From 0fda95bfc3b248ec80368fdd48dafc8b8a1607bb Mon Sep 17 00:00:00 2001 From: BUDKE Gerson Fernando Date: Thu, 11 Sep 2025 08:10:54 +0200 Subject: [PATCH 1/4] scripts: ci: compliance: Undef TFM_USE_TRUSTZONE Add TFM_USE_TRUSTZONE to UNDEF_KCONFIG_ALLOWLIST. This is necessary when a TF-M board is defined inside Zephyr boards, which configure an Out-Of-Tree board. Signed-off-by: BUDKE Gerson Fernando --- scripts/ci/check_compliance.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/ci/check_compliance.py b/scripts/ci/check_compliance.py index a600004aae7a9..24eb388c68c4e 100755 --- a/scripts/ci/check_compliance.py +++ b/scripts/ci/check_compliance.py @@ -1330,6 +1330,7 @@ def check_no_undef_outside_kconfig(self, kconf): "STACK_SIZE", # Used as an example in the Kconfig docs "STD_CPP", # Referenced in CMake comment "TEST1", + "TFM_USE_TRUSTZONE", # TF-M board is Out-Of-Tree "TOOLCHAIN", # Defined in modules/hal_nxp/mcux/mcux-sdk-ng/basic.cmake. # It is used by MCUX SDK cmake functions to add content # based on current toolchain. From 81f2e2f0cc0b5fa29f70ea87c319c848fb038006 Mon Sep 17 00:00:00 2001 From: BUDKE Gerson Fernando Date: Tue, 19 Aug 2025 16:08:24 +0200 Subject: [PATCH 2/4] boards: st: nucleo_u5a5zj_q: Exchange dts nodes The USB is a peripheral that can be used by S and NS images. This move USB node from S to common dtsi file. The same it is not valid about random functions. In the S image the random can be enabled but for NS image the random MUST come from PSA API. Signed-off-by: BUDKE Gerson Fernando --- .../nucleo_u5a5zj_q-common.dtsi | 18 ++++++++++++++---- boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts | 12 +----------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q-common.dtsi b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q-common.dtsi index 269b112069fbb..52d3954cb2472 100644 --- a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q-common.dtsi +++ b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q-common.dtsi @@ -171,10 +171,6 @@ status = "okay"; }; -&rng { - status = "okay"; -}; - &fdcan1 { clocks = <&rcc STM32_CLOCK(APB1_2, 9)>, <&rcc STM32_SRC_PLL1_Q FDCAN1_SEL(1)>; @@ -196,3 +192,17 @@ &vbat4 { status = "okay"; }; + +&gpdma1 { + status = "okay"; +}; + +zephyr_udc0: &usbotg_hs { + pinctrl-0 = <&usb_otg_hs_dm_pa11 &usb_otg_hs_dp_pa12>; + pinctrl-names = "default"; + status = "okay"; +}; + +&otghs_phy { + clock-reference = "SYSCFG_OTG_HS_PHY_CLK_16MHz"; +}; diff --git a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts index 993d55370159c..17b4b13e7de44 100644 --- a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts +++ b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts @@ -74,16 +74,6 @@ status = "okay"; }; -&gpdma1 { +&rng { status = "okay"; }; - -zephyr_udc0: &usbotg_hs { - pinctrl-0 = <&usb_otg_hs_dm_pa11 &usb_otg_hs_dp_pa12>; - pinctrl-names = "default"; - status = "okay"; -}; - -&otghs_phy { - clock-reference = "SYSCFG_OTG_HS_PHY_CLK_16MHz"; -}; From d3f6ea59ce6bedd2854001537a072e55a6f0f498 Mon Sep 17 00:00:00 2001 From: BUDKE Gerson Fernando Date: Thu, 21 Aug 2025 18:45:22 +0200 Subject: [PATCH 3/4] boards: st: nucleo_u5a5zj_q: Import TF-M code Add the TF-M S image code dedicated to the board, which uses an Out-Of-Tree approach. This can be used as example to customers interested in this technology and don't have an initial idea how to do it. This will avoid that customers will try the easy script copy over TF-M folder patch. Signed-off-by: BUDKE Gerson Fernando --- boards/st/nucleo_u5a5zj_q/tfm/CMakeLists.txt | 80 +++ .../tfm/accelerator/CMakeLists.txt | 79 +++ .../accelerator/crypto_accelerator_config.h | 77 +++ .../accelerator/mbedtls_accelerator_config.h | 86 ++++ boards/st/nucleo_u5a5zj_q/tfm/config.cmake | 53 ++ .../nucleo_u5a5zj_q/tfm/config_tfm_target.h | 29 ++ boards/st/nucleo_u5a5zj_q/tfm/cpuarch.cmake | 21 + boards/st/nucleo_u5a5zj_q/tfm/include/board.h | 44 ++ .../tfm/include/boot_hal_cfg.h | 56 +++ .../nucleo_u5a5zj_q/tfm/include/device_cfg.h | 35 ++ .../tfm/include/flash_layout_test.h | 23 + .../tfm/include/platform_nv_counters_ids.h | 49 ++ .../st/nucleo_u5a5zj_q/tfm/include/stm32hal.h | 33 ++ .../tfm/include/stm32u5xx_hal_conf.h | 456 ++++++++++++++++++ .../nucleo_u5a5zj_q/tfm/keys/otp_provision.c | 165 +++++++ .../tfm/keys/rsa-2048-private-bl2.pem | 28 ++ .../tfm/keys/rsa-2048-public-bl2.pem | 9 + .../tfm/keys/rsa-3072-private-ns.pem | 40 ++ .../tfm/keys/rsa-3072-private-s.pem | 40 ++ .../st/nucleo_u5a5zj_q/tfm/ns/CMakeLists.txt | 47 ++ .../tfm/partition/flash_layout.h | 304 ++++++++++++ .../tfm/partition/region_defs.h | 301 ++++++++++++ .../tfm/tests/psa_arch_tests_config.cmake | 7 + 23 files changed, 2062 insertions(+) create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/CMakeLists.txt create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/accelerator/CMakeLists.txt create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/accelerator/crypto_accelerator_config.h create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/accelerator/mbedtls_accelerator_config.h create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/config.cmake create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/config_tfm_target.h create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/cpuarch.cmake create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/include/board.h create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/include/boot_hal_cfg.h create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/include/device_cfg.h create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/include/flash_layout_test.h create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/include/platform_nv_counters_ids.h create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/include/stm32hal.h create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/include/stm32u5xx_hal_conf.h create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/keys/otp_provision.c create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-private-bl2.pem create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-public-bl2.pem create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-ns.pem create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-s.pem create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/ns/CMakeLists.txt create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/partition/flash_layout.h create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/partition/region_defs.h create mode 100644 boards/st/nucleo_u5a5zj_q/tfm/tests/psa_arch_tests_config.cmake diff --git a/boards/st/nucleo_u5a5zj_q/tfm/CMakeLists.txt b/boards/st/nucleo_u5a5zj_q/tfm/CMakeLists.txt new file mode 100644 index 0000000000000..bfaa7857ff2fd --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/CMakeLists.txt @@ -0,0 +1,80 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2020, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +set(NUCLEO_U5A5ZJ_Q_DIR ${CMAKE_CURRENT_LIST_DIR}) +set(STM_COMMON_DIR ${PLATFORM_DIR}/ext/target/stm/common) + +include(${STM_COMMON_DIR}/stm32u5xx/CMakeLists.txt) + +#========================= Platform defs ===============================# + +# Specify the location of platform specific build dependencies. +target_sources(tfm_s + PRIVATE + ${STM_COMMON_DIR}/stm32u5xx/Device/Source/startup_stm32u5xx_s.c +) + +# cpuarch.cmake is used to set things that related to the platform that are both +install(FILES + ${TARGET_PLATFORM_PATH}/cpuarch.cmake + DESTINATION ${INSTALL_PLATFORM_NS_DIR} +) + +install(FILES + ${STM_COMMON_DIR}/stm32u5xx/Device/Source/startup_stm32u5xx_ns.c + DESTINATION ${INSTALL_PLATFORM_NS_DIR}/Device/Source +) + +install(DIRECTORY + ${TARGET_PLATFORM_PATH}/ns/ + DESTINATION ${INSTALL_PLATFORM_NS_DIR} +) + +install(DIRECTORY + ${TARGET_PLATFORM_PATH}/include + DESTINATION ${INSTALL_PLATFORM_NS_DIR} +) + +install(FILES + ${TARGET_PLATFORM_PATH}/accelerator/crypto_accelerator_config.h + DESTINATION ${INSTALL_PLATFORM_NS_DIR}/include +) + +install(DIRECTORY + ${STM_COMMON_DIR}/hal/accelerator/ + DESTINATION ${INSTALL_PLATFORM_NS_DIR}/include + FILES_MATCHING PATTERN "*.h" +) + +install(FILES + ${NUCLEO_U5A5ZJ_Q_DIR}/partition/flash_layout.h + ${NUCLEO_U5A5ZJ_Q_DIR}/partition/region_defs.h + DESTINATION ${INSTALL_PLATFORM_NS_DIR}/partition +) + +if(BL2) + target_sources(bl2 + PRIVATE + ${STM_COMMON_DIR}/stm32u5xx/Device/Source/startup_stm32u5xx_bl2.c + ${STM_COMMON_DIR}/hal/provision/nvm_init.c + ${STM_COMMON_DIR}/hal/provision/nvmcnt_init.c + ${NUCLEO_U5A5ZJ_Q_DIR}/keys/otp_provision.c + ) +endif() +#install flash layout for postbuild.sh +install(FILES + ${NUCLEO_U5A5ZJ_Q_DIR}/partition/flash_layout.h + ${NUCLEO_U5A5ZJ_Q_DIR}/partition/region_defs.h + DESTINATION ${CMAKE_INSTALL_PREFIX} +) +set (BL2_FILE_TO_PREPROCESS ${CMAKE_CURRENT_BINARY_DIR}/image_macros_to_preprocess_bl2.c) +file(WRITE ${BL2_FILE_TO_PREPROCESS} ${BL2_PREPROCESSING}) + +install(FILES + ${BL2_FILE_TO_PREPROCESS} + DESTINATION ${CMAKE_INSTALL_PREFIX} +) diff --git a/boards/st/nucleo_u5a5zj_q/tfm/accelerator/CMakeLists.txt b/boards/st/nucleo_u5a5zj_q/tfm/accelerator/CMakeLists.txt new file mode 100644 index 0000000000000..c15ed89e19621 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/accelerator/CMakeLists.txt @@ -0,0 +1,79 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2020-2024, Arm Limited. All rights reserved. +# Copyright (c) 2021 STMicroelectronics. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +############################ Crypto Service #################################### + +if (TFM_PARTITION_CRYPTO) + target_sources(crypto_service_crypto_hw + PRIVATE + ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/rsa_alt.c + ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ecdsa_alt.c + ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/gcm_alt.c + ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/aes_alt.c + ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ccm_alt.c + ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ecp_alt.c + ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ecp_curves_alt.c + ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/sha1_alt.c + ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/sha256_alt.c + ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/stm.c + ) + + target_include_directories(crypto_service_crypto_hw + PRIVATE + ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/accelerator/ + ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ + ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/include/ + ${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/hal/Inc/ + ${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/Device/Include/ + ${PLATFORM_DIR}/include + ${CMAKE_BINARY_DIR}/generated + ${CMAKE_SOURCE_DIR}/interface/include + ) + target_include_directories(crypto_service_mbedcrypto + PUBLIC + ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/accelerator/ + ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ + ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/include/ + ${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/hal/Inc/ + ${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/Device/Include/ + ) + + target_include_directories(psa_crypto_config + INTERFACE + $ + ) + + target_compile_definitions(crypto_service_crypto_hw + PRIVATE + ST_HW_CONTEXT_SAVING + $<$,$>:BUILD_CRYPTO_TFM> + INTERFACE + $<$,$>:PSA_WANT_ALG_GCM> + ) + + target_link_libraries(crypto_service_crypto_hw + PRIVATE + crypto_service_mbedcrypto + platform_s + cmsis + ) + + target_link_libraries(crypto_service_mbedcrypto + PUBLIC + cmsis + ) + + target_link_libraries(platform_s + PRIVATE + crypto_service_crypto_hw + ) + target_link_libraries(crypto_service_crypto_hw + INTERFACE + tfm_config + ) +endif() diff --git a/boards/st/nucleo_u5a5zj_q/tfm/accelerator/crypto_accelerator_config.h b/boards/st/nucleo_u5a5zj_q/tfm/accelerator/crypto_accelerator_config.h new file mode 100644 index 0000000000000..199e150f67473 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/accelerator/crypto_accelerator_config.h @@ -0,0 +1,77 @@ +/* + * Copyright (c) 2019-2022, Arm Limited. All rights reserved. + * Copyright (c) 2021 STMicroelectronics. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef CRYPTO_ACCELERATOR_CONF_H +#define CRYPTO_ACCELERATOR_CONF_H + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +/****************************************************************/ +/* Require built-in implementations based on PSA requirements */ +/****************************************************************/ +#ifdef PSA_USE_SE_ST +/* secure element define */ +#define PSA_WANT_KEY_TYPE_AES +#ifdef MBEDTLS_PSA_CRYPTO_C +#define MBEDTLS_PSA_CRYPTO_SE_C +#define MBEDTLS_CMAC_C +#define MBEDTLS_CIPHER_MODE_CBC +#endif + +#ifdef PSA_WANT_ALG_SHA_1 +#define MBEDTLS_SHA1_ALT +#endif /* PSA_WANT_ALG_SHA_1 */ + +#ifdef PSA_WANT_ALG_SHA_256 +#define MBEDTLS_SHA256_ALT +#endif /* PSA_WANT_ALG_SHA_256 */ + +#if defined(PSA_WANT_ALG_RSA_OAEP) || \ + defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) || \ + defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) || \ + defined(PSA_WANT_ALG_RSA_PSS) || \ + defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \ + defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) +#define MBEDTLS_RSA_ALT +#endif + +#if defined(PSA_WANT_ALG_ECDH) || \ + defined(PSA_WANT_ALG_ECDSA) || \ + defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#define MBEDTLS_ECP_ALT +#undef MBEDTLS_ECP_NIST_OPTIM +#endif + +#ifdef PSA_WANT_ALG_CCM +#define MBEDTLS_CCM_ALT +#endif /* PSA_WANT_ALG_CCM */ + +#ifdef PSA_WANT_KEY_TYPE_AES +#define MBEDTLS_AES_ALT +#endif /* PSA_WANT_KEY_TYPE_AES */ + +#ifdef PSA_WANT_ALG_GCM +#define MBEDTLS_GCM_ALT +#endif /* PSA_WANT_ALG_GCM */ + +#if defined(PSA_WANT_ALG_ECDSA) || \ + defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) +#define MBEDTLS_ECDSA_VERIFY_ALT +#define MBEDTLS_ECDSA_SIGN_ALT +#endif + +#endif + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* CRYPTO_ACCELERATOR_CONF_H */ diff --git a/boards/st/nucleo_u5a5zj_q/tfm/accelerator/mbedtls_accelerator_config.h b/boards/st/nucleo_u5a5zj_q/tfm/accelerator/mbedtls_accelerator_config.h new file mode 100644 index 0000000000000..af0ce3857a55a --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/accelerator/mbedtls_accelerator_config.h @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2019-2022, Arm Limited. All rights reserved. + * Copyright (c) 2021 STMicroelectronics. