How to disable default SPM sample and use the customized SPM firmware instead

Question

Hi all, 
 
 I have successfully followed this [tutorial]( https://devzone.nordicsemi.com/guides/nrf-connect-sdk-guides/b/software/posts/using-a-custom-secure-partition-manager-wtih-your-application ) from Heidi and created our SPM firmware. However, at the moment, our SPM runs after the default SPM sample, and the non-secure application codes run at last. 
 Is there any way that I can remove this SPM sample from our firmware build? I've looked all over the NCS's source codes and documentation and had no luck. I would be grateful for any solution or suggestion. 
 
 About my development platform: 
 - NCS v1.6 
 - Board: nrf9160dk 
 
 Thank you in advance. 
 Duy Anh

duyanh.y4n · Accepted Answer

Thanks, Simon,

the approach you suggested is ok, still, we don't want to fork anything, because we don't want to spend too much time managing the dependencies ourselves.

So in the end, I've tried the custom SPM build as the above guide with some output printing tests. I've added, for example, "Hello SPM samples" to the nrf's sample (in <workspace>/nrf/samples/spm/src/main.c) like this:

// nrf/samples/spm/main.c

#include <spm.h>
#include <zephyr.h>


void main(void)
{
    printk("Hello from SPM sample\n");
	spm_config();
	spm_jump();
}

On the other hand, I've modified my custom SPM source with the same code (but with a different print message) like this:

// /path/to/my/custom_spm_app/spm_module/zephyr/spm/src/main.c
#include <spm.h>
#include <zephyr.h>

void main(void)
{
    printk("Hello secure firmware\n");
	spm_config();
	spm_jump();
}

Custom app project tree:

<workspace>
└── custom_spm_app
    ├── application
    │   ├── prj.conf
    │   └── src
    │       └── main.c
    └── spm_module
            ├── CMakeLists.txt
            ├── module.yml
            └── spm
                ├── boards
                │   └── nrf9160dk_nrf9160.conf
                ├── CMakeLists.txt
                ├── nrf9160dk_nrf9160.overlay
                ├── pm.yml
                ├── prj.conf
                ├── README.rst
                ├── sample.yaml
                └── src
                    └── main.c

So the results are as follows:

- When I built the custom SPM app (located in /path/to/my/custom_spm_app/), the custom SPM module is loaded and executed in the final firmware.

- When I built the other app or sample (for example, zephyr/samples/hello_world), the default nrf's SPM sample is loaded and executed in the final firmware.

So, in conclusion, these SPM images are not loaded together (according to my initial question above). In fact, the default SPM was overwritten with the custom SPM module, and I guess it was because that they both have the same child image name (defined in CMakeLists), and the customize SPM module is configured on the application top level.

# in path/to/custom_spm_app/spm_module/zephyr/CMakeLists.txt
if(CONFIG_SPM)
set(spm_CONFIG_SPM_SECURE_SERVICES ${CONFIG_SPM_SECURE_SERVICES})
add_child_image_from_source(
  NAME spm
  SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}/spm
  )
endif()

# in nrf/samples/CMakeLists.txt
if(CONFIG_SPM)

# other configs...

set(spm_CONFIG_SPM_SECURE_SERVICES ${CONFIG_SPM_SECURE_SERVICES})
add_child_image_from_source(
  NAME spm
  SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}/spm
  )
  
# other configs...

endif()

Can you confirm if this behavior is expected with the overall default configurations of NCS? (I haven't had much experience with multiple image build and the partition manager module yet)

If yes, then I think it is good for my use case and I can safely replace the default SPM sample.

How to disable default SPM sample and use the customized SPM firmware instead

Top Replies