TF-M partition alignment assert within SPU might fail for some partition-manager computed configs

v2.3.0 of the sdk-nrf included this commit that checks for the alignment of the TF-M Non Secure partition (which hosts the `app` one) with CONFIG_NRF_SPU_FLASH_REGION_SIZE .

#define IS_ALIGNED_POW2(value, align) (((value) & ((align) - 1)) == 0)

#if !(IS_ALIGNED_POW2(PM_TFM_NONSECURE_ADDRESS, CONFIG_NRF_SPU_FLASH_REGION_SIZE))
#error "TF-M non-secure address start is not aligned on SPU region size"
#endif

For stock/most cases (eg. hello_world code), the assertion holds and the project compiles.

The problem arouses when the partition_manager.py script outputs a layout solution in which the resulting PM_TFM_NONSECURE_ADDRESS becomes non-aligned. This has been my experience with the current project that I'm working on.

To temporarily mitigate this, I ended up taking out the alignment assertion check altogether.

Is this a safe thing to do or is there any other better solution to this?

Thank you,

Top Replies

0 3Nigma over 2 years ago in reply to Håkon Alseth

Hi Håkon,

Unfortunately, the pm_static.yml override doesn't seam to work. It looks like the kernel is faulting immediately after entering mcuboot so I don't quite know what's happening there and I don't have the proper time to investigate.

For now, we'll just go with cloning the sdk-nrf repo and removing the PSU assert.c check via a commit + referencing our own, patched, sdk-nrf module when 'whest update'-ing. We'll plan on coming back to this, as time permits, and try to manually align it. If upstream won't do it first, that is.

I have found another issue with the partition-manager when resolving the settings partition (in some scenario). I'll open another ticket for this.

Thank you once again, Håkon!

Best wishes,

V
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 chmielewskiandreas over 2 years ago in reply to Voxorin

Is there already a bug ticket for this that I can track? I am also facing this issue and interested in a fix of the partition manager.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 3Nigma over 2 years ago in reply to chmielewskiandreas

Where are these suppose to be opened? I see that the sdk-nrf github repo doesn't have issues enabled.

V
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 Håkon Alseth over 2 years ago in reply to 3Nigma

Hi,

First I'd like to apologize for this issue and inconvenience.

I have edit'ed my initial answer. The workaround is to adjust the partition layout via. pm_static.yml (ie. do not change CONFIG_FPROTECT).

Here's an example of an NCS v2.2.0 layout (with this 0x200 offset, which we do not want for NCS v2.3.0):