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef MBEDTLS_ACCELERATOR_CONF_H +#define MBEDTLS_ACCELERATOR_CONF_H + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +/* RNG Config */ +#undef MBEDTLS_ENTROPY_NV_SEED +#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES +#define MBEDTLS_ENTROPY_C +#define MBEDTLS_ENTROPY_HARDWARE_ALT + +#undef MBEDTLS_AES_SETKEY_DEC_ALT +#undef MBEDTLS_AES_DECRYPT_ALT + +/* specific Define for platform hardware accelerator */ +#define GENERATOR_HW_PKA_EXTENDED_API +#define GENERATOR_HW_CRYPTO_DPA_SUPPORTED +#define HW_CRYPTO_DPA_AES +#define HW_CRYPTO_DPA_GCM + +/****************************************************************/ +/* Infer PSA requirements from Mbed TLS capabilities */ +/****************************************************************/ +#ifndef MBEDTLS_PSA_CRYPTO_CONFIG + +#ifdef MBEDTLS_SHA1_C +#define MBEDTLS_SHA1_ALT +#endif /* MBEDTLS_SHA1_C */ + +#ifdef MBEDTLS_SHA256_C +#define MBEDTLS_SHA256_ALT +#endif /* MBEDTLS_SHA256_C */ + +#ifdef MBEDTLS_RSA_C +#define MBEDTLS_RSA_ALT +#endif /* MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_ECP_C) +#define MBEDTLS_ECP_ALT +#undef MBEDTLS_ECP_NIST_OPTIM +/*#define MBEDTLS_MD5_ALT*/ +#endif /* MBEDTLS_ECP_C && MBEDTLS_MD_C */ + +#ifdef MBEDTLS_CCM_C +#define MBEDTLS_CCM_ALT +#endif /* MBEDTLS_CCM_C */ + +#ifdef MBEDTLS_AES_C +#define MBEDTLS_AES_ALT +#endif /* MBEDTLS_AES_C */ + +#ifdef MBEDTLS_GCM_C +#define MBEDTLS_GCM_ALT +#endif /* MBEDTLS_GCM_C */ + +#ifdef MBEDTLS_ECDSA_C +#define MBEDTLS_ECDSA_VERIFY_ALT +#define MBEDTLS_ECDSA_SIGN_ALT +#endif /* MBEDTLS_ECDSA_C */ + +/* secure element define */ +#ifdef MBEDTLS_PSA_CRYPTO_C +#ifdef PSA_USE_SE_ST +#define MBEDTLS_PSA_CRYPTO_SE_C +#define MBEDTLS_CMAC_C +#define MBEDTLS_CIPHER_MODE_CBC +#endif +#endif + +#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* MBEDTLS_ACCELERATOR_CONF_H */ diff --git a/boards/st/nucleo_u5a5zj_q/tfm/config.cmake b/boards/st/nucleo_u5a5zj_q/tfm/config.cmake new file mode 100644 index 0000000000000..5cb19cdd7ed2d --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/config.cmake @@ -0,0 +1,53 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2020-2023, Arm Limited. All rights reserved. +# Copyright (c) 2021 STMicroelectronics. All rights reserved. +# Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon company) +# or an affiliate of Cypress Semiconductor Corporation. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +################################## BL2 ######################################################################################################### +set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately") +set(BL2_TRAILER_SIZE 0x9000 CACHE STRING "Trailer size") +set(MCUBOOT_ALIGN_VAL 16 CACHE STRING "Align option to build image with imgtool") +set(MCUBOOT_UPGRADE_STRATEGY "SWAP_USING_SCRATCH" CACHE STRING "Upgrade strategy for images") +set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable platform partition") +set(MCUBOOT_CONFIRM_IMAGE ON CACHE BOOL "Whether to confirm the image if REVERT is supported in MCUboot") +set(MCUBOOT_BOOTSTRAP ON CACHE BOOL "Allow initial state with images in secondary slots(empty primary slots)") +set(MCUBOOT_ENC_IMAGES ON CACHE BOOL "Enable encrypted image upgrade support") +set(MCUBOOT_ENCRYPT_RSA ON CACHE BOOL "Use RSA for encrypted image upgrade support") +set(MCUBOOT_DATA_SHARING ON CACHE BOOL "Enable Data Sharing") +cmake_path(NORMAL_PATH MCUBOOT_KEY_S) +cmake_path(NORMAL_PATH MCUBOOT_KEY_NS) +cmake_path(GET MCUBOOT_KEY_S PARENT_PATH MCUBOOT_KEY_PATH) +set(MCUBOOT_KEY_ENC "${MCUBOOT_KEY_PATH}/rsa-2048-public-bl2.pem" CACHE FILEPATH "Path to key with which to encrypt binary") + +################################## Dependencies ################################################################################################ +set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON CACHE BOOL "Enable Internal Trusted Storage partition") +set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Crypto partition") +set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms") +set(MBEDCRYPTO_BUILD_TYPE minsizerel CACHE STRING "Build type of Mbed Crypto library") +set(TFM_DUMMY_PROVISIONING OFF CACHE BOOL "Provision with dummy values. NOT to be used in production") +set(PLATFORM_DEFAULT_OTP_WRITEABLE OFF CACHE BOOL "Use on chip flash with write support") +set(PLATFORM_DEFAULT_NV_COUNTERS OFF CACHE BOOL "Use default nv counter implementation.") +set(PS_CRYPTO_AEAD_ALG PSA_ALG_GCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in Protected Storage") +set(MCUBOOT_FIH_PROFILE LOW CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]") + +################################## Platform-specific configurations ############################################################################ +set(CONFIG_TFM_USE_TRUSTZONE ON CACHE BOOL "Use TrustZone") +set(TFM_MULTI_CORE_TOPOLOGY OFF CACHE BOOL "Platform has multi core") +set(PLATFORM_HAS_FIRMWARE_UPDATE_SUPPORT ON CACHE BOOL "Whether the platform has firmware update support") +set(STSAFEA OFF CACHE BOOL "Activate ST SAFE SUPPORT") + +################################## FIRMWARE_UPDATE ############################################################################################# +set(TFM_PARTITION_FIRMWARE_UPDATE ON CACHE BOOL "Enable firmware update partition") +set(MCUBOOT_HW_ROLLBACK_PROT ON CACHE BOOL "Security counter validation against non-volatile HW counters") +set(TFM_FWU_BOOTLOADER_LIB "mcuboot" CACHE STRING "Bootloader configure file for Firmware Update partition") +set(TFM_CONFIG_FWU_MAX_WRITE_SIZE 8192 CACHE STRING "The maximum permitted size for block in psa_fwu_write, in bytes.") +set(TFM_CONFIG_FWU_MAX_MANIFEST_SIZE 0 CACHE STRING "The maximum permitted size for manifest in psa_fwu_start(), in bytes.") +set(FWU_DEVICE_CONFIG_FILE "" CACHE STRING "The device configuration file for Firmware Update partition") +set(FWU_SUPPORT_TRIAL_STATE ON CACHE BOOL "Device support TRIAL component state.") +set(DMCUBOOT_UPGRADE_STRATEGY SWAP_USING_MOVE) +set(DEFAULT_MCUBOOT_FLASH_MAP ON CACHE BOOL "Whether to use the default flash map defined by TF-M project") diff --git a/boards/st/nucleo_u5a5zj_q/tfm/config_tfm_target.h b/boards/st/nucleo_u5a5zj_q/tfm/config_tfm_target.h new file mode 100644 index 0000000000000..3284bed452ef1 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/config_tfm_target.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2022-2024, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#ifndef __CONFIG_TFM_TARGET_H__ +#define __CONFIG_TFM_TARGET_H__ + +/* Use stored NV seed to provide entropy */ +#define CRYPTO_NV_SEED 0 + +/* Use external RNG to provide entropy */ +#define CRYPTO_EXT_RNG 1 + +/* Partition size 112kB in flash_layout.h */ +#undef ITS_NUM_ASSETS +#define ITS_NUM_ASSETS 32 +#undef ITS_MAX_ASSET_SIZE +#define ITS_MAX_ASSET_SIZE 2048 + +/* Partition size 16kB in flash_layout.h */ +#undef PS_NUM_ASSETS +#define PS_NUM_ASSETS 32 +#undef PS_MAX_ASSET_SIZE +#define PS_MAX_ASSET_SIZE 2048 + +#endif /* __CONFIG_TFM_TARGET_H__ */ diff --git a/boards/st/nucleo_u5a5zj_q/tfm/cpuarch.cmake b/boards/st/nucleo_u5a5zj_q/tfm/cpuarch.cmake new file mode 100644 index 0000000000000..be6bfb92fdbbc --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/cpuarch.cmake @@ -0,0 +1,21 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2020, Arm Limited. All rights reserved. +# Copyright (c) 2021 STMicroelectronics. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +# preload.cmake is used to set things that related to the platform that are both +# immutable and global, which is to say they should apply to any kind of project +# that uses this platform. In practise this is normally compiler definitions and +# variables related to hardware. + +# Set architecture and CPU +set(TFM_SYSTEM_PROCESSOR cortex-m33) +set(TFM_SYSTEM_ARCHITECTURE armv8-m.main) +set(CRYPTO_HW_ACCELERATOR_TYPE stm) +add_compile_definitions( + STM32U5A5xx + USE_HAL_DRIVER +) diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/board.h b/boards/st/nucleo_u5a5zj_q/tfm/include/board.h new file mode 100644 index 0000000000000..c3c53e12e6c63 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/include/board.h @@ -0,0 +1,44 @@ +/** + ****************************************************************************** + * @file board.h + * @author MCD Application Team + * @brief board header file for catfish_beluga_b2. + ****************************************************************************** + * @attention + * + *

© Copyright (c) 2020 STMicroelectronics. + * All rights reserved.

+ * + * This software component is licensed by ST under BSD 3-Clause license, + * the "License"; You may not use this file except in compliance with the + * License. You may obtain a copy of the License at: + * opensource.org/licenses/BSD-3-Clause + * + ****************************************************************************** + */ +#ifndef __BOARD_H__ +#define __BOARD_H__ + +/* config for usart */ +#define COM_INSTANCE USART1 +#define COM_CLK_ENABLE() __HAL_RCC_USART1_CLK_ENABLE() +#define COM_CLK_DISABLE() __HAL_RCC_USART1_CLK_DISABLE() + +#define COM_TX_GPIO_PORT GPIOA +#define COM_TX_GPIO_CLK_ENABLE() __HAL_RCC_GPIOA_CLK_ENABLE() +#define COM_TX_PIN GPIO_PIN_9 +#define COM_TX_AF GPIO_AF7_USART1 + +#define COM_RX_GPIO_PORT GPIOA +#define COM_RX_GPIO_CLK_ENABLE() __HAL_RCC_GPIOA_CLK_ENABLE() +#define COM_RX_PIN GPIO_PIN_10 +#define COM_RX_AF GPIO_AF7_USART1 + +/* config for flash driver */ +#define FLASH0_SECTOR_SIZE 0x2000 +#define FLASH0_PAGE_SIZE 0x2000 +#define FLASH0_PROG_UNIT 0x10 +#define FLASH0_ERASED_VAL 0xff + +#endif /* __BOARD_H__ */ +/************************ (C) COPYRIGHT STMicroelectronics *****END OF FILE****/ diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/boot_hal_cfg.h b/boards/st/nucleo_u5a5zj_q/tfm/include/boot_hal_cfg.h new file mode 100644 index 0000000000000..fdc293ba84432 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/include/boot_hal_cfg.h @@ -0,0 +1,56 @@ +/* Define to prevent recursive inclusion -------------------------------------*/ +#ifndef BOOT_HAL_CFG_H +#define BOOT_HAL_CFG_H + +/* Includes ------------------------------------------------------------------*/ +#include "stm32u5xx_hal.h" + +/* RTC clock */ +#define RTC_CLOCK_SOURCE_LSI +#ifdef RTC_CLOCK_SOURCE_LSI +#define RTC_ASYNCH_PREDIV 0x7F +#define RTC_SYNCH_PREDIV 0x00F9 +#endif +#ifdef RTC_CLOCK_SOURCE_LSE +#define RTC_ASYNCH_PREDIV 0x7F +#define RTC_SYNCH_PREDIV 0x00FF +#endif + +/* ICache */ +#define TFM_ICACHE_ENABLE /*!< Instruction cache enable */ + +/* Static protections */ +#define TFM_WRP_PROTECT_ENABLE /*!< Write Protection */ +#define TFM_HDP_PROTECT_ENABLE /*!< HDP protection */ +#define TFM_SECURE_USER_SRAM2_ERASE_AT_RESET /*!< SRAM2 clear at Reset */ + + +#define TFM_OB_RDP_LEVEL_VALUE OB_RDP_LEVEL_0 /*!< RDP level */ + + +#define NO_TAMPER (0) +#define INTERNAL_TAMPER_ONLY (1) +#define ALL_TAMPER (2) +#define TFM_TAMPER_ENABLE NO_TAMPER + +#define TFM_OB_BOOT_LOCK 0 +#define TFM_ENABLE_SET_OB +#define TFM_ERROR_HANDLER_NON_SECURE + +/* Run time protections */ +#define TFM_FLASH_PRIVONLY_ENABLE +#define TFM_BOOT_MPU_PROTECTION + +/* Exported types ------------------------------------------------------------*/ +typedef enum { + TFM_SUCCESS = 0U, + TFM_FAILED +} TFM_ErrorStatus; + +void Error_Handler(void); +#ifndef TFM_ERROR_HANDLER_NON_SECURE +void Error_Handler_rdp(void); +#else +#define Error_Handler_rdp Error_Handler +#endif +#endif /* GENERATOR_RDP_PASSWORD_AVAILABLE */ diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/device_cfg.h b/boards/st/nucleo_u5a5zj_q/tfm/include/device_cfg.h new file mode 100644 index 0000000000000..9087961968689 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/include/device_cfg.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2017-2019 Arm Limited. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __DEVICE_CFG_H__ +#define __DEVICE_CFG_H__ + +/** + * \file device_cfg.h + * \brief Configuration file native driver re-targeting + * + * \details This file can be used to add native driver specific macro + * definitions to select which peripherals are available in the build. + * + * This is a default device configuration file with all peripherals enabled. + */ + + +#define DEFAULT_UART_CONTROL 0 +/* Default UART baud rate */ +#define DEFAULT_UART_BAUDRATE 115200 + +#endif /* __DEVICE_CFG_H__ */ diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/flash_layout_test.h b/boards/st/nucleo_u5a5zj_q/tfm/include/flash_layout_test.h new file mode 100644 index 0000000000000..4ebabe5895d81 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/include/flash_layout_test.h @@ -0,0 +1,23 @@ +/* + * Copyright (c) 2018 Arm Limited. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __FLASH_LAYOUT_TEST_H__ +#define __FLASH_LAYOUT_TEST_H__ + + +#define FLASH_LAYOUT_FOR_TEST +#include "flash_layout.h" +#endif /* __FLASH_LAYOUT_TEST_H__*/ diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/platform_nv_counters_ids.h b/boards/st/nucleo_u5a5zj_q/tfm/include/platform_nv_counters_ids.h new file mode 100644 index 0000000000000..b047a50f618e7 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/include/platform_nv_counters_ids.h @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2023 Arm Limited. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef __PLATFORM_NV_COUNTERS_IDS_H__ +#define __PLATFORM_NV_COUNTERS_IDS_H__ +#include + +#ifdef __cplusplus +extern "C" { +#endif + +enum tfm_nv_counter_t { + PLAT_NV_COUNTER_PS_0, /* Used by PS service */ + PLAT_NV_COUNTER_PS_1, /* Used by PS service */ + PLAT_NV_COUNTER_PS_2, /* Used by PS service */ + + PLAT_NV_COUNTER_BL2_0, /* Used by bootloader */ + PLAT_NV_COUNTER_BL2_1, /* Used by bootloader */ + PLAT_NV_COUNTER_BL2_2, /* Used by bootloader */ + PLAT_NV_COUNTER_BL2_3, /* Used by bootloader */ + + PLAT_NV_COUNTER_BL1_0, /* Used by bootloader */ + + /* NS counters must be contiguous */ + PLAT_NV_COUNTER_NS_0, /* Used by NS */ + PLAT_NV_COUNTER_NS_1, /* Used by NS */ + PLAT_NV_COUNTER_NS_2, /* Used by NS */ + + PLAT_NV_COUNTER_MAX, + PLAT_NV_COUNTER_BOUNDARY = UINT32_MAX /* tfm_nv_counter_t size to 4 bytes */ +}; + +#ifdef __cplusplus +} +#endif + +#endif /* __PLATFORM_NV_COUNTERS_IDS_H__ */ diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/stm32hal.h b/boards/st/nucleo_u5a5zj_q/tfm/include/stm32hal.h new file mode 100644 index 0000000000000..b64969fe9f9d7 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/include/stm32hal.h @@ -0,0 +1,33 @@ +/** + ****************************************************************************** + * @file stm32hal.h + * @author MCD Application Team + * @brief HAL Generic Include file. + * + ****************************************************************************** + * @attention + * + *

© Copyright (c) 2021 STMicroelectronics. + * All rights reserved.

