service using a SPI interface on TF-M

RE: How to implement a custom service using a SPI interface on TF-M

jli157@intel — Wed, 15 Sep 2021 14:55:23 GMT

Understood. we can expose the SPI API as a platform service like what you have done on exposing memory access on ioctl.

I've already found an out-of-tree partition solution from one of ARM's TF-M pull requests: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/10562 which is much useful.

Thank you, Einar!

RE: How to implement a custom service using a SPI interface on TF-M

Einar Thorsrud — Wed, 15 Sep 2021 09:26:39 GMT

Hi,

[quote user="bleintel"]I read the ioctl's implementation and thought it is just for reading memory block from somewhere.[/quote]

Yes, that is how it is provided in the SDK, but you can modify it to your needs, adding more/arbitrary features in the same partition.

[quote user="bleintel"]How can I use it to control a SPI device?[/quote]

You can expand it with whatever you need of functionality. If you need to control a SPI device, you can include nrfx SPI driver implementation file in the build and use that to control the SPI peripheral.

(There is ongoing work to make it possible to add new partitions out of tree so this can be done in a cleaner way at some point in the future)

RE: How to implement a custom service using a SPI interface on TF-M

jli157@intel — Wed, 15 Sep 2021 06:55:40 GMT

Hi Einar,

I read the ioctl's implementation and thought it is just for reading memory block from somewhere. How can I use it to control a SPI device? I guess our application RoT could directly access the spi master driver from nordic SDK?

RE: How to implement a custom service using a SPI interface on TF-M

Einar Thorsrud — Tue, 14 Sep 2021 07:24:24 GMT

Hi Jun,

You do not need a separate partition. The ioctl partition is rather generic so I suggest you try to re-use the existing partition.

RE: How to implement a custom service using a SPI interface on TF-M

jli157@intel — Mon, 13 Sep 2021 05:34:35 GMT

Hi Einar,

Thanks for the suggestions!

One more question: our application RoT will use the SPI master which doesn't have an implementation in the HAL layer. To enable the application RoT to use the SPI driver, should a PSA RoT partition for the SPI driver be added as well, like ioctl partition which is implemented already?

Regards,

Jun

RE: How to implement a custom service using a SPI interface on TF-M

Einar Thorsrud — Thu, 09 Sep 2021 11:13:52 GMT

Hi Jun,

CryptoCell is integrated with TF-M, via the nrf_security module. Here mbed TLS is used as a frontend, and CryptoCell is used for operations that are supported by it. TF-M again sits on top of this.

You can see this with some SDK examples. If you run Cryptography samples on a device with CryptoCell, that will be used. And if you also build for non-secure on the nRF9160 or nRF5340, TF-M will be used.

(Note TF-M support in general is experimental in nRF Connect SDK 1.6.x.)

Einar

RE: How to implement a custom service using a SPI interface on TF-M

jli157@intel — Thu, 09 Sep 2021 05:33:19 GMT

Hi Einar,

Thanks agin for the help! The implication seems a nice example for me to get started.

A further question: how is the status of integrating CryptoCell with TF-M? Is it fully functional for supporting the mbedTLS on the non-secure world, such as working as a backend for mbedTLS?

Regards,

Jun

RE: How to implement a custom service using a SPI interface on TF-M

Einar Thorsrud — Wed, 08 Sep 2021 14:27:48 GMT

Hi Li,

You can refer to the implementation of the custom service to read memory to see how custom services are added to TF-M. You can add more services here using the same approach to add more services to the existing partition.

Regarding SPIM you can use that from TF-M if it is configured for secure domain. If you for instance use the nrfx SPIM driver it makes sense to add the source files and include folder to the CMakeList.txt for linked to above.