Problems on enabling TF-M's BL2

A question regarding to nRFSDK 1.7: why does nRFSDK disable using BL2 inside TF-M? If our device needs BL2 with TF-M, how can we enable it?
I can't enable CONFIG_TFM_BL2 if using nrfsdk v1.7.0 since it is disabled by default.

Should I use nrfsdk-mcuboot to replace it? If so, it seems nrfsdk-mcuboot has not been well aligned to TF-M, right?

Another question is regarding o use the nRF security backend with TF-M: is the CryptoCell is enabled automatically if nRF security backend is enabled? I don't see any static libraries inside "nrfxlib/crypto" have been linked to TF-M. Is TF-M's PSA crypto actually using "cryptocell-312-runtime"? If so, why is the nrf_security backend still needed?

Parents

0 Einar Thorsrud over 4 years ago

Hi,

BL2 is not supported with TF-M right now. You can use BOOTLOADER_MCUBOOT instead for now. Can you elaborate on what you mean by MCUBoot not being well aligned to TF-M?

Regarding nrf_security, the CryptoCell is enabled by default when you use TF-M. Checking the build/tfm/build.ninja file will show the linking commands with the crypto libraries.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 jli157@intel over 4 years ago in reply to Einar Thorsrud

We are thinking to use the firmware update secure partition from TF-M to do the firmware update in the future, which means the Zephyr application will use the firmware update TF-M APIs to populate new firmware data to the secondary partitions. What's your suggestions for this feature?

Okay, I'll open a new ticket for other questions for nrf_security.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Einar Thorsrud over 4 years ago in reply to jli157@intel

Hi,

We do not currently have any solution for updating only the secure partition. I have asked the team working on it to look into it.

For now, you can either enable serial recovery in MCUBoot or use the dfu_target_mcuboot APIs or direct flash read/write to secondary partition (dfu_target_mcuboot.c). Or see in dfu_target_stream.c how it's implemented there with flash read/writes. Then to set the image as active you would have to use mcuboot.h if you use flash write/read operations directly.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 jli157@intel over 4 years ago in reply to Einar Thorsrud

Einar,

You mean you haven't enabled the firmware update secure partitions (FWU) for firmware update? So, what's Nordic's plan to support FWU? You will use another approach instead of FWU provided by TF-M?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 jli157@intel over 4 years ago in reply to Einar Thorsrud

Einar,

You mean you haven't enabled the firmware update secure partitions (FWU) for firmware update? So, what's Nordic's plan to support FWU? You will use another approach instead of FWU provided by TF-M?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Einar Thorsrud over 4 years ago in reply to jli157@intel

Hi,

Yes, we do not have a solution for FWU for secure partitions only at the moment. Support for TF-M in nRF Connect SDK is still experimental and some important functionality is still missing. I cannot say which approach we will use for firmware upgrades of secure partitions at the moment, but the team is looking into this.

Edit: Note that we use a swapping mechanism with MCUboot so that the banked update is stored in a non-secure area. Therefore the application can write the update itself without using a secure service. We bundle TF-M together with the app image, so the current mechanism can be used to update both together.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel