https://devzone.nordicsemi.com/f/nordic-q-a/84127/nrf9160-use-secure-peripheral-from-non-secure-ns-firmwareHi ! In nRF9160, want to implement nrf_mode_lib for modem. Therefore, need to select non-secure(ns) board.But want to set UARTE2 as secure. As UARTE2 provides communication between nRF9160 and nRF52840. Question: 1) How would I used UARTE2 secureen-USTelligent Community 13Thu, 03 Feb 2022 08:07:13 GMThttps://devzone.nordicsemi.com/thread/351003?ContentTypeID=1Thu, 03 Feb 2022 08:07:13 GMT137ad170-7792-4731-bb38-c0d22fbe4515:a35fdd32-675b-43e5-8b9f-ba14cfac6a00Sigurd Hellesvik<p>Hi</p> <p>The <a href="https://developer.nordicsemi.com/nRF_Connect_SDK/doc/1.8.0/nrf/samples/nrf9160/secure_services/README.html">Secure Services</a> sample showcases how to use <a href="https://developer.nordicsemi.com/nRF_Connect_SDK/doc/1.8.0/nrf/libraries/others/secure_services.html#c.spm_request_system_reboot">Secure Services</a>.<br />These are functions in the Secure partition that are accessible from the Non-Secure part.</p> <p>Since there are no premade Secure Service for handling UARTE2, you will have to make a custom Secure Service for this.<br />Here is an older guide on <a href="https://devzone.nordicsemi.com/guides/nrf-connect-sdk-guides/b/software/posts/using-a-custom-secure-partition-manager-wtih-your-application">Using a custom Secure Partition Manager with your application</a>. It might not work as it is for v1.8.0, but it should outline the consent at least.</p> <p>There should be a way to do this in <a href="https://developer.nordicsemi.com/nRF_Connect_SDK/doc/1.8.0/nrf/ug_tfm.html">Trusted Firmware-M</a> also, but we do not have any example to showcase this at this time.</p> <p>Regards,<br />Sigurd Hellesvik</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/350922?ContentTypeID=1Wed, 02 Feb 2022 14:53:40 GMT137ad170-7792-4731-bb38-c0d22fbe4515:6ede5463-4585-438c-936c-4042e9fd1fafSiddharth Kachhia<p>Here I have choose UARTE2 as secure for understanding of how to use secure peripheral from non-secure.</p> <p>So, Though it may compromise security, how would I handle secure peripheral from non-secure FW image ? Do you have any sample/demo which provides my steps for understanding of using secure peripheral from non-secure board FW image ?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/350155?ContentTypeID=1Fri, 28 Jan 2022 10:10:07 GMT137ad170-7792-4731-bb38-c0d22fbe4515:75179655-36f4-4755-92e7-54d8fb9cf95bSigurd Hellesvik[quote user="Siddharth Kachhia"]data(UART) would be safe from attackers.[/quote] <p>The UART goes between the nRF9160 and the nRF52840.<br />Where can the attack come from?</p> <p>Why would it be bad if attackers had access to the UARTE2?</p> <p>Regards,<br />Sigurd Hellesvik</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/350123?ContentTypeID=1Fri, 28 Jan 2022 08:23:29 GMT137ad170-7792-4731-bb38-c0d22fbe4515:563fd60b-42cd-4f3f-915d-c641750d3774Siddharth Kachhia<p>As on configuring UARTE2 secure, data(UART) would be safe from attackers. To safe that peripheral from attacks, want to make it secure peripheral.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/350118?ContentTypeID=1Fri, 28 Jan 2022 08:12:21 GMT137ad170-7792-4731-bb38-c0d22fbe4515:f02aaca8-f754-472d-a6b6-01e5c05692bfSigurd Hellesvik<p>Hi</p> <p>As security is important, i think it is an good idea to be thorough, so let me ask you this:</p> [quote user="Siddharth Kachhia"]So, want to make UARTE2 secure for security purpose.[/quote] <p>Why does the UARTE2 need to be secure?</p> <p>Regards,<br />Sigurd Hellesvik</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/350059?ContentTypeID=1Thu, 27 Jan 2022 17:13:17 GMT137ad170-7792-4731-bb38-c0d22fbe4515:e7f17015-e66d-49d8-a8a1-bfcabfea6e07Siddharth Kachhia<p>nRf9160 and nRF52840 communicate with each other and send MQTT-SN msg over UARTE2.<br />So, want to make UARTE2 secure for security purpose. But also have to use modem with nRF9160 for cloud connection. Hence, need to configure non-secure(ns) board for nRF9160.</p> <p>That&#39;s why question arise here that <br />1) How to use UARTE2 secure peripheral from non-secure firmware ?<br />2) Can SPM service be modified to add UARTE2 secure peripheral communication from non-secure image ?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/350004?ContentTypeID=1Thu, 27 Jan 2022 14:16:42 GMT137ad170-7792-4731-bb38-c0d22fbe4515:1512d6b4-b6d2-4fcd-9a29-fd41a34ff9e4Sigurd Hellesvik<p>Hi Siddharth</p> <p>When you build for nrf9160dk_nrf9160, all peripherals memory are in the same &quot;zone&quot;. Therefore, peripherals are neither secure or non-secure.</p> <p>When you build for nrf9160dk_nrf9160_ns, peripherals and memory are split into two different parts, the non-secure and the secure.<br />You can choose which peripherals are set as non-secure. The rest are secure.</p> <p>Secure peripherals are secure only because the non-secure parts can not access the secure parts.<br />Some functions can bridge the non-secure/secure gap, but this should not be done lightly, as it may compromise the security of the device.</p> <p>See <a href="https://developer.nordicsemi.com/nRF_Connect_SDK/doc/1.8.0/nrf/libraries/others/spm.html">Secure Partition Manager</a> for more information on secure and non-secure.</p> <p>What are you going to use the nRF52840 for?</p> <p>Would it be an alternative to make UARTE2 non-secure instead of secure, or does it need to be secure?</p> <p>Regards,<br />Sigurd Hellesvik</p><div style="clear:both;"></div>