+ * + * This software component is licensed by ST under BSD 3-Clause license, + * the "License"; You may not use this file except in compliance with the + * License. You may obtain a copy of the License at: + * opensource.org/licenses/BSD-3-Clause + * + ****************************************************************************** + */ + +/* Define to prevent recursive inclusion -------------------------------------*/ +#ifndef STM32HAL_H +#define STM32HAL_H + +#ifdef __cplusplus +extern "C" { +#endif +#include "stm32u5xx_hal.h" +#ifdef __cplusplus +} +#endif + +#endif /* STM32HAL_H */ diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/stm32u5xx_hal_conf.h b/boards/st/nucleo_u5a5zj_q/tfm/include/stm32u5xx_hal_conf.h new file mode 100644 index 0000000000000..70c19234251a7 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/include/stm32u5xx_hal_conf.h @@ -0,0 +1,456 @@ +/* Define to prevent recursive inclusion -------------------------------------*/ +#ifndef STM32U5xx_HAL_CONF_H +#define STM32U5xx_HAL_CONF_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* Exported types ------------------------------------------------------------*/ +/* Exported constants --------------------------------------------------------*/ + +/* ########################## Module Selection ############################## */ +/** + * @brief This is the list of modules to be used in the HAL driver + */ +#define HAL_MODULE_ENABLED +/* #define HAL_ADC_MODULE_ENABLED */ +/* #define HAL_COMP_MODULE_ENABLED */ +/* #define HAL_CORDIC_MODULE_ENABLED */ +#define HAL_CORTEX_MODULE_ENABLED +/* #define HAL_CRC_MODULE_ENABLED */ +#define HAL_CRYP_MODULE_ENABLED +/* #define HAL_DAC_MODULE_ENABLED */ +/* #define HAL_DCACHE_MODULE_ENABLED */ +/* #define HAL_DCMI_MODULE_ENABLED */ +#define HAL_DMA_MODULE_ENABLED +/* #define HAL_DMA2D_MODULE_ENABLED */ +/* #define HAL_EXTI_MODULE_ENABLED */ +/* #define HAL_FDCAN_MODULE_ENABLED */ +#define HAL_FLASH_MODULE_ENABLED +/* #define HAL_FMAC_MODULE_ENABLED */ +#define HAL_GPIO_MODULE_ENABLED +#define HAL_GTZC_MODULE_ENABLED +#define HAL_HASH_MODULE_ENABLED +/* #define HAL_HCD_MODULE_ENABLED */ +/* #define HAL_I2C_MODULE_ENABLED */ +#define HAL_ICACHE_MODULE_ENABLED +/* #define HAL_IRDA_MODULE_ENABLED */ +/* #define HAL_IWDG_MODULE_ENABLED */ +/* #define HAL_LPTIM_MODULE_ENABLED */ +/* #define HAL_MDF_MODULE_ENABLED */ +/* #define HAL_MMC_MODULE_ENABLED */ +/* #define HAL_NAND_MODULE_ENABLED */ +/* #define HAL_NOR_MODULE_ENABLED */ +/* #define HAL_OPAMP_MODULE_ENABLED */ +/* #define HAL_OSPI_MODULE_ENABLED */ +/* #define HAL_OTFDEC_MODULE_ENABLED */ +/* #define HAL_PCD_MODULE_ENABLED */ +#define HAL_PKA_MODULE_ENABLED +/* #define HAL_PSSI_MODULE_ENABLED */ +#define HAL_PWR_MODULE_ENABLED +/* #define HAL_RAMCFG_MODULE_ENABLED */ +#define HAL_RCC_MODULE_ENABLED +#define HAL_RNG_MODULE_ENABLED +#define HAL_RTC_MODULE_ENABLED +/* #define HAL_SAI_MODULE_ENABLED */ +/* #define HAL_SD_MODULE_ENABLED */ +/* #define HAL_SMARTCARD_MODULE_ENABLED */ +/* #define HAL_SMBUS_MODULE_ENABLED */ +/* #define HAL_SPI_MODULE_ENABLED */ +/* #define HAL_SRAM_MODULE_ENABLED */ +/* #define HAL_TIM_MODULE_ENABLED */ +/* #define HAL_TSC_MODULE_ENABLED */ +#define HAL_UART_MODULE_ENABLED +/* #define HAL_USART_MODULE_ENABLED */ +/* #define HAL_WWDG_MODULE_ENABLED */ + +/* ########################## Oscillator Values adaptation ####################*/ +/** + * @brief Adjust the value of External High Speed oscillator (HSE) used in your application. + * This value is used by the RCC HAL module to compute the system frequency + * (when HSE is used as system clock source, directly or through the PLL). + */ +#if !defined(HSE_VALUE) +#define HSE_VALUE 16000000UL /*!< Value of the External oscillator in Hz */ +#endif /* HSE_VALUE */ + +#if !defined(HSE_STARTUP_TIMEOUT) +#define HSE_STARTUP_TIMEOUT 100UL /*!< Time out for HSE start up, in ms */ +#endif /* HSE_STARTUP_TIMEOUT */ + +/** + * @brief Internal Multiple Speed oscillator (MSI) default value. + * This value is the default MSI range value after Reset. + */ +#if !defined(MSI_VALUE) +#define MSI_VALUE 4000000UL /*!< Value of the Internal oscillator in Hz*/ +#endif /* MSI_VALUE */ + +/** + * @brief Internal High Speed oscillator (HSI) value. + * This value is used by the RCC HAL module to compute the system frequency + * (when HSI is used as system clock source, directly or through the PLL). + */ +#if !defined(HSI_VALUE) +#define HSI_VALUE 16000000UL /*!< Value of the Internal oscillator in Hz*/ +#endif /* HSI_VALUE */ + +/** + * @brief Internal High Speed oscillator (HSI48) value for USB FS, SDMMC and RNG. + * This internal oscillator is mainly dedicated to provide a high precision clock to + * the USB peripheral by means of a special Clock Recovery System (CRS) circuitry. + * When the CRS is not used, the HSI48 RC oscillator runs on it default frequency + * which is subject to manufacturing process variations. + */ +#if !defined(HSI48_VALUE) +#define HSI48_VALUE 48000000UL /*!< Value of the Internal High Speed oscillator for + * USB FS/SDMMC/RNG in Hz. The real value my vary + * depending on manufacturing process variations. + */ +#endif /* HSI48_VALUE */ + +/** + * @brief Internal Low Speed oscillator (LSI) value. + */ +#if !defined(LSI_VALUE) +#define LSI_VALUE 32000UL /*!< LSI Typical Value in Hz*/ +#endif /* LSI_VALUE */ /*!< Value of the Internal Low Speed oscillator in Hz. + * The real value may vary depending on the variations + * in voltage and temperature. + */ + +#if !defined(LSI_STARTUP_TIMEOUT) +#define LSI_STARTUP_TIMEOUT 130UL /*!< Time out for LSI start up, in ms */ +#endif /* LSI_STARTUP_TIMEOUT */ + +/** + * @brief External Low Speed oscillator (LSE) value. + * This value is used by the UART, RTC HAL module to compute the system frequency + */ +#if !defined(LSE_VALUE) +#define LSE_VALUE 32768UL /*!< Value of the External oscillator in Hz*/ +#endif /* LSE_VALUE */ + +#if !defined(LSE_STARTUP_TIMEOUT) +#define LSE_STARTUP_TIMEOUT 5000UL /*!< Time out for LSE start up, in ms */ +#endif /* LSE_STARTUP_TIMEOUT */ + +/** + * @brief External clock source for SAI1 peripheral + * This value is used by the RCC HAL module to compute the SAI1 & SAI2 clock source + * frequency. + */ +#if !defined(EXTERNAL_SAI1_CLOCK_VALUE) +#define EXTERNAL_SAI1_CLOCK_VALUE 48000UL /*!< Value of the SAI1 External clock source in Hz*/ +#endif /* EXTERNAL_SAI1_CLOCK_VALUE */ + +/* ########################### System Configuration ######################### */ +/** + * @brief This is the HAL system configuration section + */ +#define VDD_VALUE 3300UL /*!< Value of VDD in mv */ +#define TICK_INT_PRIORITY ((1UL<<__NVIC_PRIO_BITS) - 1UL) /*!< tick interrupt priority + * (lowest by default) + */ +#define USE_RTOS 0U +#define PREFETCH_ENABLE 1U /*!< Enable prefetch */ + +/* ########################## Assert Selection ############################## */ +/** + * @brief Uncomment the line below to expanse the "assert_param" macro in the + * HAL drivers code + */ +/* #define USE_FULL_ASSERT 1U */ + +/* ################## Register callback feature configuration ############### */ +/** + * @brief Set below the peripheral configuration to "1U" to add the support + * of HAL callback registration/unregistration feature for the HAL + * driver(s). This allows user application to provide specific callback + * functions thanks to HAL_PPP_RegisterCallback() rather than overwriting + * the default weak callback functions (see each stm32u5xx_hal_ppp.h file + * for possible callback identifiers defined in HAL_PPP_CallbackIDTypeDef + * for each PPP peripheral). + */ +#define USE_HAL_ADC_REGISTER_CALLBACKS 0U /* ADC register callback disabled */ +#define USE_HAL_COMP_REGISTER_CALLBACKS 0U /* COMP register callback disabled */ +#define USE_HAL_CORDIC_REGISTER_CALLBACKS 0U /* CORDIC register callback disabled */ +#define USE_HAL_CRYP_REGISTER_CALLBACKS 0U /* CRYP register callback disabled */ +#define USE_HAL_DAC_REGISTER_CALLBACKS 0U /* DAC register callback disabled */ +#define USE_HAL_DCMI_REGISTER_CALLBACKS 0U /* DCMI register callback disabled */ +#define USE_HAL_DMA2D_REGISTER_CALLBACKS 0U /* DMA2D register callback disabled */ +#define USE_HAL_ETH_REGISTER_CALLBACKS 0U /* ETH register callback disabled */ +#define USE_HAL_FDCAN_REGISTER_CALLBACKS 0U /* FDCAN register callback disabled */ +#define USE_HAL_FMAC_REGISTER_CALLBACKS 0U /* FMAC register callback disabled */ +#define USE_HAL_HASH_REGISTER_CALLBACKS 0U /* HASH register callback disabled */ +#define USE_HAL_HCD_REGISTER_CALLBACKS 0U /* HCD register callback disabled */ +#define USE_HAL_I2C_REGISTER_CALLBACKS 0U /* I2C register callback disabled */ +#define USE_HAL_IWDG_REGISTER_CALLBACKS 0U /* IWDG register callback disabled */ +#define USE_HAL_IRDA_REGISTER_CALLBACKS 0U /* IRDA register callback disabled */ +#define USE_HAL_LPTIM_REGISTER_CALLBACKS 0U /* LPTIM register callback disabled */ +#define USE_HAL_LTDC_REGISTER_CALLBACKS 0U /* LTDC register callback disabled */ +#define USE_HAL_MDF_REGISTER_CALLBACKS 0U /* MDF register callback disabled */ +#define USE_HAL_MMC_REGISTER_CALLBACKS 0U /* MMC register callback disabled */ +#define