TF-M partition alignment assert within SPU might fail for some partition-manager computed configs

v2.3.0 of the sdk-nrf included this commit that checks for the alignment of the TF-M Non Secure partition (which hosts the `app` one) with CONFIG_NRF_SPU_FLASH_REGION_SIZE .

#define IS_ALIGNED_POW2(value, align) (((value) & ((align) - 1)) == 0)

#if !(IS_ALIGNED_POW2(PM_TFM_NONSECURE_ADDRESS, CONFIG_NRF_SPU_FLASH_REGION_SIZE))
#error "TF-M non-secure address start is not aligned on SPU region size"
#endif

For stock/most cases (eg. hello_world code), the assertion holds and the project compiles.

The problem arouses when the partition_manager.py script outputs a layout solution in which the resulting PM_TFM_NONSECURE_ADDRESS becomes non-aligned. This has been my experience with the current project that I'm working on.

To temporarily mitigate this, I ended up taking out the alignment assertion check altogether.

Is this a safe thing to do or is there any other better solution to this?

Thank you,

Top Replies

Parents

0 Voxorin over 2 years ago

I'll add that I am also running into this issue building for the NRF9160 after updating to v2.3.0 from v2.2.0.

For more information I'm building for the Circuit Dojo NRF9160 Feather. I'm using all upstream partition sizes with no app specific configs or overrides.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel
0 chmielewskiandreas over 2 years ago in reply to Voxorin

Is there already a bug ticket for this that I can track? I am also facing this issue and interested in a fix of the partition manager.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 3Nigma over 2 years ago in reply to chmielewskiandreas

Where are these suppose to be opened? I see that the sdk-nrf github repo doesn't have issues enabled.

V
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 Håkon Alseth over 2 years ago in reply to 3Nigma

Hi,

First I'd like to apologize for this issue and inconvenience.

I have edit'ed my initial answer. The workaround is to adjust the partition layout via. pm_static.yml (ie. do not change CONFIG_FPROTECT).

Here's an example of an NCS v2.2.0 layout (with this 0x200 offset, which we do not want for NCS v2.3.0):

