• State Verified Answer
  • Replies 14 replies
  • Subscribers 64 subscribers
  • Views 2956 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 277163
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

What are the options for using TF-M with MCUboot?

Riku Karttunen

Hi,

I would like to use MCUboot together with TF-M for an application running on nRF9160 in order to have the security features provided by TF-M while having upgrade capabilities. I can see that currently there are limitations when it comes to using the Nordic security backend + TF-M + MCUboot. What are my options for making this combination (TF-M + MCUboot) work currently? Is there an alternative to the Nordic backend and how would it differ if so? Can we expect the limitation regarding the Nordic backend to be removed any time soon?

  • 0

    Hey Riku!

    Just letting you know that I am looking into it, but I will have to get back to you.

    Best regards,

    Elfving

  • 0

    Hey again Riku!

    TF-M + MCUboot) work currently?

    Yes! This is possible with NCS1.7, but there are some issues. Currently as a workaround, CONFIG_ARM_MPU and CONFIG_FPROTECT must be disabled on the MCUBoot image.

    Can we expect the limitation regarding the Nordic backend to be removed any time soon?

    It is expected to be fixed shortly. Are there any other limitations you are referring to? 

    Best regards,

    Elfving

  • 0 in reply to Elfving

    Thanks, I'll add those options to the configuration during development. Does disabling those features have any negative effects on the whole system (security especially)?

    The limitation I was referring to was the one specified in the help text of the CONFIG_TFM_BL2 option stating "We currently do not support builds with MCUboot and TF-M if the Nordic Security backend is used." I suppose this has to do with different instance of MCUboot than the one you are referring to.

  • 0 in reply to Riku Karttunen

    Not that I can think of. Though it is a workaround - security shouldn't be a main concern yet. All issues are to be fixed before it is production-ready, which is probably why it states that it is not supported. 

    Riku Karttunen said:
    "We currently do not support builds with MCUboot and TF-M if the Nordic Security backend is used."

    I'll have to look into that and get back to you. But in any case, support for CONFIG_TFM_BL2 will eventually be dropped and replaced by CONFIG_BOOTLOADER_MCUBOOT.

    Best regards,

    Elfving

    Just a small update:

    There are no issues with the nordic security backend, but there is currently one minor issue with MCUboot, that the above workaround addresses.

    The documentation can be a bit confusing, but BL2 isn't and will not be supported.

  • 0 in reply to Elfving

    Hey again,

    Thanks for the updates. I'll add here my quick test results should they help someone trying to integrate similar things.

    I enabled MCUboot and applied those config options you mentioned to the MCUboot subimage. Build went through fine and I ended up with 3 subimages (mcuboot, tfm, zephyr). I then flashed the merged image and was greeted with the following prints:

    *** Booting Zephyr OS build v2.6.99-ncs1  ***
I: Starting bootloader
I: Bootloader chainload address offset: 0xc000
ASSERTION FAIL [!sys_dnode_is_linked(&to->node)] @ WEST_TOPDIR/zephyr/kernel/timeout.c:93

    I don't know what to make of this assertion. Do you have any pointers for what could be the issue? I am using a custom board so my hunch is that this has to do with my specific board/config/memory combination.

Related