USE_HAL_NAND_REGISTER_CALLBACKS 0U /* NAND register callback disabled */ +#define USE_HAL_NOR_REGISTER_CALLBACKS 0U /* NOR register callback disabled */ +#define USE_HAL_OPAMP_REGISTER_CALLBACKS 0U /* MDIO register callback disabled */ +#define USE_HAL_OTFDEC_REGISTER_CALLBACKS 0U /* OTFDEC register callback disabled */ +#define USE_HAL_PCD_REGISTER_CALLBACKS 0U /* PCD register callback disabled */ +#define USE_HAL_PKA_REGISTER_CALLBACKS 0U /* PKA register callback disabled */ +#define USE_HAL_RAMCFG_REGISTER_CALLBACKS 0U /* RAMCFG register callback disabled */ +#define USE_HAL_RNG_REGISTER_CALLBACKS 0U /* RNG register callback disabled */ +#define USE_HAL_RTC_REGISTER_CALLBACKS 0U /* RTC register callback disabled */ +#define USE_HAL_SAI_REGISTER_CALLBACKS 0U /* SAI register callback disabled */ +#define USE_HAL_SD_REGISTER_CALLBACKS 0U /* SD register callback disabled */ +#define USE_HAL_SDRAM_REGISTER_CALLBACKS 0U /* SDRAM register callback disabled */ +#define USE_HAL_SMARTCARD_REGISTER_CALLBACKS 0U /* SMARTCARD register callback disabled */ +#define USE_HAL_SMBUS_REGISTER_CALLBACKS 0U /* SMBUS register callback disabled */ +#define USE_HAL_SPI_REGISTER_CALLBACKS 0U /* SPI register callback disabled */ +#define USE_HAL_SRAM_REGISTER_CALLBACKS 0U /* SRAM register callback disabled */ +#define USE_HAL_TIM_REGISTER_CALLBACKS 0U /* TIM register callback disabled */ +#define USE_HAL_TSC_REGISTER_CALLBACKS 0U /* TSC register callback disabled */ +#define USE_HAL_UART_REGISTER_CALLBACKS 0U /* UART register callback disabled */ +#define USE_HAL_USART_REGISTER_CALLBACKS 0U /* USART register callback disabled */ +#define USE_HAL_WWDG_REGISTER_CALLBACKS 0U /* WWDG register callback disabled */ + +/* ################## SPI peripheral configuration ########################## */ + +/* CRC FEATURE: Use to activate CRC feature inside HAL SPI Driver + * Activated: CRC code is present inside driver + * Deactivated: CRC code cleaned from driver + */ +#define USE_SPI_CRC 1U + +/* ################## SDMMC peripheral configuration ######################### */ + +#define USE_SD_TRANSCEIVER 0U + + +/* Includes ------------------------------------------------------------------*/ +/** + * @brief Include module's header file + */ + +#ifdef HAL_RCC_MODULE_ENABLED +#include "stm32u5xx_hal_rcc.h" +#endif /* HAL_RCC_MODULE_ENABLED */ + +#ifdef HAL_GPIO_MODULE_ENABLED +#include "stm32u5xx_hal_gpio.h" +#endif /* HAL_GPIO_MODULE_ENABLED */ + +#ifdef HAL_ICACHE_MODULE_ENABLED +#include "stm32u5xx_hal_icache.h" +#endif /* HAL_ICACHE_MODULE_ENABLED */ + +#ifdef HAL_DCACHE_MODULE_ENABLED +#include "stm32u5xx_hal_dcache.h" +#endif /* HAL_DCACHE_MODULE_ENABLED */ + +#ifdef HAL_GTZC_MODULE_ENABLED +#include "stm32u5xx_hal_gtzc.h" +#endif /* HAL_GTZC_MODULE_ENABLED */ + +#ifdef HAL_DMA_MODULE_ENABLED +#include "stm32u5xx_hal_dma.h" +#endif /* HAL_DMA_MODULE_ENABLED */ + +#ifdef HAL_DMA2D_MODULE_ENABLED +#include "stm32u5xx_hal_dma2d.h" +#endif /* HAL_DMA2D_MODULE_ENABLED */ + +#ifdef HAL_CORTEX_MODULE_ENABLED +#include "stm32u5xx_hal_cortex.h" +#endif /* HAL_CORTEX_MODULE_ENABLED */ + +#ifdef HAL_PKA_MODULE_ENABLED +#include "stm32u5xx_hal_pka.h" +#endif /* HAL_PKA_MODULE_ENABLED */ + +#ifdef HAL_ADC_MODULE_ENABLED +#include "stm32u5xx_hal_adc.h" +#endif /* HAL_ADC_MODULE_ENABLED */ + +#ifdef HAL_COMP_MODULE_ENABLED +#include "stm32u5xx_hal_comp.h" +#endif /* HAL_COMP_MODULE_ENABLED */ + +#ifdef HAL_CRC_MODULE_ENABLED +#include "stm32u5xx_hal_crc.h" +#endif /* HAL_CRC_MODULE_ENABLED */ + +#ifdef HAL_CRYP_MODULE_ENABLED +#include "stm32u5xx_hal_cryp.h" +#endif /* HAL_CRYP_MODULE_ENABLED */ + +#ifdef HAL_DAC_MODULE_ENABLED +#include "stm32u5xx_hal_dac.h" +#endif /* HAL_DAC_MODULE_ENABLED */ + +#ifdef HAL_FLASH_MODULE_ENABLED +#include "stm32u5xx_hal_flash.h" +#endif /* HAL_FLASH_MODULE_ENABLED */ + +#ifdef HAL_HASH_MODULE_ENABLED +#include "stm32u5xx_hal_hash.h" +#endif /* HAL_HASH_MODULE_ENABLED */ + +#ifdef HAL_SRAM_MODULE_ENABLED +#include "stm32u5xx_hal_sram.h" +#endif /* HAL_SRAM_MODULE_ENABLED */ + +#ifdef HAL_MMC_MODULE_ENABLED +#include "stm32u5xx_hal_mmc.h" +#endif /* HAL_MMC_MODULE_ENABLED */ + +#ifdef HAL_NOR_MODULE_ENABLED +#include "stm32u5xx_hal_nor.h" +#endif /* HAL_NOR_MODULE_ENABLED */ + +#ifdef HAL_NAND_MODULE_ENABLED +#include "stm32u5xx_hal_nand.h" +#endif /* HAL_NAND_MODULE_ENABLED */ + +#ifdef HAL_I2C_MODULE_ENABLED +#include "stm32u5xx_hal_i2c.h" +#endif /* HAL_I2C_MODULE_ENABLED */ + +#ifdef HAL_IWDG_MODULE_ENABLED +#include "stm32u5xx_hal_iwdg.h" +#endif /* HAL_IWDG_MODULE_ENABLED */ + +#ifdef HAL_LPTIM_MODULE_ENABLED +#include "stm32u5xx_hal_lptim.h" +#endif /* HAL_LPTIM_MODULE_ENABLED */ + +#ifdef HAL_OPAMP_MODULE_ENABLED +#include "stm32u5xx_hal_opamp.h" +#endif /* HAL_OPAMP_MODULE_ENABLED */ + +#ifdef HAL_PWR_MODULE_ENABLED +#include "stm32u5xx_hal_pwr.h" +#endif /* HAL_PWR_MODULE_ENABLED */ + +#ifdef HAL_OSPI_MODULE_ENABLED +#include "stm32u5xx_hal_ospi.h" +#endif /* HAL_OSPI_MODULE_ENABLED */ + +#ifdef HAL_RNG_MODULE_ENABLED +#include "stm32u5xx_hal_rng.h" +#endif /* HAL_RNG_MODULE_ENABLED */ + +#ifdef HAL_RTC_MODULE_ENABLED +#include "stm32u5xx_hal_rtc.h" +#endif /* HAL_RTC_MODULE_ENABLED */ + +#ifdef HAL_SAI_MODULE_ENABLED +#include "stm32u5xx_hal_sai.h" +#endif /* HAL_SAI_MODULE_ENABLED */ + +#ifdef HAL_SD_MODULE_ENABLED +#include "stm32u5xx_hal_sd.h" +#endif /* HAL_SD_MODULE_ENABLED */ + +#ifdef HAL_SMBUS_MODULE_ENABLED +#include "stm32u5xx_hal_smbus.h" +#endif /* HAL_SMBUS_MODULE_ENABLED */ + +#ifdef HAL_SPI_MODULE_ENABLED +#include "stm32u5xx_hal_spi.h" +#endif /* HAL_SPI_MODULE_ENABLED */ + +#ifdef HAL_TIM_MODULE_ENABLED +#include "stm32u5xx_hal_tim.h" +#endif /* HAL_TIM_MODULE_ENABLED */ + +#ifdef HAL_TSC_MODULE_ENABLED +#include "stm32u5xx_hal_tsc.h" +#endif /* HAL_TSC_MODULE_ENABLED */ + +#ifdef HAL_UART_MODULE_ENABLED +#include "stm32u5xx_hal_uart.h" +#endif /* HAL_UART_MODULE_ENABLED */ + +#ifdef HAL_USART_MODULE_ENABLED +#include "stm32u5xx_hal_usart.h" +#endif /* HAL_USART_MODULE_ENABLED */ + +#ifdef HAL_IRDA_MODULE_ENABLED +#include "stm32u5xx_hal_irda.h" +#endif /* HAL_IRDA_MODULE_ENABLED */ + +#ifdef HAL_SMARTCARD_MODULE_ENABLED +#include "stm32u5xx_hal_smartcard.h" +#endif /* HAL_SMARTCARD_MODULE_ENABLED */ + +#ifdef HAL_WWDG_MODULE_ENABLED +#include "stm32u5xx_hal_wwdg.h" +#endif /* HAL_WWDG_MODULE_ENABLED */ + +#ifdef HAL_PCD_MODULE_ENABLED +#include "stm32u5xx_hal_pcd.h" +#endif /* HAL_PCD_MODULE_ENABLED */ + +#ifdef HAL_HCD_MODULE_ENABLED +#include "stm32u5xx_hal_hcd.h" +#endif /* HAL_HCD_MODULE_ENABLED */ + +#ifdef HAL_CORDIC_MODULE_ENABLED +#include "stm32u5xx_hal_cordic.h" +#endif /* HAL_CORDIC_MODULE_ENABLED */ + +#ifdef HAL_DCMI_MODULE_ENABLED +#include "stm32u5xx_hal_dcmi.h" +#endif /* HAL_DCMI_MODULE_ENABLED */ + +#ifdef HAL_EXTI_MODULE_ENABLED +#include "stm32u5xx_hal_exti.h" +#endif /* HAL_EXTI_MODULE_ENABLED */ + +#ifdef HAL_FDCAN_MODULE_ENABLED +#include "stm32u5xx_hal_fdcan.h" +#endif /* HAL_FDCAN_MODULE_ENABLED */ + +#ifdef HAL_FMAC_MODULE_ENABLED +#include "stm32u5xx_hal_fmac.h" +#endif /* HAL_FMAC_MODULE_ENABLED */ + +#ifdef HAL_OTFDEC_MODULE_ENABLED +#include "stm32u5xx_hal_otfdec.h" +#endif /* HAL_OTFDEC_MODULE_ENABLED */ + +#ifdef HAL_PSSI_MODULE_ENABLED +#include "stm32u5xx_hal_pssi.h" +#endif /* HAL_PSSI_MODULE_ENABLED */ + +#ifdef HAL_RAMCFG_MODULE_ENABLED +#include "stm32u5xx_hal_ramcfg.h" +#endif /* HAL_RAMCFG_MODULE_ENABLED */ + +#ifdef HAL_MDF_MODULE_ENABLED +#include "stm32u5xx_hal_mdf.h" +#endif /* HAL_MDF_MODULE_ENABLED */ + +/* Exported macro ------------------------------------------------------------*/ +#ifdef USE_FULL_ASSERT +/** + * @brief The assert_param macro is used for function's parameters check. + * @param expr: If expr is false, it calls assert_failed function + * which reports the name of the source file and the source + * line number of the call that failed. + * If expr is true, it returns no value. + * @retval None + */ +#define assert_param(expr) ((expr) ? (void)0U : assert_failed((uint8_t *)__FILE__, __LINE__)) +/* Exported functions ------------------------------------------------------- */ +void assert_failed(uint8_t *file, uint32_t line); +#else +#define assert_param(expr) ((void)0U) +#endif /* USE_FULL_ASSERT */ + +#ifdef __cplusplus +} +#endif + +#endif /* STM32U5xx_HAL_CONF_H */ diff --git a/boards/st/nucleo_u5a5zj_q/tfm/keys/otp_provision.c b/boards/st/nucleo_u5a5zj_q/tfm/keys/otp_provision.c new file mode 100644 index 0000000000000..78b4847a5f9f9 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/keys/otp_provision.c @@ -0,0 +1,165 @@ +/** + ****************************************************************************** + * + * @file otp_provision.c + * @author MCD Application Team + * @brief File provisionning otp value + * + ****************************************************************************** + * @attention + * + *

© Copyright (c) 2020-2021 STMicroelectronics. + * All rights reserved.

+ *

© Copyright (c) 2022 Cypress Semiconductor Corporation + * (an Infineon company) or an affiliate of Cypress Semiconductor Corporation. + * All rights reserved.

+ *

© Copyright (c) 2025 Leica Geosystem AG. + * All rights reserved.