EMPTY_0:
  address: 0xf6000
  end_address: 0xf8000
  placement:
    after:
    - settings_storage
  region: flash_primary
  size: 0x2000
app:
  address: 0x4c200
  end_address: 0xf4000
  region: flash_primary
  size: 0xa7e00
external_flash:
  address: 0x128000
  end_address: 0x800000
  region: external_flash
  size: 0x6d8000
mcuboot:
  address: 0x0
  end_address: 0xc000
  placement:
    before:
    - mcuboot_primary
  region: flash_primary
  size: 0xc000
mcuboot_pad:
  address: 0xc000
  end_address: 0xc200
  placement:
    align:
      start: 0x4000
    before:
    - mcuboot_primary_app
  region: flash_primary
  size: 0x200
mcuboot_primary:
  address: 0xc000
  end_address: 0xf4000
  orig_span: &id001
  - mcuboot_pad
  - app
  - tfm
  region: flash_primary
  size: 0xe8000
  span: *id001
mcuboot_primary_1:
  address: 0x0
  device: nordic_ram_flash_controller
  end_address: 0x40000
  region: ram_flash
  size: 0x40000
mcuboot_primary_app:
  address: 0xc200
  end_address: 0xf4000
  orig_span: &id002
  - app
  - tfm
  region: flash_primary
  size: 0xe7e00
  span: *id002
mcuboot_secondary:
  address: 0x0
  device: DT_CHOSEN(nordic_pm_ext_flash)
  end_address: 0xe8000
  placement:
    align:
      start: 0x4
  region: external_flash
  share_size:
  - mcuboot_primary
  size: 0xe8000
mcuboot_secondary_1:
  address: 0xe8000
  device: DT_CHOSEN(nordic_pm_ext_flash)
  end_address: 0x128000
  region: external_flash
  size: 0x40000
nonsecure_storage:
  address: 0xf4000
  end_address: 0xf6000
  orig_span: &id003
  - settings_storage
  region: flash_primary
  size: 0x2000
  span: *id003
otp:
  address: 0xff8100
  end_address: 0xff83fc
  region: otp
  size: 0x2fc
pcd_sram:
  address: 0x20000000
  end_address: 0x20002000
  placement:
    before:
    - tfm_sram
  region: sram_primary
  size: 0x2000
ram_flash:
  address: 0x40000
  end_address: 0x40000
  region: ram_flash
  size: 0x0
rpmsg_nrf53_sram:
  address: 0x20070000
  end_address: 0x20080000
  placement:
    before:
    - end
  region: sram_primary
  size: 0x10000
settings_storage:
  address: 0xf4000
  end_address: 0xf6000
  inside:
  - nonsecure_storage
  placement:
    align:
      start: 0x4000
    before:
    - tfm_storage
    - end
  region: flash_primary
  size: 0x2000
sram_nonsecure:
  address: 0x20042000
  end_address: 0x20080000
  orig_span: &id004
  - sram_primary
  - rpmsg_nrf53_sram
  region: sram_primary
  size: 0x3e000
  span: *id004
sram_primary:
  address: 0x20042000
  end_address: 0x20070000
  region: sram_primary
  size: 0x2e000
sram_secure:
  address: 0x20000000
  end_address: 0x20042000
  orig_span: &id005
  - pcd_sram
  - tfm_sram
  region: sram_primary
  size: 0x42000
  span: *id005
tfm:
  address: 0xc200
  end_address: 0x4c200
  inside:
  - mcuboot_primary_app
  placement:
    before:
    - app
  region: flash_primary
  size: 0x40000
tfm_its:
  address: 0xf8000
  end_address: 0xfa000
  inside:
  - tfm_storage
  placement:
    before:
    - tfm_otp_nv_counters
  region: flash_primary
  size: 0x2000
tfm_nonsecure:
  address: 0x4c200
  end_address: 0xf4000
  orig_span: &id006
  - app
  region: flash_primary
  size: 0xa7e00
  span: *id006
tfm_otp_nv_counters:
  address: 0xfa000
  end_address: 0xfc000
  inside:
  - tfm_storage
  placement:
    before:
    - tfm_ps
  region: flash_primary
  size: 0x2000
tfm_ps:
  address: 0xfc000
  end_address: 0x100000
  inside:
  - tfm_storage
  placement:
    align:
      start: 0x4000
    before:
    - end
  region: flash_primary
  size: 0x4000
tfm_secure:
  address: 0xc000
  end_address: 0x4c200
  orig_span: &id007
  - mcuboot_pad
  - tfm
  region: flash_primary
  size: 0x40200
  span: *id007
tfm_sram:
  address: 0x20002000
  end_address: 0x20042000
  inside:
  - sram_secure
  placement:
    after:
    - start
  region: sram_primary
  size: 0x40000
tfm_storage:
  address: 0xf8000
  end_address: 0x100000
  orig_span: &id008
  - tfm_ps
  - tfm_its
  - tfm_otp_nv_counters
  region: flash_primary
  size: 0x8000
  span: *id008

And here is the fixed partition layout, ie. one from ncs v2.3.0:

EMPTY_0:
  address: 0xf6000
  end_address: 0xf8000
  placement:
    after:
    - settings_storage
  region: flash_primary
  size: 0x2000
app:
  address: 0x4c000
  end_address: 0xf4000
  region: flash_primary
  size: 0xa8000
external_flash:
  address: 0x128000
  end_address: 0x800000
  region: external_flash
  size: 0x6d8000
mcuboot:
  address: 0x0
  end_address: 0xc000
  placement:
    before:
    - mcuboot_primary
  region: flash_primary
  size: 0xc000
mcuboot_pad:
  address: 0xc000
  end_address: 0xc200
  placement:
    align:
      start: 0x4000
    before:
    - mcuboot_primary_app
  region: flash_primary
  size: 0x200
mcuboot_primary:
  address: 0xc000
  end_address: 0xf4000
  orig_span: &id001
  - app
  - mcuboot_pad
  - tfm
  region: flash_primary
  size: 0xe8000
  span: *id001
mcuboot_primary_1:
  address: 0x0
  device: nordic_ram_flash_controller
  end_address: 0x40000
  region: ram_flash
  size: 0x40000
mcuboot_primary_app:
  address: 0xc200
  end_address: 0xf4000
  orig_span: &id002
  - app
  - tfm
  region: flash_primary
  size: 0xe7e00
  span: *id002
mcuboot_secondary:
  address: 0x0
  device: DT_CHOSEN(nordic_pm_ext_flash)
  end_address: 0xe8000
  placement:
    align:
      start: 0x4
  region: external_flash
  share_size:
  - mcuboot_primary
  size: 0xe8000
mcuboot_secondary_1:
  address: 0xe8000
  device: DT_CHOSEN(nordic_pm_ext_flash)
  end_address: 0x128000
  region: external_flash
  size: 0x40000
mcuboot_sram:
  address: 0x20000000
  end_address: 0x20042000
  orig_span: &id003
  - pcd_sram
  - tfm_sram
  region: sram_primary
  size: 0x42000
  span: *id003
nonsecure_storage:
  address: 0xf4000
  end_address: 0xf6000
  orig_span: &id004
  - settings_storage
  region: flash_primary
  size: 0x2000
  span: *id004
otp:
  address: 0xff8100
  end_address: 0xff83fc
  region: otp
  size: 0x2fc
pcd_sram:
  address: 0x20000000
  end_address: 0x20002000
  placement:
    before:
    - tfm_sram
  region: sram_primary
  size: 0x2000
ram_flash:
  address: 0x40000
  end_address: 0x40000
  region: ram_flash
  size: 0x0
rpmsg_nrf53_sram:
  address: 0x20070000
  end_address: 0x20080000
  placement:
    before:
    - end
  region: sram_primary
  size: 0x10000
settings_storage:
  address: 0xf4000
  end_address: 0xf6000
  inside:
  - nonsecure_storage
  placement:
    align:
      start: 0x4000
    before:
    - tfm_storage
    - end
  region: flash_primary
  size: 0x2000
sram_nonsecure:
  address: 0x20042000
  end_address: 0x20080000
  orig_span: &id005
  - sram_primary
  - rpmsg_nrf53_sram
  region: sram_primary
  size: 0x3e000
  span: *id005
sram_primary:
  address: 0x20042000
  end_address: 0x20070000
  region: sram_primary
  size: 0x2e000
sram_secure:
  address: 0x20000000
  end_address: 0x20042000
  orig_span: &id006
  - pcd_sram
  - tfm_sram
  region: sram_primary
  size: 0x42000
  span: *id006
tfm:
  address: 0xc200
  end_address: 0x4c000
  inside:
  - mcuboot_primary_app
  placement:
    before:
    - app
  region: flash_primary
  size: 0x3fe00
tfm_its:
  address: 0xf8000
  end_address: 0xfa000
  inside:
  - tfm_storage
  placement:
    before:
    - tfm_otp_nv_counters
  region: flash_primary
  size: 0x2000
tfm_nonsecure:
  address: 0x4c000
  end_address: 0xf4000
  orig_span: &id007
  - app
  region: flash_primary
  size: 0xa8000
  span: *id007
tfm_otp_nv_counters:
  address: 0xfa000
  end_address: 0xfc000
  inside:
  - tfm_storage
  placement:
    before:
    - tfm_ps
  region: flash_primary
  size: 0x2000
tfm_ps:
  address: 0xfc000
  end_address: 0x100000
  inside:
  - tfm_storage
  placement:
    align:
      start: 0x4000
    before:
    - end
  region: flash_primary
  size: 0x4000
tfm_secure:
  address: 0xc000
  end_address: 0x4c000
  orig_span: &id008
  - mcuboot_pad
  - tfm
  region: flash_primary
  size: 0x40000
  span: *id008
tfm_sram:
  address: 0x20002000
  end_address: 0x20042000
  inside:
  - sram_secure
  placement:
    after:
    - start
  region: sram_primary
  size: 0x40000
tfm_storage:
  address: 0xf8000
  end_address: 0x100000
  orig_span: &id009
  - tfm_ps
  - tfm_its
  - tfm_otp_nv_counters
  region: flash_primary
  size: 0x8000
  span: *id009

There are some id's and others that are different here, but the major difference are these:

On the left hand side, all the 0x200 byte offsets are adjusted and rounded down to the correct base address.

At this moment, I do not have any other fix than to manually adjust these. This can be done by adjusting your already present pm_static.yml, or generating a new build with NCS v2.3.0, and comparing this with your "old pm_static.yml" and adjusting accordingly.

chmielewskiandreas said:
Is there already a bug ticket for this that I can track?

I have reported this issue internally and made the team aware of this migration issue.

Kind regards,

Håkon

Reply