EMPTY_0:
  address: 0xf6000
  end_address: 0xf8000
  placement:
    after:
    - settings_storage
  region: flash_primary
  size: 0x2000
app:
  address: 0x4c200
  end_address: 0xf4000
  region: flash_primary
  size: 0xa7e00
external_flash:
  address: 0x128000
  end_address: 0x800000
  region: external_flash
  size: 0x6d8000
mcuboot:
  address: 0x0
  end_address: 0xc000
  placement:
    before:
    - mcuboot_primary
  region: flash_primary
  size: 0xc000
mcuboot_pad:
  address: 0xc000
  end_address: 0xc200
  placement:
    align:
      start: 0x4000
    before:
    - mcuboot_primary_app
  region: flash_primary
  size: 0x200
mcuboot_primary:
  address: 0xc000
  end_address: 0xf4000
  orig_span: &id001
  - mcuboot_pad
  - app
  - tfm
  region: flash_primary
  size: 0xe8000
  span: *id001
mcuboot_primary_1:
  address: 0x0
  device: nordic_ram_flash_controller
  end_address: 0x40000
  region: ram_flash
  size: 0x40000
mcuboot_primary_app:
  address: 0xc200
  end_address: 0xf4000
  orig_span: &id002
  - app
  - tfm
  region: flash_primary
  size: 0xe7e00
  span: *id002
mcuboot_secondary:
  address: 0x0
  device: DT_CHOSEN(nordic_pm_ext_flash)
  end_address: 0xe8000
  placement:
    align:
      start: 0x4
  region: external_flash
  share_size:
  - mcuboot_primary
  size: 0xe8000
mcuboot_secondary_1:
  address: 0xe8000
  device: DT_CHOSEN(nordic_pm_ext_flash)
  end_address: 0x128000
  region: external_flash
  size: 0x40000
nonsecure_storage:
  address: 0xf4000
  end_address: 0xf6000
  orig_span: &id003
  - settings_storage
  region: flash_primary
  size: 0x2000
  span: *id003
otp:
  address: 0xff8100
  end_address: 0xff83fc
  region: otp
  size: 0x2fc
pcd_sram:
  address: 0x20000000
  end_address: 0x20002000
  placement:
    before:
    - tfm_sram
  region: sram_primary
  size: 0x2000
ram_flash:
  address: 0x40000
  end_address: 0x40000
  region: ram_flash
  size: 0x0
rpmsg_nrf53_sram:
  address: 0x20070000
  end_address: 0x20080000
  placement:
    before:
    - end
  region: sram_primary
  size: 0x10000
settings_storage:
  address: 0xf4000
  end_address: 0xf6000
  inside:
  - nonsecure_storage
  placement:
    align:
      start: 0x4000
    before:
    - tfm_storage
    - end
  region: flash_primary
  size: 0x2000
sram_nonsecure:
  address: 0x20042000
  end_address: 0x20080000
  orig_span: &id004
  - sram_primary
  - rpmsg_nrf53_sram
  region: sram_primary
  size: 0x3e000
  span: *id004
sram_primary:
  address: 0x20042000
  end_address: 0x20070000
  region: sram_primary
  size: 0x2e000
sram_secure:
  address: 0x20000000
  end_address: 0x20042000
  orig_span: &id005
  - pcd_sram
  - tfm_sram
  region: sram_primary
  size: 0x42000
  span: *id005
tfm:
  address: 0xc200
  end_address: 0x4c200
  inside:
  - mcuboot_primary_app
  placement:
    before:
    - app
  region: flash_primary
  size: 0x40000
tfm_its:
  address: 0xf8000
  end_address: 0xfa000
  inside:
  - tfm_storage
  placement:
    before:
    - tfm_otp_nv_counters
  region: flash_primary
  size: 0x2000
tfm_nonsecure:
  address: 0x4c200
  end_address: 0xf4000
  orig_span: &id006
  - app
  region: flash_primary
  size: 0xa7e00
  span: *id006
tfm_otp_nv_counters:
  address: 0xfa000
  end_address: 0xfc000
  inside:
  - tfm_storage
  placement:
    before:
    - tfm_ps
  region: flash_primary
  size: 0x2000
tfm_ps:
  address: 0xfc000
  end_address: 0x100000
  inside:
  - tfm_storage
  placement:
    align:
      start: 0x4000
    before:
    - end
  region: flash_primary
  size: 0x4000
tfm_secure:
  address: 0xc000
  end_address: 0x4c200
  orig_span: &id007
  - mcuboot_pad
  - tfm
  region: flash_primary
  size: 0x40200
  span: *id007
tfm_sram:
  address: 0x20002000
  end_address: 0x20042000
  inside:
  - sram_secure
  placement:
    after:
    - start
  region: sram_primary
  size: 0x40000
tfm_storage:
  address: 0xf8000
  end_address: 0x100000
  orig_span: &id008
  - tfm_ps
  - tfm_its
  - tfm_otp_nv_counters
  region: flash_primary
  size: 0x8000
  span: *id008

And here is the fixed partition layout, ie. one from ncs v2.3.0:

EMPTY_0:
  address: 0xf6000
  end_address: 0xf8000
  placement:
    after:
    - settings_storage
  region: flash_primary
  size: 0x2000
app:
  address: 0x4c000
  end_address: 0xf4000
  region: flash_primary
  size: 0xa8000
external_flash:
  address: 0x128000
  end_address: 0x800000
  region: external_flash
  size: 0x6d8000
mcuboot:
  address: 0x0
  end_address: 0xc000
  placement:
    before:
    - mcuboot_primary
  region: flash_primary
  size: 0xc000
mcuboot_pad:
  address: 0xc000
  end_address: 0xc200
  placement:
    align:
      start: 0x4000
    before:
    - mcuboot_primary_app
  region: flash_primary
  size: 0x200
mcuboot_primary:
  address: 0xc000
  end_address: 0xf4000
  orig_span: &id001
  - app
  - mcuboot_pad
  - tfm
  region: flash_primary
  size: 0xe8000
  span: *id001
mcuboot_primary_1:
  address: 0x0
  device: nordic_ram_flash_controller
  end_address: 0x40000
  region: ram_flash
  size: 0x40000
mcuboot_primary_app:
  address: 0xc200
  end_address: 0xf4000
  orig_span: &id002
  - app
  - tfm
  region: flash_primary
  size: 0xe7e00
  span: *id002
mcuboot_secondary:
  address: 0x0
  device: DT_CHOSEN(nordic_pm_ext_flash)
  end_address: 0xe8000
  placement:
    align:
      start: 0x4
  region: external_flash
  share_size:
  - mcuboot_primary
  size: 0xe8000
mcuboot_secondary_1:
  address: 0xe8000
  device: DT_CHOSEN(nordic_pm_ext_flash)
  end_address: 0x128000
  region: external_flash
  size: 0x40000
mcuboot_sram:
  address: 0x20000000
  end_address: 0x20042000
  orig_span: &id003
  - pcd_sram
  - tfm_sram
  region: sram_primary
  size: 0x42000
  span: *id003
nonsecure_storage:
  address: 0xf4000
  end_address: 0xf6000
  orig_span: &id004
  - settings_storage
  region: flash_primary
  size: 0x2000
  span: *id004
otp:
  address: 0xff8100
  end_address: 0xff83fc
  region: otp
  size: 0x2fc
pcd_sram:
  address: 0x20000000
  end_address: 0x20002000
  placement:
    before:
    - tfm_sram
  region: sram_primary
  size: 0x2000
ram_flash:
  address: 0x40000
  end_address: 0x40000
  region: ram_flash
  size: 0x0
rpmsg_nrf53_sram:
  address: 0x20070000
  end_address: 0x20080000
  placement:
    before:
    - end
  region: sram_primary
  size: 0x10000
settings_storage:
  address: 0xf4000
  end_address: 0xf6000
  inside:
  - nonsecure_storage
  placement:
    align:
      start: 0x4000
    before:
    - tfm_storage
    - end
  region: flash_primary
  size: 0x2000
sram_nonsecure:
  address: 0x20042000
  end_address: 0x20080000
  orig_span: &id005
  - sram_primary
  - rpmsg_nrf53_sram
  region: sram_primary
  size: 0x3e000
  span: *id005
sram_primary:
  address: 0x20042000
  end_address: 0x20070000
  region: sram_primary
  size: 0x2e000
sram_secure:
  address: 0x20000000
  end_address: 0x20042000
  orig_span: &id006
  - pcd_sram
  - tfm_sram
  region: sram_primary
  size: 0x42000
  span: *id006
tfm:
  address: 0xc200
  end_address: 0x4c000
  inside:
  - mcuboot_primary_app
  placement:
    before:
    - app
  region: flash_primary
  size: 0x3fe00
tfm_its:
  address: 0xf8000
  end_address: 0xfa000
  inside:
  - tfm_storage
  placement:
    before:
    - tfm_otp_nv_counters
  region: flash_primary
  size: 0x2000
tfm_nonsecure:
  address: 0x4c000
  end_address: 0xf4000
  orig_span: &id007
  - app
  region: flash_primary
  size: 0xa8000
  span: *id007
tfm_otp_nv_counters:
  address: 0xfa000
  end_address: 0xfc000
  inside:
  - tfm_storage
  placement:
    before:
    - tfm_ps
  region: flash_primary
  size: 0x2000
tfm_ps:
  address: 0xfc000
  end_address: 0x100000
  inside:
  - tfm_storage
  placement:
    align:
      start: 0x4000
    before:
    - end
  region: flash_primary
  size: 0x4000
tfm_secure:
  address: 0xc000
  end_address: 0x4c000
  orig_span: &id008
  - mcuboot_pad
  - tfm
  region: flash_primary
  size: 0x40000
  span: *id008
tfm_sram:
  address: 0x20002000
  end_address: 0x20042000
  inside:
  - sram_secure
  placement:
    after:
    - start
  region: sram_primary
  size: 0x40000
tfm_storage:
  address: 0xf8000
  end_address: 0x100000
  orig_span: &id009
  - tfm_ps
  - tfm_its
  - tfm_otp_nv_counters
  region: flash_primary
  size: 0x8000
  span: *id009

There are some id's and others that are different here, but the major difference are these:

On the left hand side, all the 0x200 byte offsets are adjusted and rounded down to the correct base address.

At this moment, I do not have any other fix than to manually adjust these. This can be done by adjusting your already present pm_static.yml, or generating a new build with NCS v2.3.0, and comparing this with your "old pm_static.yml" and adjusting accordingly.

chmielewskiandreas said:
Is there already a bug ticket for this that I can track?

I have reported this issue internally and made the team aware of this migration issue.

Kind regards,

Håkon

0 chmielewskiandreas over 2 years ago in reply to Håkon Alseth

Håkon Alseth , can you please put a link to the PR here once this issue is fixed. I want to backport it immediately into my project. Thx
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel