• State Not Answered
  • Replies 4 replies
  • Subscribers 71 subscribers
  • Views 1598 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 294443
Options

TF-M and MCUBoot (on the nrf9160)

jeremyherbert

Hi,

I am using the nrf9160 and attempting to enable MCUBoot and secure boot. Is it correct that you still cannot use any form of TF-M with MCUBoot on the nrf53 or nrf91 (as of NCS v2.0.2) ? Is it  still supported to use the SPM + MCUBoot combo for secure boot on these Cortex M33 devices? Just trying to understand what the state of things is right at this moment.

I am coming across a lot of assertion errors (to do with the SPU) when I try to mix flash partitions/MCUBoot and TF-M.

Thanks,

Jeremy

Parents
  • 0

    Seems like the culprit here is the flash. If you create a copy of the hello_world project, add this to the prj.conf:

    CONFIG_FLASH=y
CONFIG_FLASH_MAP=y
CONFIG_FLASH_PAGE_LAYOUT=y

CONFIG_BOOTLOADER_MCUBOOT=y

CONFIG_DEBUG_OPTIMIZATIONS=y
CONFIG_DEBUG=y

    Then build and flash to the nrf9160dk_nrf9160_ns, it hangs with a failed assertion in nrf_spu_flashregion_set.

    I can also reproduce a very similar problem without MCUBoot and just enabling littlefs:

    CONFIG_FLASH=y
CONFIG_FLASH_MAP=y
CONFIG_FLASH_PAGE_LAYOUT=y

CONFIG_FILE_SYSTEM=y
CONFIG_FILE_SYSTEM_LITTLEFS=y

CONFIG_DEBUG_OPTIMIZATIONS=y
CONFIG_DEBUG=y

    If I then append the following to either of these:

    CONFIG_BUILD_WITH_TFM=n
CONFIG_SPM=y

    They build and run fine. So it indeed seems that TF-M and MCUBoot are currently mutually exclusive.

Reply
  • 0

    Seems like the culprit here is the flash. If you create a copy of the hello_world project, add this to the prj.conf:

    CONFIG_FLASH=y
CONFIG_FLASH_MAP=y
CONFIG_FLASH_PAGE_LAYOUT=y

CONFIG_BOOTLOADER_MCUBOOT=y

CONFIG_DEBUG_OPTIMIZATIONS=y
CONFIG_DEBUG=y

    Then build and flash to the nrf9160dk_nrf9160_ns, it hangs with a failed assertion in nrf_spu_flashregion_set.

    I can also reproduce a very similar problem without MCUBoot and just enabling littlefs:

    CONFIG_FLASH=y
CONFIG_FLASH_MAP=y
CONFIG_FLASH_PAGE_LAYOUT=y

CONFIG_FILE_SYSTEM=y
CONFIG_FILE_SYSTEM_LITTLEFS=y

CONFIG_DEBUG_OPTIMIZATIONS=y
CONFIG_DEBUG=y

    If I then append the following to either of these:

    CONFIG_BUILD_WITH_TFM=n
CONFIG_SPM=y

    They build and run fine. So it indeed seems that TF-M and MCUBoot are currently mutually exclusive.

Children
No Data
Related
Terms of service