Problem importing a library into TF-M: Not enough space to import i

Hi,

I am developing a project that uses TF-M to run some functions from a secure partition. The structure of the project is shown below:

├── lib
│   ├── ...
│   ├── blst.h
│   ├── libblst.a
├── mycli
│   ├── CMakeLists.txt
│   ├── README.rst
│   ├── prj.conf
│   ├── sample.yaml
│   └── src
│   ├── main.c
│   ├── secure_partition_interface.c
│   └── secure_partition_interface.h
└── secure_partition
    ├── CMakeLists.txt
    ├── README.md
    ├── secure_partition.c
    ├── tfm_manifest_list.yaml.in
    └── tfm_secure_partition.yaml

I need to import a static library whose functions I am going to use only from the secure partition. Therefore, I intend to import them into the safe partition.

To use its functions, I include the library in the file I use it:

#include "blst.h"

If I use its functions, it tells me that they are not defined. I understand that it is because I have not included them in secure_partition/CMakeLists.txt. To include them, I write the following configuration in that file:

target_include_directories(tfm_app_rot_partition_sp PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../lib)

target_link_libraries(tfm_app_rot_partition_sp
PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}/../lib/libblst.a
)


I don't know if I am doing something wrong when I include the library or if I just need more space. If I am doing the import wrong, I would like to know how to fix it. If I need more space, I would like to know how to get it, either by decreasing the size of my secure partition, or by increasing the size of the flash memory dedicated to it (the libblst.a file size is about 110 kB).

Regards,

Pablo

Useful information about the project:
- I'm using the nRF5340DK development kit.
- nRF SDK v2.0.0
- The project is based on the example: TF-M Secure Partition Sample. When doing the build for this example, the available and used space shown is as follows:

Memory region           Used Size     Region Size    %age Used
           FLASH:            21648 B           736 KB            2.87%
           SRAM:            4816 B              256 KB            1.84%
           IDT_LIST:         0 GB                  2 KB             0.00%

Error trace:

e:/programs/nordic/toolchains/v2.0.0/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/10.3.0/../../../../arm-zephyr-eabi/bin/ld.exe: bin\tfm_s.axf section `.tfm_rodata' will not fit in region `FLASH'
e:/programs/nordic/toolchains/v2.0.0/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/10.3.0/../../../../arm-zephyr-eabi/bin/ld.exe: address 0x4bee0 of bin\tfm_s.axf section `.gnu.sgstubs' is not within region `FLASH'
e:/programs/nordic/toolchains/v2.0.0/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/10.3.0/../../../../arm-zephyr-eabi/bin/ld.exe: address 0x4bee0 of bin\tfm_s.axf section `.gnu.sgstubs' is not within region `FLASH'
e:/programs/nordic/toolchains/v2.0.0/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/10.3.0/../../../../arm-zephyr-eabi/bin/ld.exe: region `FLASH' overflowed by 49152 bytes
Memory region        Used Size      Region Size    %age Used
           FLASH:         304 KB            256 KB            118.75%
           RAM:            45180 B           256 KB            17.23%
collect2.exe: error: ld returned 1 exit status
ninja: build stopped: subcommand failed.
FAILED: modules/trusted-firmware-m/tfm-prefix/src/tfm-stamp/tfm-build tfm/secure_fw/s_veneers.o tfm/app/libtfm_api_ns.a tfm/generated/interface/include/psa_manifest/sid.h tfm/platform/libplatform_ns.a tfm/bin/tfm_s.elf tfm/bin/tfm_s.bin tfm/bin/tfm_s.hex tfm/bin/tfm_ns.bin tfm/bin/tfm_ns.hex tfm/bin/tfm_s_signed.bin tfm/bin/tfm_ns_signed.bin tfm/bin/tfm_s_ns_signed.bin
cmd.exe /C "cd /D C:\Nordic\tfm\mycli\build\tfm && E:\Programs\Nordic\toolchains\v2.0.0\opt\bin\cmake.exe --build . -j 1"
ninja: build stopped: subcommand failed.
FATAL ERROR: command exited with status 1: 'e:\Programs\Nordic\toolchains\v2.0.0\opt\bin\cmake.EXE' --build 'c:\Nordic\tfm\mycli\build'

Parents
  • I would like to add that this is what is shown when I build my application without importing the library into my project.

    Memory region          Used Size     Region Size     %age Used
               FLASH:            92136 B          736 KB            12.23%
               SRAM:            113920 B          256 KB            43.46%
               IDT_LIST:           0 GB               2 KB                0.00%

    It is strange that the total available flash memory space (region size) is larger than when importing the static library.

    On the other hand, if I import the static library in the main part of the project (non-secure partition) it shows the same occupied space as if I don't import it anywhere.

    mycli/CMakeLists.txt:

    target_link_libraries(app PUBLIC ${APPLICATION_SOURCE_DIR}/../lib/libblst.a)

    Memory region          Used Size     Region Size     %age Used
               FLASH:            92136 B          736 KB            12.23%
               SRAM:            113920 B          256 KB            43.46%
               IDT_LIST:           0 GB               2 KB                0.00%

    The problem is that I want to use this library in the secure partition.

  • Hi Pablo,

    I will look into this.

    As this sample and TF-M is quite new, I will have to try to replicate this myself.
    This might take some time, but I hope to be able to return with some information on the issue on Monday.

    Regards,
    Sigurd Hellesvik

  • Hi,

    A github repo to show this would be welcome!

    The Partition Manager should scale the partition as is needed for your version of TF-M.
    Changing the size statically is likely not the correct approach for this.

    That being said, here are some alternatives:
    pm.yml.tfm looks like it sets the size of the Secure TF-M partition.
    Here it looks like like CONFIG_PM_PARTITION_SIZE_TFM is used to configure the size.

    A even worse idea would be to use pm_static.yml instead. I will therefore not go into details on how.

    A nice trick to see the how the flash is partitioned is to use

    west build -t partition_manager_report
    

    Here is from the zephyr Hello World sample when I build for nrf5340dk_nrf5340_cpuapp_ns:

    As you can see, TF-M is responsible for the size of both the secure flash and the application.

    I recently answered another case on how to decrease the size of the PSA functionality.
    See my last answer on  RE: Need to reduce the size of the Crypto libray/support . Maybe it can help you getting the size smaller.

    Regards,
    Sigurd Hellesvik

  • Hi Pablo,

    Unfortunately I have not been able to reproduce this yet.

    I will continue on this work tomorrow, and will let you know when I know more.

    Regards,
    Sigurd Hellesvik

  • Hi Pablo,

    If you only intend to use the static library inside the secure partition, could you maybe just put your "lib" folder inside the "secure_partition" folder?

    Maybe you can find some help from the Zephyr External Library sample as well?

    ├── CMakeLists.txt
    ├── prj.conf
    ├── README.rst
    ├── sample.yaml
    ├── secure_peripheral_partition
    │   ├── CMakeLists.txt
    │   ├── lib
    │   │   ├── test.c
    │   │   └── test.h
    │   ├── secure_peripheral_partition.c
    │   ├── tfm_manifest_list.yaml.in
    │   ├── tfm_secure_peripheral_partition.yaml
    │   ├── util.c
    │   └── util.h
    └── src
    ├── main.c
    ├── secure_peripheral_partition.c
    └── secure_peripheral_partition.h

    Regards,
    Sigurd Hellesvik

  • Thanks Sigurd.

    I'll take a look at what you sent me. When I try it, I'll comment on the result, successful or not.

  • Hello Sigurd

    First of all, sorry for the wait. I've been away for a few days.

    Here is a link to the repository of the current project, so you can reproduce the problem: github.com/.../bls-hsm-2

    I understand that reducing the size of TF-M could be a possible solution, but it's not the correct approach for this. I haven't managed to do it yet. However, what is really strange to me is the reduction of the available space when importing the library. I can't find any relation between importing a library and reducing the available space on the flash.

Reply
  • Hello Sigurd

    First of all, sorry for the wait. I've been away for a few days.

    Here is a link to the repository of the current project, so you can reproduce the problem: github.com/.../bls-hsm-2

    I understand that reducing the size of TF-M could be a possible solution, but it's not the correct approach for this. I haven't managed to do it yet. However, what is really strange to me is the reduction of the available space when importing the library. I can't find any relation between importing a library and reducing the available space on the flash.

Children
  • Hello Pablo, 

    Sigurd is currently out of office, and I will look into your case in the meantime. I'll take a look at your sample on Monday and try to reproduce problem

    Best regards,

    Simon

  • I was able to resolve the issue by setting CONFIG_PM_PARTITION_SIZE_TFM=0x4C000 in mycli/prj.conf


    Explanation

    As you can see in the output below, tfm is overflowed by 49152 bytes

    ../arm-zephyr-eabi/bin/ld.exe: region `FLASH' overflowed by 49152 bytes
    Memory region         Used Size  Region Size  %age Used
               FLASH:        304 KB       256 KB    118.75%
                 RAM:       45180 B       256 KB     17.23%

    In the memory log output you showed earlier, I guess that was from the application and not tfm.

    As you can see in the log above, the allocated room for tfm is 256 KB, which you can also see by running ninja partition_manager_report from the build folder:

    siiv@siiv-7090 MINGW64 /c/nordic/ncs_samples_local/bls-hsm-2/mycli/build (main)
    $ ninja partition_manager_report
    [1/1] cmd.exe /C "cd /D C:\nordic\ncs_samples_lo...ples_local/bls-hsm-2/mycli/build/partitions.yml"  flash_primary (0x100000 - 1024kB):
    +---------------------------------------------+
    +---0x0: tfm_secure (0x40000 - 256kB)---------+
    | 0x0: tfm (0x40000 - 256kB)                  |
    +---0x40000: tfm_nonsecure (0xb8000 - 736kB)--+
    | 0x40000: app (0xb8000 - 736kB)              |
    +---0xf8000: tfm_storage (0x8000 - 32kB)------+
    | 0xf8000: tfm_its (0x2000 - 8kB)             |
    | 0xfa000: tfm_otp_nv_counters (0x2000 - 8kB) |
    | 0xfc000: tfm_ps (0x4000 - 16kB)             |
    +---------------------------------------------+
    
      otp (0x2fc - 764B):
    +------------------------------+
    | 0xff8100: otp (0x2fc - 764B) |
    +------------------------------+
    
      sram_primary (0x80000 - 512kB):
    +------------------------------------------------+
    +---0x20000000: sram_secure (0x40000 - 256kB)----+
    | 0x20000000: tfm_sram (0x40000 - 256kB)         |
    +---0x20040000: sram_nonsecure (0x40000 - 256kB)-+
    | 0x20040000: sram_primary (0x40000 - 256kB)     |
    +------------------------------------------------+

    In order to increase it to 304 KB=311296 bytes=0x4C000, I need to set CONFIG_PM_PARTITION_SIZE_TFM to 0x4C000 in mycli/prj.conf

    This will increase the allocated place for tfm and make room for the imported library.

    In some cases, if your application is very large, this may not be possible. Increasing the allocated space for tfm, will decrease the allocated space for the application, and the appliation may throw a FLASH overflow error. However, in your case, the application is only using about 12-13% of the allocated space.

    Best regards,

    Simon

  • Hello Simon

    This configuration has solved my problem. Thank you very much for your help.

    Regards,

    Pablo

Related