+ * This software component is licensed by ST under BSD 3-Clause license, + * the "License"; You may not use this file except in compliance with the + * License. You may obtain a copy of the License at: + * opensource.org/licenses/BSD-3-Clause + * + ****************************************************************************** + */ +#include "template/flash_otp_nv_counters_backend.h" +#include "tfm_plat_otp.h" +#include "tfm_attest_hal.h" +#include "psa/crypto.h" + +/* This file is generated by create_provisioning_data.py */ + +#define INT2LE(A) (uint8_t)(A & 0xFF), \ + (uint8_t)((A >> 8) & 0xFF), \ + (uint8_t)((A >> 16) & 0xFF), \ + (uint8_t)((A >> 24) & 0xFF) + +#define INT64NULL 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \ + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \ + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \ + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \ + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \ + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \ + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \ + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 + +#if defined(__ICCARM__) + __root +#endif + +#if defined(__ICCARM__) + #pragma default_function_attributes = @ ".BL2_OTP_Const" +#else + __attribute__((section(".BL2_OTP_Const"))) +#endif /* __ICCARM__ */ + +const struct flash_otp_nv_counters_region_t otp_stm_provision = { + .init_value = OTP_NV_COUNTERS_INITIALIZED, + + /* HUK */ + .huk = { + 0xc4, 0xc2, 0xc0, 0xc9, 0xdd, 0x04, 0xc1, 0x53, + 0xb2, 0x52, 0x15, 0x53, 0x2d, 0x78, 0xa0, 0xf5, + 0xec, 0x43, 0x4f, 0xa4, 0xa3, 0x56, 0x47, 0x93, + 0x6d, 0x38, 0x87, 0x2d, 0x28, 0xbb, 0x1d, 0xa5 + }, + + /* IAK */ + .iak = { + 0x01, 0x10, 0x6d, 0x97, 0x21, 0x67, 0x87, 0xd7, + 0x7c, 0xf0, 0x38, 0x5e, 0xeb, 0x08, 0x20, 0x21, + 0x59, 0x7d, 0xab, 0x32, 0xde, 0x2a, 0x56, 0x0b, + 0xe8, 0xcf, 0x35, 0x94, 0x37, 0x74, 0xbf, 0x98 + }, + + /* IAK len */ + .iak_len = {INT2LE(32)}, + +#ifdef SYMMETRIC_INITIAL_ATTESTATION + /* IAK type */ + .iak_type = {INT2LE(PSA_ALG_HMAC(PSA_ALG_SHA_256))}, +#else + /* IAK type */ + .iak_type = {INT2LE(PSA_ECC_FAMILY_SECP_R1)}, +#endif /* SYMMETRIC_INITIAL_ATTESTATION */ + + /* IAK id [32] */ + .iak_id = {'Z', 'e', 'p', 'h', 'y', 'r', ' ', 't', 'r', 'u', 's', 't', 'e', 'd', '-', + 'f', 'i', 'r', 'm', 'w', 'a', 'r', 'e', '-', 'm', '\0'}, + + /* boot seed */ + .boot_seed = { + 0x5c, 0xff, 0x23, 0xde, 0x30, 0xc4, 0x1c, 0x2a, + 0x0a, 0xc5, 0x27, 0xb3, 0xbc, 0xcf, 0x62, 0xf0, + 0x5d, 0x51, 0xbc, 0x18, 0xdd, 0x37, 0x39, 0x3f, + 0x4c, 0x86, 0x6d, 0x40, 0xfb, 0x8e, 0x7e, 0x2d + }, + + .lcs = {INT2LE(PLAT_OTP_LCS_SECURED)}, + + /* implementation id */ + .implementation_id = { + 0xdd, 0x8d, 0x94, 0x26, 0xd5, 0xb8, 0xba, 0x40, + 0x3d, 0x6d, 0x3d, 0x27, 0x32, 0xed, 0x54, 0x2a, + 0xf7, 0x91, 0x1c, 0x67, 0x96, 0x1a, 0x90, 0x96, + 0xf1, 0xfd, 0xa7, 0x94, 0x56, 0xb7, 0x40, 0xbe + }, + + /* certification reference */ + .cert_ref = { + 'z', 'e', 'p', 'h', 'y', 'r', 'R', 'T', 'O', 'S', ' ', + 'T', 'F', '-', 'M', '2', '2', '0' + }, + + /* verification_service_url */ + .verification_service_url = "www.trustedfirmware.org", + + /* attestation_profile_definition */ + .profile_definition = "PSA_IOT_PROFILE_1", + + .bl2_rotpk_0 = { + 0xce, 0x37, 0x7c, 0x05, 0xee, 0x7b, 0x7c, 0x35, + 0xbf, 0x24, 0xdb, 0x3d, 0xd2, 0x91, 0x46, 0x56, + 0x8a, 0x85, 0xe8, 0x83, 0x79, 0xb4, 0x97, 0x8c, + 0xd2, 0xf3, 0xe5, 0x92, 0x7a, 0x79, 0xdf, 0x38 + }, + + .bl2_rotpk_1 = { + 0xd3, 0x74, 0x82, 0x85, 0xbd, 0x72, 0x82, 0x0a, + 0x32, 0xe4, 0x28, 0x9c, 0x69, 0xbe, 0xe3, 0x7f, + 0x2f, 0x9b, 0xbe, 0xb9, 0xc7, 0x8e, 0x0b, 0x99, + 0x13, 0x96, 0x8e, 0x17, 0xc9, 0x52, 0xe1, 0xb9 + }, + + .bl2_nv_counter_0 = { INT64NULL }, + .bl2_nv_counter_1 = { INT64NULL }, + .bl2_nv_counter_2 = { INT64NULL }, + +#if (MCUBOOT_IMAGE_NUMBER > 2) + .bl2_rotpk_2 = { + + }, +#else + .bl2_rotpk_2 = { + 0xd3, 0x74, 0x82, 0x85, 0xbd, 0x72, 0x82, 0x0a, + 0x32, 0xe4, 0x28, 0x9c, 0x69, 0xbe, 0xe3, 0x7f, + 0x2f, 0x9b, 0xbe, 0xb9, 0xc7, 0x8e, 0x0b, 0x99, + 0x13, 0x96, 0x8e, 0x17, 0xc9, 0x52, 0xe1, 0xb9 + }, +#endif /* MCUBOOT_IMAGE_NUMBER > 2 */ + /* Entropy seed */ + .entropy_seed = { + 0x60, 0xc6, 0x08, 0x59, 0x60, 0x5e, 0xe2, 0x8a, + 0xa4, 0x87, 0x23, 0xf7, 0xec, 0xca, 0xb0, 0xc2, + 0xf7, 0x22, 0x25, 0x3a, 0x75, 0x84, 0xdb, 0x82, + 0x01, 0x9d, 0x73, 0x28, 0xca, 0x94, 0x8a, 0xd9, + 0x0c, 0x13, 0x42, 0xd9, 0x31, 0x0f, 0x90, 0x34, + 0x95, 0x2c, 0x27, 0x78, 0xe7, 0xcd, 0x05, 0x53, + 0xfb, 0xa2, 0x2d, 0x41, 0xb9, 0x52, 0xab, 0x8d, + 0xac, 0x0b, 0x55, 0xb1, 0x87, 0x66, 0x1f, 0xa6 + }, +#ifdef PLATFORM_DEFAULT_NV_COUNTERS + .flash_nv_counters = { 0x0, 0x0, 0x0 }, +#endif + .swap_count = 1 +}; diff --git a/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-private-bl2.pem b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-private-bl2.pem new file mode 100644 index 0000000000000..ff867812482dc --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-private-bl2.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC/QsWhlJEdIPRG +a/7KaYnyqjc6SrB4d5o8G/CkDtaDwvygGVTp9U970eevb3i5mcvIT3dDCL9Zy71L +4avZ8ceLzvtTxnNmQwFwLQiEBpQs4RyjZ4ZCJnxT3KpEcNUvWNMeZwADkF7sVkPP +ZOmpmDhvCAM/yEIlLV98ObTHC7Wbg55RCU1NdFV4AwbwuESGfIecS/9Mwt0zeK/g +QLyv8aTNQhMcRzHj2NMMVdY8IcE+Zuur2DJlwk2eVAoNgbp2PyxxXcw9yi5eC+ft +qUvwlRbEw7wSmVLnUZsuOU9Mj/fHIas4VKDfZ8qDsdTpkwU5WZcWAVl0DDJwe7pd +YXqB1yP9AgMBAAECggEAIfztbnCelhDSYAZWhaVaJpWxkUoPEKVecwKbEahyXgFj +T9cYlCfsC0qqs64pQ8BNKqhWfwLZsE0os0ij96vD5HgwiPtp6/kJ0yOpkP6zS8No +SbB+txgsPWHoHxf3Bn4wLEWtBrUb7T9KNxuNe34pvy9rFmVRvdYRkxuVIM8Xo44i +SX96lcNzEyAd0/rWZe9/ECGvY6yBtEJ4PvHH5reZxg/uN2YBYdYqrIDS/Ui4tFMt ++jtiMoaqhUrzhkcD6vlqdxZFrJzih9uwDexeLDZVZFgyMVCj5eiLb4eIp+aCJULK ++nAkrF6WkE3FW4DUiGk5VA0cwtgp90HseSlBDD0oiQKBgQDesLB9vy8pvkkziiXp +C11XTt+7Jry0dys8kIeHdF2OzZUlh+MVosn6RPe0iXDlfRKoNCJ4n7gY/ii27Bjc +an/LtFb4IeCD2yZA3evmXNdg1OT1H3n9cM17p0jg+wy+5udld/AyrCmNb/Xt398r +SguznggLLupCP0owW43S8O2xaQKBgQDb3pTI9L2qPMNqiWGItP7X25ZQ5prPfbOP +HqN6MCz0i4nGFqXDLaRUn5IQC2zBSeVr67KHaS7Jdk0Jf8Cq36PkPdk3kOmdCtuW +SYwDfTtnMithmVweVpWAuK2Xt1fMC8HrYZhdSQa/ieMit3decDrlnHxzUKWdtX78 +Nvj9oOu3dQKBgQCoFr5hbDnxTEx8tr4+1fEywbpmzaqKnZjpMj7ao58q90qo9ZUW +87V5Ty2Z/FRXJL08cX3DhuuzEcUxraxmU4z6+bjbutZ5MKYDOH+jdlisIoZf785o +2wh/WZnNGDJatnfbQ1jvJryGoggD8YPGbTG/9n0j09nG/3bEYZb/rhP8YQKBgQDP +ikzbW9nkZbL4T3GXf3HHA+nht6uODFN/1yXs4qistUJ5j0ss71pc3rsbFg20bjJ3 +Kma81xZo6JhTTRnqsWucuJzfjJRXvrYEKKxXZtC52muElySTJpu8g5aozVG8s6R6 +sQcHlzUde+TBEnlE1Z9iudHnb8rFEVsqbCGgF1QpOQKBgQCtFMX/INDgcC/yNnTs +Rtti0kfvyneTWBS/p/HpzXQVDtPpx0FVf5dKipoe9NzXvIFYSGABzViEDzZ/B0qe +ykjD9t3+jF4Dmj6g20ExLZCYsS5KOa2tNMJ/BVq6FXuYnzR8gHooOW5+KzrUmdYz +B7cOKI7HboLQn6sCF/+4dWSDKQ== +-----END PRIVATE KEY----- diff --git a/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-public-bl2.pem b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-public-bl2.pem new file mode 100644 index 0000000000000..72c3ab0b25403 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-public-bl2.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0LFoZSRHSD0Rmv+ymmJ +8qo3OkqweHeaPBvwpA7Wg8L8oBlU6fVPe9Hnr294uZnLyE93Qwi/Wcu9S+Gr2fHH +i877U8ZzZkMBcC0IhAaULOEco2eGQiZ8U9yqRHDVL1jTHmcAA5Be7FZDz2TpqZg4 +bwgDP8hCJS1ffDm0xwu1m4OeUQlNTXRVeAMG8LhEhnyHnEv/TMLdM3iv4EC8r/Gk +zUITHEcx49jTDFXWPCHBPmbrq9gyZcJNnlQKDYG6dj8scV3MPcouXgvn7alL8JUW +xMO8EplS51GbLjlPTI/3xyGrOFSg32fKg7HU6ZMFOVmXFgFZdAwycHu6XWF6gdcj +/QIDAQAB +-----END PUBLIC KEY----- diff --git a/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-ns.pem b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-ns.pem new file mode 100644 index 0000000000000..69a2eb06b885e --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-ns.pem @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCb9tq6QgnQcFvA +i7uEfFdi1zoZs4sbKMwJ8yGHezaRIF5qWdWiv1xv2xh+fMDey/7yB/D4GCAJ9Qv4 +kS/4PcT8791t5unqYRPeAMlpmH7nAotelNQH1wLV/KH6CTLigyJ6MJkAMZ6c1dbR +So+oYlaGFm7HciHF38mYFoDAvkmQaBhIiRrfzDaghDL7Zltgnv+kwyKVUG/63UQw +cIlfaBpI8QFAaTm5lA1y36ngX+gwNYCyzcmyPVVsvY1L4GnC9De91J2Wx1JRus9F +WOAKZcSxUAZJeKVYxdnjDYSaj0Of2o1isgGx3awI7wgYHKRjQlIWlrvhVSX7mQdM +ct3C5omHV6uOvVTwL43i22pClSUyQ0ZzLnjZ7EQzUbjFaoJFznNc26/o0E1oviZc +uaUrljsYVDGkL1SxajGpU5otedG40VSz4d350oQis9AftPk1qkHDoHlVwGep2cMo +zKsdIw6ph4NN4woxWxRc1D/gHEpNBxiEDWQvwSGnm6f6V34c8GcCAwEAAQKCAYAC +9eCZAH/nMPrM4NoiXana+nLj4gCV92RIHBFa3P/gKVkhc6sWd8NtbB8+52dR01V3 +iqcMTojtJ3WetkLO131Rv8vYNjXieQ1DfYhVNMvT3rx+gxyzOWWYYj9A28PXgN26 +rAl7c3WrTHPTbTLk41j5GpvntUbm1qSg+mxfPD1xPEiZt+CGtv2idl/xXbQGVX5M +xld1th0qCeEtejVhVjyJfemkK1spJqJKt+wlkix6HcnfmwBlHbztX3u7IPtg8/nD +SCi49TLYTH7kr4Xlpeo2+opV+s5dTAOST39EwSASdIW3PET3morX2Q7yw8IM5C+Q +Ek+SOvsebG945XfCUfy8QDg9y1chAEl93JMuXXakv4wQy/btMQiBg0J3t3E9R1pG +qxA+1d8KkAtnJE0gmTCL1tMrlj1tRWsBc8XdZp3uSGShjs7ncDn0GMKLdkMXfdbj +qU6lgik5vNR8ngioT2FGSlpJA1okztq6wAdQch5mL9S5Z0vP9fqQAm9vm6a232EC +gcEA2O9jGQ1u5AD76T1elm1du8J16J7S4b2Kh0km+qnz4IMU+hkE+eiIj/hCEJR4 +SFIFW45dXBDPSJleusJIJuFMIuwuBE0ucCzj9zjPF6L4TlwDyJeSVrHPDPJEPi7n +Pt2b6ANGKccB53gt+yKpqDWleyk121c80CF1zEwLPu4qVytKGqoP4tpPBgxr0hRi +8bQyqIK6R7grQMyMdlNskjzZPnM0UfvwZwbgB8iONN3iyjm6SiQz96mUpXFjEMfm +6COFAoHBALgMvSRuMvdT68+srAQPeofrIfgTXzPeJouzk+abDs4JPF5Pr15VxFF5 +FEPjX9SCuiggUGpmoiPcsiw/rYZCWOs4Wo3RF5zw3VY4NH3znTTxyz0aqVyMbGT7 +COf4u84FgxRC0rgD+EcEiWxaA48/bD6ii1b1hKL2XJxAfwznKUERRkl82sw9442w +ud2DQEwARSADwPHg/Dm1gHugfkQZvbe1hxa60vdllfT+GUnRKbYzqbO7qjLI1Qle +PegaOau5+wKBwQCUzY/yLU61Qx+I27m4AYjcNAVg7SDGC5esOLduFYndpMyMyQCq +06Bo8OeQK+dd5DUcmkjb0AP/ToS2InIPiVcKVWszNCX4eDJe8C7NjdI5HdDSlXWh +1hGqVbwN02p3qtc4jJZiLcnWlo8jxqENas757kitDef+9BSzcC3+mqucY2tPYvvG +peyyv25uCeHc3bgp8pIIhAHXTvfCanL81JRHzApFekVqxkKB1EYHaXQZNwPbu32S +ElaOLXrAlf6DmWkCgcAvazDMEwxUhq2puu4yuZ4zKJR+6tbLcT/zHFhNwMNmuCBy +mAsxvd0vtIdRGmLVSL0Xm4O8dibuIG1TUzCs96kbKVDDWwy/ZZtRHHgBv2NQgb+A +Rb8+1fsTZU4dHguc//SOoszRlkxAV93kKajjHk8QMCbAR89dgSXJKCDTvTb2ybGX +O3DP0F4xYkfw12EYc7VbkzwB1ZqGb8njkC0X9J3ZmA5u/8Fc9jJVhaYUS6x4ggUG +BqLKJM4mdL50b1VOdkMCgcEAxItw981Wvpxpif/EEc3jWfELtLihIBLzevin5DdM +zTMhJtK1PAUIrjon6ePqm2u3BEakswvXYypcQjNYv9fcNoQ8snShrgR/I4vw9HAe +/H0dzblIlwLjsWEM7YPZANXN351815TNJhVG2mviIyAxQWlSgdi16iwK/F+V3FDL +D/kYPSRynSzF3cOanVfOEKoHs4EE+JNReoHtLo09fkDAne8UWfA2yyI+Y5ohPZG4 +idQxE+pTMgQKXXUXoeNaXC7G +-----END PRIVATE KEY----- diff --git a/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-s.pem b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-s.pem new file mode 100644 index 0000000000000..88e9131b60392 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-s.pem @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDQaUrLMGIZ1nKT +Dd9PXmOGgPaSicPii2dKsvd+yl9iyYmJpzZSmH7hBcx4V0OjDcPRmn/I2v262FbY +otP+ao9OQbyJXh39wLasTfhcTURI52pSnJsjsoiFBCwOMzmMU/PYUac14wSWuFav +H7JD1AfQZ4BfHJdP6xR6wmeQgLiDiOPb3hneb4/i7sQiPULaf5LTJswGyiScRz7E +ZrJrinSlV6Nkky/VftBCBAf1h7kJnBhmE43uPlzoVQUfT5Sy5cdA63SQ3ZzNKLd+ +Pw5JawUZNy+17lDZWiWzJLcEw+MeWxvyDq7a8g7h8v6bRRBqsiVf08fScjAH7/Go +ef8ytecA15DObRY+dndY5DrrWI8TKddmmNmSOxeXv1RgYdV9Er6duX2AXNxgBcDg +/XsPIdfphthQx2+0YwQ+WHv+4JYl9ycIeGE8UdO0/dF1kTGxGU6E5XYWl5zpspyP +VzxwQ9XpMe6Kusq0+gwpK65xW/vujqU4xc2C8L/H3tOswrj02c8CAwEAAQKCAYAR +A2dtqud3QIBd7NX7/rKVOlXmpIRvK/4kpPN7UD31LIqjyBixKW3CJN0KPeVxnCAO +LlScKvRnml2Mlc5EiKJmOwuPEzXTjzXaXwsVTeFzKiEN2Wb4xQxL/4kxJ5FdGUVg +tVm3Fm87dpTs+uNskhSJOMnL+eOITKKBWvllXHyzkCs5uanW9LiESAWO3f1lJODx +h8tECqBueYpwMgoCqWzYSo02GqXfAdkyam3T5159oFaFjrcZadHfzYD7i12SNRun +GLhNfrkmDqvmnDuglpVWsXGbCI0pLMtj6MBBHll9TS0aLmMC43p3oXnuxVZRXpLe ++FPHEoBBdnCqfrEMGT6M+2HSG1NuVWQc++3EVnDtSyma7xb34UFX0xsw/xZERkhz +cb1Ye9WhhTzWfN5ADJ4UU6rM4B5+3wifukahRNsJsK+PaS5nbDwxGHA8+QKnoWsS +ROl0kLZO0s8s9TnuwzQ6cml9acKbZ3O8Q8Sa94OclabKOKEW0AEwsPHPOwHwqIEC +gcEA/hrZelyN91CfKv+/QB4Q1naijZLwSk6lz+WXwyvOmDATZRcsnEFmxBKM9tKO +V1ROHrFCcUgT2htxOB+ULlhmb3+RTBVxZpIk6f80vHkIZJPYSgxufliGg2P+thzW +kYJldqQBjWG+sgGV404/S80T7BcXETA/JII+Wr6/38UBF90yTedJBwf23hMKEaJW +vojEDYKq9C74f+BQtR2ksfOKPJERmqUiwH2Pw0xeYkzRrMKQt1doYB+zTB+0cwc/ +WcWhAoHBANH3M7h6Cn3O0GR3kcvZu9TyHDUsYPRk8/ByUHPnYxx7f6IkJOAdNl70 +wN70m/oPEUViUVjTPuuSXcAaUgBU9Cnk7Vm11fRGleJnVTglbEf9gH6b1K9jatfa +L3m8Xr9S36Ai8LGPiufHMHWEIfm+UUuKZsj5HzFZF95LPjNrw9OkLxoKc8PaMrcd +PsHygn07VV4GpYyIeAfFL3C+SY5opuTesFl8uZqeybzjYuByeZafm+2yYC+vEyYu ++O/P5iWJbwKBwF6HJng6jiV+vHeGhGMZzDG8GGSKURGTiGN6iaZ1WXmMCOsGX/YQ +7mXqcL4xPfqGxjjswEbcBWaR5uB1/u3uvMylrCudnn4Fx+20nq2uaMzhowiI72HZ +FNE0FcExoTCoTY6BHIK35fTaWiQhK7LLK6ocPNyMEjFGsmOXqlFYPDvgcaJBdA1F +jTS36Hr+5T4kKqrL/USxZIhNrjhyOp5odvhpDx90ZyUskJqaglIXObkG+Eb8ITwB +DvY2pS5Vd9+xgQKBwClAdDzuXVlSZMcYZuCyKqEv4DLiQTpDC1pWW1AqSeKysOTe +TRBrLN+DHtGvJWX/x9jl9C2Lc3U9EIZJpYrDJiWFAMz7WMnhhFkzDB832wpZ2AEI +BMVgtwEpsOIuDD9yvNTtiHSaSyQ2kmLETxiON9Kron4h0+sSIgpeph3cMmFGhKqN +GymDmSs457ebOd/45FDQ5X2y4kJEj4mLGVCNZxzYU7WBN8YVJHWkBy0p0JGzUiNl +RFiaAR0jZW1YX1NIqQKBwQDPZZ9G6QQgFK5G4iMwURy3VMaRfP8nrMezZWGcVaDI +BiEZ5hcRMhMvgpn0VSPQThNTMquk3lWhawe1o2p6XXmXLoyHuD7ShuvEOYovD8/j +Y7Cz1srLS2H+gZFg3qthsVCId4DyEyvOqcKn/wNF1B4SPCfZEw/Xy7PCu6XbXGTO +bPM8/T268D91ihzcbWNya7r4NYflyEscA7F8kx4D4l1x0cjifroTtTg7/1A/65j8 +GDCn7EhGET6DpG1SiqqMnlM= +-----END PRIVATE KEY----- diff --git a/boards/st/nucleo_u5a5zj_q/tfm/ns/CMakeLists.txt b/boards/st/nucleo_u5a5zj_q/tfm/ns/CMakeLists.txt new file mode 100644 index 0000000000000..010127b3f006d --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/ns/CMakeLists.txt @@ -0,0 +1,47 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023-2024, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- + +# This file is exported to NS side during CMake installation phase and renamed +# to CMakeLists.txt. It instructs how to build a platform on non-secture side. +# The structure and sources list are fully platform specific. + +add_library(platform_ns) + +target_sources(platform_ns + PUBLIC + ${CMAKE_CURRENT_LIST_DIR}/Device/Source/startup_stm32u5xx_ns.c + PRIVATE + hal/Src/stm32u5xx_hal.c + Device/Source/system_stm32u5xx.c + CMSIS_Driver/low_level_com.c + hal/Src/stm32u5xx_hal_dma.c + hal/Src/stm32u5xx_hal_dma_ex.c + hal/Src/stm32u5xx_hal_pwr.c + hal/Src/stm32u5xx_hal_pwr_ex.c + hal/Src/stm32u5xx_hal_rcc.c + hal/Src/stm32u5xx_hal_gpio.c + hal/Src/stm32u5xx_hal_uart.c + hal/Src/stm32u5xx_hal_uart_ex.c + hal/Src/stm32u5xx_hal_cortex.c + hal/Src/stm32u5xx_hal_rcc_ex.c +) + +target_include_directories(platform_ns + PUBLIC + include + ext/cmsis/Include + ext/cmsis/Include/m-profile + ext/common + Device/Include + hal/Inc +) + +# Include region_defs.h and flash_layout.h +target_include_directories(platform_region_defs + INTERFACE + partition +) diff --git a/boards/st/nucleo_u5a5zj_q/tfm/partition/flash_layout.h b/boards/st/nucleo_u5a5zj_q/tfm/partition/flash_layout.h new file mode 100644 index 0000000000000..d8d3da50e5836 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/partition/flash_layout.h @@ -0,0 +1,304 @@ +/* + * Copyright (c) 2018-2022 Arm Limited. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __FLASH_LAYOUT_H__ +#define __FLASH_LAYOUT_H__ +/* new field for OSPI */ + +/* This header file is included from linker scatter file as well, where only a + * limited C constructs are allowed. Therefore it is not possible to include + * here the platform_retarget.h to access flash related defines. To resolve this + * some of the values are redefined here with different names, these are marked + * with comment. + */ +/* Flash layout for catfish_beluga_b2_ns with BL2 (multiple image boot): + * + * Boot partition (384 KB): + * 0x0000_0000 SCRATCH (64KB) + * 0x0001_0000 BL2 - anti roll back counters (16 KB) + * 0x0001_4000 BL2 - MCUBoot protected (136 KB) + * 0x0003_6000 BL2 - MCUBoot unprotected (4 KB) + * 0x0003_7000 OTP Write Protect (4KB) + * 0x0003_8000 NV counters area (16 KB) + * 0x0003_c000 Secure Storage Area (64 KB) + * 0x0004_c000 Internal Trusted Storage Area (64 KB) + * >0x0005_c000 Empty space reserved for bootloader area grow (16k) + * 0x0006_0000 Secure image primary slot (512 KB) Internal flash + * 0x000e_0000 Non-secure image primary slot (1280 KB) Internal flash + * 0x0022_0000 Secure image secondary slot (512 KB) Internal flash + * 0x002a_0000 Non-secure image secondary slot (1280 KB) Internal flash + * >0x003e_0000 User Reserved flash (storage) (128 KB) Internal flash + * + * Bl2 binary is written at 0x1_2000: + * it contains bl2_counter init value, OTP write protect, NV counters area init. + */ + +/* Flash layout info for BL2 bootloader */ +#define FLASH_AREA_IMAGE_SECTOR_SIZE (0x2000) /* 8 KB */ +#define FLASH_B_SIZE (0x200000) /* 2 MBytes*/ +#define FLASH_TOTAL_SIZE (FLASH_B_SIZE+FLASH_B_SIZE) /* 4 MBytes */ +#define FLASH_BASE_ADDRESS (0x0c000000) /* FLASH0_BASE_S */ + +/* Flash device ID */ + +/* Offset and size definitions of the flash partitions that are handled by the + * bootloader. The image swapping is done between IMAGE_0 and IMAGE_1, SCRATCH + * is used as a temporary storage during image swapping. + */ + +/* scratch area */ +#define FLASH_AREA_SCRATCH_OFFSET (0x0) +#define FLASH_AREA_SCRATCH_SIZE (0x10000) /* 64 KB */ + +/* Try to disable overwrite only mode */ +#undef MCUBOOT_OVERWRITE_ONLY + +/* control scratch area */ +#if (FLASH_AREA_SCRATCH_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 +#error "FLASH_AREA_SCRATCH_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE" +#endif /* (FLASH_AREA_SCRATCH_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0*/ + +/* area for bl2 anti roll back counter */ +#define FLASH_BL2_NVCNT_AREA_OFFSET (FLASH_AREA_SCRATCH_SIZE) /* @64 KB 0x10000 */ +#define FLASH_BL2_NVCNT_AREA_SIZE (FLASH_AREA_IMAGE_SECTOR_SIZE + \ + FLASH_AREA_IMAGE_SECTOR_SIZE) /* 16 KB */ +/* Area for downloading bl2 image */ +#define FLASH_AREA_BL2_BIN_OFFSET (FLASH_BL2_NVCNT_AREA_OFFSET + \ + FLASH_AREA_IMAGE_SECTOR_SIZE) /* @72 KB 0x12000 */ +/* personal Area Not used */ +#define FLASH_AREA_PERSO_OFFSET (FLASH_BL2_NVCNT_AREA_OFFSET + \ + FLASH_BL2_NVCNT_AREA_SIZE) /* @80 KB 0x14000 */ +#define FLASH_AREA_PERSO_SIZE (0x0) +/* control personal area */ +#if (FLASH_AREA_PERSO_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 +#error "FLASH_AREA_PERSO_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE" +#endif /* FLASH_AREA_PERSO_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */ + +/* area for BL2 code protected by hdp */ +#define FLASH_AREA_BL2_OFFSET (FLASH_AREA_PERSO_OFFSET + \ + FLASH_AREA_PERSO_SIZE) /* @80 KB 0x14000 */ +#define FLASH_AREA_BL2_SIZE (0x22000) /* 136 KB */ +/* HDP area end at this address */ +#define FLASH_BL2_HDP_END (FLASH_AREA_BL2_OFFSET + \ + FLASH_AREA_BL2_SIZE - 1) /* @216 KB - 1 */ +/* area for BL2 code not protected by hdp */ +#define FLASH_AREA_BL2_NOHDP_OFFSET (FLASH_AREA_BL2_OFFSET + \ + FLASH_AREA_BL2_SIZE) /* @216 KB 0x36000 */ +#define FLASH_AREA_BL2_NOHDP_CODE_SIZE (0x1000) /* 4 KB */ +#define FLASH_AREA_OTP_OFFSET (FLASH_AREA_BL2_NOHDP_OFFSET + \ + FLASH_AREA_BL2_NOHDP_CODE_SIZE) /* @220 KB 0x37000 */ +#define FLASH_AREA_OTP_SIZE (0x1000) /* 4 KB */ +#define FLASH_AREA_BL2_NOHDP_SIZE (FLASH_AREA_OTP_SIZE + \ + FLASH_AREA_BL2_NOHDP_CODE_SIZE) /* 8 KB */ +/* control area for BL2 code protected by hdp */ +#if (FLASH_AREA_BL2_NOHDP_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 +#error "HDP area must be aligned on FLASH_AREA_IMAGE_SECTOR_SIZE" +#endif /* (FLASH_AREA_BL2_NOHDP_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */ + +/* Non Volatile Counters definitions */ +#define FLASH_NV_COUNTERS_AREA_SIZE (FLASH_AREA_IMAGE_SECTOR_SIZE + \ + FLASH_AREA_IMAGE_SECTOR_SIZE) /* 16 KB */ +#define FLASH_NV_COUNTERS_AREA_OFFSET (FLASH_AREA_BL2_NOHDP_OFFSET + \ + FLASH_AREA_BL2_NOHDP_SIZE) /* @224 kB 0x38000 */ +/* Control Non Volatile Counters definitions */ +#if (FLASH_NV_COUNTER_AREA_SIZE % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 +#error "FLASH_NV_COUNTER_AREA_SIZE not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE" +#endif /* (FLASH_NV_COUNTER_AREA_SIZE % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */ + +/* Secure Storage (PS) Service definitions */ +#define FLASH_PS_AREA_SIZE (8 * FLASH_AREA_IMAGE_SECTOR_SIZE) /* 64 KB */ +#define FLASH_PS_AREA_OFFSET (FLASH_NV_COUNTERS_AREA_OFFSET + \ + FLASH_NV_COUNTERS_AREA_SIZE) /* @240 KB 0x3c000 */ + +/* Control Secure Storage (PS) Service definitions*/ +#if (FLASH_PS_AREA_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 +#error "FLASH_PS_AREA_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE" +#endif /* (FLASH_PS_AREA_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */ + +/* Internal Trusted Storage (ITS) Service definitions */ +#define FLASH_ITS_AREA_OFFSET (FLASH_PS_AREA_OFFSET + \ + FLASH_PS_AREA_SIZE) /* @304 KB 0x4c000 */ +#define FLASH_ITS_AREA_SIZE (8 * FLASH_AREA_IMAGE_SECTOR_SIZE) /* 64 KB */ + +/*Control Internal Trusted Storage (ITS) Service definitions */ +#if (FLASH_ITS_AREA_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 +#error "FLASH_ITS_AREA_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE" +#endif /* (FLASH_ITS_AREA_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */ + +#define FLASH_S_PARTITION_SIZE (0x80000) /* 512 KB for S partition - 512 KB*/ +#define FLASH_NS_PARTITION_SIZE (0x140000) /* 1280 KB for NS partition \ + * It must be a multiple of image sector size \ + */ +#define FLASH_PARTITION_SIZE (FLASH_S_PARTITION_SIZE + \ + FLASH_NS_PARTITION_SIZE) /* 1792 KB */ + +#if (FLASH_S_PARTITION_SIZE > FLASH_NS_PARTITION_SIZE) +#define FLASH_MAX_PARTITION_SIZE FLASH_S_PARTITION_SIZE +#else +#define FLASH_MAX_PARTITION_SIZE FLASH_NS_PARTITION_SIZE +#endif +/* Secure image primary slot */ +#define FLASH_AREA_0_ID (1) +#define FLASH_AREA_0_DEVICE_ID (FLASH_DEVICE_ID - FLASH_DEVICE_ID) +/* + * The original code is: + * #define FLASH_AREA_0_OFFSET (FLASH_ITS_AREA_OFFSET+FLASH_ITS_AREA_SIZE) + * + * Use fixed position offset to start S firmware to keep unsused area betwwen + * bootloader and S firmware. This allows bootloader to be increased and have + * application code compatible between different bootloader regions. + * + * The S firmware offset is now: 4MiB - Storage (128k) - NS (1280k) x 2 - S (512k) x 2 => + * 0x400000 - 0x20000 - 0x140000 x 2 - 0x80000 x 2 => 0x60000 + */ +#define FLASH_AREA_0_OFFSET (0x60000) /* @384 KB 0x60000 */ +/* Control Secure image primary slot */ +#if (FLASH_AREA_0_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 +#error "FLASH_AREA_0_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE" +#endif /* (FLASH_AREA_0_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */ + +#define FLASH_AREA_0_SIZE (FLASH_S_PARTITION_SIZE) +/* Non-secure image primary slot */ +#define FLASH_AREA_1_ID (FLASH_AREA_0_ID + 1) +#define FLASH_AREA_1_DEVICE_ID (FLASH_AREA_0_DEVICE_ID) +#define FLASH_AREA_1_OFFSET (FLASH_AREA_0_OFFSET + FLASH_AREA_0_SIZE) +/* Control Non-secure image primary slot */ +#if (FLASH_AREA_1_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 +#error "FLASH_AREA_1_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE" +#endif /* (FLASH_AREA_1_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */ + +#define FLASH_AREA_1_SIZE (FLASH_NS_PARTITION_SIZE) +/* Secure image secondary slot */ +#define FLASH_AREA_2_ID (FLASH_AREA_1_ID + 1) +#define FLASH_AREA_2_DEVICE_ID (FLASH_AREA_1_DEVICE_ID) +#if defined(EXTERNAL_FLASH) +#define FLASH_AREA_2_OFFSET (0x000000000) +#else +#define FLASH_AREA_2_OFFSET (FLASH_AREA_1_OFFSET + FLASH_AREA_1_SIZE) +#endif /* EXTERNAL FLASH */ +/* Control Secure image secondary slot */ +#if (FLASH_AREA_2_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 +#error "FLASH_AREA_2_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE" +#endif /* (FLASH_AREA_2_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */ + +#define FLASH_AREA_2_SIZE (FLASH_S_PARTITION_SIZE) +/* Non-secure image secondary slot */ +#define FLASH_AREA_3_ID (FLASH_AREA_2_ID + 1) +#define FLASH_AREA_3_DEVICE_ID (FLASH_AREA_2_DEVICE_ID) +#if defined(EXTERNAL_FLASH) +/* Add 0x8000 to fix tools issue on external flash */ /* TODO: What tools issue? */ +#define FLASH_AREA_3_OFFSET (FLASH_AREA_2_OFFSET + FLASH_AREA_2_SIZE /*+ 0x8000*/) +#else +#define FLASH_AREA_3_OFFSET (FLASH_AREA_2_OFFSET + FLASH_AREA_2_SIZE) +#endif /* EXTERNAL FLASH */ +#if (FLASH_AREA_3_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 +#error "FLASH_AREA_3_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE" +#endif /* (FLASH_AREA_3_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */ +/*Control Non-secure image secondary slot */ +#define FLASH_AREA_3_SIZE (FLASH_NS_PARTITION_SIZE) +#define FLASH_AREA_END_OFFSET (FLASH_AREA_3_OFFSET + FLASH_AREA_3_SIZE) +#define FLASH_AREA_SCRATCH_ID (FLASH_AREA_3_ID + 1) +#define FLASH_AREA_SCRATCH_DEVICE_ID (FLASH_AREA_3_DEVICE_ID) + +/* + * The maximum number of status entries supported by the bootloader. + */ +#define MCUBOOT_STATUS_MAX_ENTRIES ((FLASH_MAX_PARTITION_SIZE) / \ + FLASH_AREA_SCRATCH_SIZE) +/* Maximum number of image sectors supported by the bootloader. */ +#define MCUBOOT_MAX_IMG_SECTORS ((FLASH_MAX_PARTITION_SIZE) / \ + FLASH_AREA_IMAGE_SECTOR_SIZE) + +#define SECURE_IMAGE_OFFSET (0x0) +#define SECURE_IMAGE_MAX_SIZE FLASH_S_PARTITION_SIZE + +#define NON_SECURE_IMAGE_OFFSET (SECURE_IMAGE_OFFSET + SECURE_IMAGE_MAX_SIZE) +#define NON_SECURE_IMAGE_MAX_SIZE FLASH_NS_PARTITION_SIZE + +/* Flash device name used by BL2 and NV Counter + * Name is defined in flash driver file: low_level_flash.c + */ +#define TFM_NV_COUNTERS_FLASH_DEV TFM_Driver_FLASH0 +#define FLASH_DEV_NAME TFM_Driver_FLASH0 +#define TFM_HAL_FLASH_PROGRAM_UNIT (0x10) +/* Protected Storage (PS) Service definitions + * Note: Further documentation of these definitions can be found in the + * TF-M PS Integration Guide. + */ +#define TFM_HAL_PS_FLASH_DRIVER TFM_Driver_FLASH0 + +/* In this target the CMSIS driver requires only the offset from the base + * address instead of the full memory address. + */ +#define PS_SECTOR_SIZE FLASH_AREA_IMAGE_SECTOR_SIZE +/* The sectors must be in consecutive memory location */ +#define PS_NBR_OF_SECTORS (FLASH_PS_AREA_SIZE / PS_SECTOR_SIZE) +/* The maximum asset size to be stored in the ITS area */ +#define ITS_SECTOR_SIZE FLASH_AREA_IMAGE_SECTOR_SIZE +/* The sectors must be in consecutive memory location */ +#define ITS_NBR_OF_SECTORS (FLASH_ITS_AREA_SIZE / ITS_SECTOR_SIZE) + +/* Base address of dedicated flash area for PS */ +#define TFM_HAL_PS_FLASH_AREA_ADDR FLASH_PS_AREA_OFFSET +/* Size of dedicated flash area for PS */ +#define TFM_HAL_PS_FLASH_AREA_SIZE FLASH_PS_AREA_SIZE +#define PS_RAM_FS_SIZE TFM_HAL_PS_FLASH_AREA_SIZE +/* Number of physical erase sectors per logical FS block */ +#define TFM_HAL_PS_SECTORS_PER_BLOCK (1) +/* Smallest flash programmable unit in bytes */ +#define TFM_HAL_PS_PROGRAM_UNIT (0x10) + +/* Internal Trusted Storage (ITS) Service definitions + * Note: Further documentation of these definitions can be found in the + * TF-M ITS Integration Guide. + */ +#define TFM_HAL_ITS_FLASH_DRIVER TFM_Driver_FLASH0 + +/* In this target the CMSIS driver requires only the offset from the base + * address instead of the full memory address. + */ +/* Base address of dedicated flash area for ITS */ +#define TFM_HAL_ITS_FLASH_AREA_ADDR FLASH_ITS_AREA_OFFSET +/* Size of dedicated flash area for ITS */ +#define TFM_HAL_ITS_FLASH_AREA_SIZE FLASH_ITS_AREA_SIZE +#define ITS_RAM_FS_SIZE TFM_HAL_ITS_FLASH_AREA_SIZE +/* Number of physical erase sectors per logical FS block */ +#define TFM_HAL_ITS_SECTORS_PER_BLOCK (1) +/* Smallest flash programmable unit in bytes */ +#define TFM_HAL_ITS_PROGRAM_UNIT (0x10) +/* OTP area definition */ +#define TFM_OTP_NV_COUNTERS_AREA_ADDR FLASH_AREA_OTP_OFFSET +#define TFM_OTP_NV_COUNTERS_AREA_SIZE FLASH_AREA_OTP_SIZE +/* NV Counters definitions */ +#define TFM_NV_COUNTERS_AREA_ADDR FLASH_NV_COUNTERS_AREA_OFFSET +#define TFM_NV_COUNTERS_AREA_SIZE (0x20)/* 32 Bytes */ +#define TFM_NV_COUNTERS_SECTOR_ADDR FLASH_NV_COUNTERS_AREA_OFFSET +#define TFM_NV_COUNTERS_SECTOR_SIZE FLASH_AREA_IMAGE_SECTOR_SIZE + +/* BL2 NV Counters definitions */ +#define BL2_NV_COUNTERS_AREA_ADDR FLASH_BL2_NVCNT_AREA_OFFSET +#define BL2_NV_COUNTERS_AREA_SIZE FLASH_BL2_NVCNT_AREA_SIZE + +/* FIXME: not valid today */ +#define BL2_S_RAM_ALIAS_BASE (0x30000000) +#define BL2_NS_RAM_ALIAS_BASE (0x20000000) + +/* This area in SRAM 2 is updated BL2 and can be lock to avoid any changes */ +#define BOOT_TFM_SHARED_DATA_SIZE (0x400) +#define BOOT_TFM_SHARED_DATA_BASE (_SRAM3_BASE_S - BOOT_TFM_SHARED_DATA_SIZE) +#define SHARED_BOOT_MEASUREMENT_BASE BOOT_TFM_SHARED_DATA_BASE +#define SHARED_BOOT_MEASUREMENT_SIZE BOOT_TFM_SHARED_DATA_SIZE +#endif /* __FLASH_LAYOUT_H__ */ diff --git a/boards/st/nucleo_u5a5zj_q/tfm/partition/region_defs.h b/boards/st/nucleo_u5a5zj_q/tfm/partition/region_defs.h new file mode 100644 index 0000000000000..daeea0f41ceda --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/partition/region_defs.h @@ -0,0 +1,301 @@ +/* + * Copyright (c) 2017-2022 ARM Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __REGION_DEFS_H__ +#define __REGION_DEFS_H__ +#include "flash_layout.h" + +#define BL2_HEAP_SIZE 0x0001000 +#define BL2_MSP_STACK_SIZE 0x0002000 + +#define LOADER_NS_MSP_STACK_SIZE 0x0000400 +#define LOADER_NS_HEAP_SIZE 0x0000200 +#define LOADER_NS_PSP_STACK_SIZE 0x0000400 + +#define LOADER_S_MSP_STACK_SIZE 0x0000400 +#define LOADER_S_HEAP_SIZE 0x0000200 +#define LOADER_S_PSP_STACK_SIZE 0x0000400 + +#ifdef ENABLE_HEAP + #define S_HEAP_SIZE (0x0000200) +#else + #define S_HEAP_SIZE (0x0000000) +#endif + +#define S_MSP_STACK_SIZE 0x0001800 +#define S_PSP_STACK_SIZE 0x0001800 + +#define NS_HEAP_SIZE 0x0002000 +#define NS_STACK_SIZE 0x0001800 + +/* GTZC specific Alignment */ +#define GTZC_RAM_ALIGN 512 +#define GTZC_FLASH_ALIGN 8192 + +/* FIX ME : include stm32u5xx.h instead */ +#define _SRAM2_TOP (0xD0000) /* 832Kbytes */ +#define _SRAM1_SIZE_MAX (0xC0000) /* SRAM1=768k */ +#define _SRAM2_SIZE_MAX (0x10000 - BOOT_TFM_SHARED_DATA_SIZE) /* SRAM2=64k -0x400 */ +#define _SRAM3_SIZE_MAX (0xD0000) /* 832Kbytes */ +#define _SRAM5_SIZE_MAX (0xD0000) /* 832Kbytes */ +#define _SRAM4_SIZE_MAX (0x04000) /* 16Kbytes */ + +/* Flash and internal SRAMs base addresses - Non secure aliased */ +#define _FLASH_BASE_NS (0x08000000) /* FLASH (4096 KB) */ +#define _SRAM1_BASE_NS (0x20000000) /* SRAM1 (768 KB) */ +#define _SRAM2_BASE_NS (_SRAM1_BASE_NS + _SRAM1_SIZE_MAX) /* SRAM2 ( 64 KB) */ +#define _SRAM3_BASE_NS (_SRAM2_BASE_NS + _SRAM2_SIZE_MAX + \ + BOOT_TFM_SHARED_DATA_SIZE) /* SRAM3 (768 KB) */ +#define _SRAM5_BASE_NS (_SRAM3_BASE_NS + _SRAM3_SIZE_MAX) /* SRAM5 (768 KB) */ +#define _SRAM4_BASE_NS (0x28000000) /* SRAM4 ( 16 KB) */ + +/* Flash and internal SRAMs base addresses - Secure aliased */ +#define _FLASH_BASE_S (0x0C000000) /* FLASH(4096 KB) */ +#define _SRAM1_BASE_S (0x30000000) /* SRAM1(768 KB) */ +#define _SRAM2_BASE_S (_SRAM1_BASE_S + _SRAM1_SIZE_MAX) /* SRAM2(64 KB) */ +#define _SRAM3_BASE_S (_SRAM2_BASE_S + _SRAM2_SIZE_MAX + \ + BOOT_TFM_SHARED_DATA_SIZE) /* SRAM3(832 KB) */ +#define _SRAM5_BASE_S (_SRAM3_BASE_S + _SRAM3_SIZE_MAX) /* SRAM5(832 KB) */ +#define _SRAM4_BASE_S (0x38000000) /* SRAM4(16 KB) */ + +#define TOTAL_ROM_SIZE FLASH_TOTAL_SIZE +#define TOTAL_RAM_SIZE (_SRAM1_SIZE_MAX + _SRAM2_SIZE_MAX) +/* 768 + 64 Kbytes - BOOT info */ +/* boot info are placed and locked at top of SRAM2 */ + +#define S_TOTAL_RAM2_SIZE (_SRAM2_SIZE_MAX) /*! size require for Secure part */ +#define S_TOTAL_RAM1_SIZE (0x50000) +#define S_TOTAL_RAM_SIZE (S_TOTAL_RAM2_SIZE + S_TOTAL_RAM1_SIZE) +#define NS_TOTAL_RAM_SIZE (TOTAL_RAM_SIZE - S_TOTAL_RAM_SIZE) + +/* + * Boot partition structure if MCUBoot is used: + * 0x0_0000 Bootloader header + * 0x0_0400 Image area + * 0x7_0000 Trailer + */ +/* IMAGE_CODE_SIZE is the space available for the software binary image. + * It is less than the FLASH_PARTITION_SIZE because we reserve space + * for the image header and trailer introduced by the bootloader. + */ + +#ifdef BL2 +#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_0_OFFSET) +#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_2_OFFSET) +#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_0_OFFSET + FLASH_S_PARTITION_SIZE) +#define NS_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_2_OFFSET + FLASH_S_PARTITION_SIZE) +#else +#error "Config without BL2 not supported" +#endif /* BL2 */ + + +#define IMAGE_S_CODE_SIZE \ + (FLASH_S_PARTITION_SIZE - BL2_HEADER_SIZE - BL2_TRAILER_SIZE) +#define IMAGE_NS_CODE_SIZE \ + (FLASH_NS_PARTITION_SIZE - BL2_HEADER_SIZE - BL2_TRAILER_SIZE) + +/* FIXME: veneer region size is increased temporarily while both legacy veneers + * and their iovec-based equivalents co-exist for secure partitions. To be + * adjusted as legacy veneers are eliminated + */ +#define CMSE_VENEER_REGION_SIZE (0x00000380) + +/* Use SRAM1 memory to store Code data */ +#define S_ROM_ALIAS_BASE (_FLASH_BASE_S) +#define NS_ROM_ALIAS_BASE (_FLASH_BASE_NS) + + +#define S_RAM_ALIAS_BASE (_SRAM1_BASE_S) +#define NS_RAM_ALIAS_BASE (_SRAM1_BASE_NS) + +/* Alias definitions for secure and non-secure areas*/ +#define S_ROM_ALIAS(x) (S_ROM_ALIAS_BASE + (x)) +#define NS_ROM_ALIAS(x) (NS_ROM_ALIAS_BASE + (x)) + +#define LOADER_NS_ROM_ALIAS(x) (_FLASH_BASE_NS + (x)) +#define LOADER_S_ROM_ALIAS(x) (_FLASH_BASE_S + (x)) + +#define S_RAM_ALIAS(x) (S_RAM_ALIAS_BASE + (x)) +#define NS_RAM_ALIAS(x) (NS_RAM_ALIAS_BASE + (x)) + +#define S_IMAGE_PRIMARY_AREA_OFFSET (S_IMAGE_PRIMARY_PARTITION_OFFSET + BL2_HEADER_SIZE) +#define S_CODE_START (S_ROM_ALIAS(S_IMAGE_PRIMARY_AREA_OFFSET)) +#define S_CODE_SIZE (IMAGE_S_CODE_SIZE - CMSE_VENEER_REGION_SIZE) +#define S_CODE_LIMIT ((S_CODE_START + S_CODE_SIZE) - 1) +#define S_DATA_START (S_RAM_ALIAS(NS_TOTAL_RAM_SIZE)) +#define S_DATA_SIZE (S_TOTAL_RAM_SIZE) +#define S_DATA_LIMIT (S_DATA_START + S_DATA_SIZE - 1) + +/* CMSE Veneers region */ +#define CMSE_VENEER_REGION_START (S_CODE_LIMIT + 1) +/* Non-secure regions */ + +/* Secure regions, the end of secure regions must be aligned on page size for dual bank 0x800 */ + +/* Offset and size definition in flash area, used by assemble.py + * 0x11400+0x33c00= 13000+34000 = 45000 + */ + +#define NS_IMAGE_PRIMARY_AREA_OFFSET (NS_IMAGE_PRIMARY_PARTITION_OFFSET + BL2_HEADER_SIZE) +#define NS_CODE_START (NS_ROM_ALIAS(NS_IMAGE_PRIMARY_AREA_OFFSET)) +#define NS_CODE_SIZE (IMAGE_NS_CODE_SIZE) +#define NS_CODE_LIMIT (NS_CODE_START + NS_CODE_SIZE - 1) +#define NS_DATA_START (NS_RAM_ALIAS(0)) +#define NS_NO_INIT_DATA_SIZE (0x100) +#define NS_DATA_SIZE (NS_TOTAL_RAM_SIZE) +#define NS_DATA_LIMIT (NS_DATA_START + NS_DATA_SIZE - 1) + +/* NS partition information is used for MPC and SAU configuration */ +#define NS_PARTITION_START (NS_CODE_START) +#define NS_PARTITION_SIZE (NS_CODE_SIZE) + +/* Secondary partition for new images/ in case of firmware upgrade */ +#define SECONDARY_PARTITION_START (NS_ROM_ALIAS(S_IMAGE_SECONDARY_PARTITION_OFFSET)) +#define SECONDARY_PARTITION_SIZE (FLASH_AREA_2_SIZE) + +#ifdef BL2 +/* Personalized region */ +#define PERSO_START (S_ROM_ALIAS(FLASH_AREA_PERSO_OFFSET)) +#define PERSO_SIZE (FLASH_AREA_PERSO_SIZE) +#define PERSO_LIMIT (PERSO_START + PERSO_SIZE - 1) + +/* Bootloader region protected by hdp */ +#define BL2_CODE_START (S_ROM_ALIAS(FLASH_AREA_BL2_OFFSET)) +#define BL2_CODE_SIZE (FLASH_AREA_BL2_SIZE) +#define BL2_CODE_LIMIT (BL2_CODE_START + BL2_CODE_SIZE - 1) + +/* Bootloader region not protected by hdp */ +#define BL2_NOHDP_CODE_START (S_ROM_ALIAS(FLASH_AREA_BL2_NOHDP_OFFSET)) +#define BL2_NOHDP_CODE_SIZE (FLASH_AREA_BL2_NOHDP_SIZE) +#define BL2_NOHDP_CODE_LIMIT (BL2_NOHDP_CODE_START + BL2_NOHDP_CODE_SIZE - 1) + +/* Bootloader boot address */ +#define BL2_BOOT_VTOR_ADDR (BL2_CODE_START) + +/* keep 256 bytes unused to place while(1) for non secure to enable */ + +/* regression from local tool with non secure attachment + * This avoid blocking board in case of hardening error + */ +#define BL2_DATA_START (S_RAM_ALIAS(_SRAM1_SIZE_MAX)) +#define BL2_DATA_SIZE (BOOT_TFM_SHARED_DATA_BASE - BL2_DATA_START) +#define BL2_DATA_LIMIT (BL2_DATA_START + BL2_DATA_SIZE - 1) + +/* Define BL2 MPU SRAM protection to remove execution capability */ +/* Area is covering the complete SRAM memory space non secure alias and secure alias */ +#define BL2_SRAM_AREA_BASE (_SRAM1_BASE_NS) +#define BL2_SRAM_AREA_END (_SRAM4_BASE_S + _SRAM4_SIZE_MAX - 1) + +/* Define Area provision by BL2 */ +#define BL2_OTP_AREA_BASE S_ROM_ALIAS(TFM_OTP_NV_COUNTERS_AREA_ADDR) +#define BL2_OTP_AREA_SIZE (TFM_OTP_NV_COUNTERS_AREA_SIZE) +/* Define Area for Initializing NVM counter */ +/* backup sector is initialised */ +#define BL2_NVM_AREA_BASE \ + S_ROM_ALIAS(TFM_NV_COUNTERS_AREA_ADDR + FLASH_AREA_IMAGE_SECTOR_SIZE) +#define BL2_NVM_AREA_SIZE (FLASH_AREA_IMAGE_SECTOR_SIZE) +/* Define Area for initializing BL2_NVCNT */ +/* backup sector is initialised */ +#define BL2_NVMCNT_AREA_BASE \ + S_ROM_ALIAS(FLASH_BL2_NVCNT_AREA_OFFSET + FLASH_AREA_IMAGE_SECTOR_SIZE) +#define BL2_NVMCNT_AREA_SIZE (FLASH_AREA_IMAGE_SECTOR_SIZE) +#endif /* BL2 */ + + +#define LOADER_NS_CODE_SIZE (0x6000) /* 24 Kbytes */ + +#if defined(MCUBOOT_PRIMARY_ONLY) + +/* Secure Loader Image */ +#define FLASH_AREA_LOADER_BANK_OFFSET \ + (FLASH_TOTAL_SIZE - LOADER_IMAGE_S_CODE_SIZE - LOADER_NS_CODE_SIZE) +#define FLASH_AREA_LOADER_OFFSET \ + (FLASH_TOTAL_SIZE - LOADER_IMAGE_S_CODE_SIZE - LOADER_NS_CODE_SIZE) + +/* Control Secure Loader Image */ +#if (FLASH_AREA_LOADER_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 +#error "FLASH_AREA_LOADER_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE" +#endif /* (FLASH_AREA_LOADER_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */ + +/* Non-Secure Loader Image */ +#define LOADER_NS_CODE_START \ + (LOADER_NS_ROM_ALIAS(FLASH_AREA_LOADER_OFFSET + LOADER_IMAGE_S_CODE_SIZE)) + +/* Control Non-Secure Loader Image */ +#if (LOADER_NS_CODE_START % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 +#error "LOADER_NS_CODE_START not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE" +#endif /* (LOADER_NS_CODE_START % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */ + +/* define used for checking possible overlap */ +#define LOADER_CODE_SIZE (LOADER_NS_CODE_SIZE + LOADER_IMAGE_S_CODE_SIZE) +#else +/* Loader Image */ +#define FLASH_AREA_LOADER_BANK_OFFSET (FLASH_TOTAL_SIZE - LOADER_NS_CODE_SIZE) +#define FLASH_AREA_LOADER_OFFSET (FLASH_TOTAL_SIZE - LOADER_NS_CODE_SIZE) +/* Control Loader Image */ +#if (FLASH_AREA_LOADER_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 +#error "FLASH_AREA_LOADER_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE" +#endif /* (FLASH_AREA_LOADER_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */ + +#define LOADER_NS_CODE_START (LOADER_NS_ROM_ALIAS(FLASH_AREA_LOADER_OFFSET)) +/* define used for checking possible overlap */ +#define LOADER_CODE_SIZE (LOADER_NS_CODE_SIZE) +#endif /* MCUBOOT_PRIMARY_ONLY */ + +#define LOADER_IMAGE_S_CODE_SIZE (0x4000) /* 16 Kbytes */ +#define LOADER_CMSE_VENEER_REGION_SIZE (0x100) +#define LOADER_S_CODE_START (LOADER_S_ROM_ALIAS(FLASH_AREA_LOADER_OFFSET)) +#define LOADER_S_CODE_SIZE (LOADER_IMAGE_S_CODE_SIZE - LOADER_CMSE_VENEER_REGION_SIZE) +#define LOADER_S_CODE_LIMIT (LOADER_S_CODE_START + LOADER_S_CODE_SIZE - 1) +#define LOADER_S_DATA_START (S_RAM_ALIAS(_SRAM1_SIZE_MAX)) +#define LOADER_S_DATA_SIZE (_SRAM2_SIZE_MAX) +#define LOADER_S_DATA_LIMIT (LOADER_S_DATA_START + LOADER_S_DATA_SIZE - 1) +#define LOADER_CMSE_VENEER_REGION_START (LOADER_S_CODE_LIMIT + 1) +#define LOADER_CMSE_VENEER_REGION_LIMIT \ + (LOADER_S_ROM_ALIAS(FLASH_AREA_LOADER_OFFSET + LOADER_IMAGE_S_CODE_SIZE - 1)) + +#define LOADER_NS_CODE_LIMIT (LOADER_NS_CODE_START+LOADER_NS_CODE_SIZE - 1) +#define LOADER_NS_DATA_START (NS_RAM_ALIAS(0x0)) +#define LOADER_NS_DATA_SIZE (_SRAM1_SIZE_MAX) +#define LOADER_NS_DATA_LIMIT (LOADER_NS_DATA_START + LOADER_NS_DATA_SIZE - 1) + +#ifdef MCUBOOT_PRIMARY_ONLY +#define LOADER_MAX_CODE_SIZE (FLASH_TOTAL_SIZE - FLASH_AREA_1_OFFSET - FLASH_AREA_1_SIZE) +#else +#define LOADER_MAX_CODE_SIZE (FLASH_TOTAL_SIZE - FLASH_AREA_3_OFFSET - FLASH_AREA_3_SIZE) +#endif /* MCUBOOT_PRIMARY_ONLY */ + +#if LOADER_CODE_SIZE > LOADER_MAX_CODE_SIZE +#error "Loader mapping overlapping slot %LOADER_CODE_SIZE %LOADER_MAX_CODE_SIZE" +#endif /* LOADER_CODE_SIZE > LOADER_MAX_CODE_SIZE */ + +/* TFM non volatile data (NVCNT/PS/ITS) region */ +#define TFM_NV_DATA_START (S_ROM_ALIAS(FLASH_AREA_OTP_OFFSET)) +#define TFM_NV_DATA_SIZE (FLASH_AREA_OTP_SIZE + FLASH_NV_COUNTERS_AREA_SIZE + \ + FLASH_PS_AREA_SIZE + FLASH_ITS_AREA_SIZE) +#define TFM_NV_DATA_LIMIT (TFM_NV_DATA_START + TFM_NV_DATA_SIZE - 1) +/* Additional Check to detect flash download slot overlap or overflow */ +#if defined(MCUBOOT_EXT_LOADER) +#define FLASH_AREA_END_OFFSET_MAX FLASH_AREA_LOADER_OFFSET +#else +#define FLASH_AREA_END_OFFSET_MAX (FLASH_TOTAL_SIZE) +#endif /* defined(MCUBOOT_EXT_LOADER) */ + +#if FLASH_AREA_END_OFFSET > FLASH_AREA_END_OFFSET_MAX +#error "Flash memory overflow" +#endif /* FLASH_AREA_END_OFFSET > FLASH_AREA_END_OFFSET_MAX */ + +#endif /* __REGION_DEFS_H__ */ diff --git a/boards/st/nucleo_u5a5zj_q/tfm/tests/psa_arch_tests_config.cmake b/boards/st/nucleo_u5a5zj_q/tfm/tests/psa_arch_tests_config.cmake new file mode 100644 index 0000000000000..dbcc8139d1977 --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/tfm/tests/psa_arch_tests_config.cmake @@ -0,0 +1,7 @@ +#------------------------------------------------------------------------------- +# Copyright (c) 2023 STMicroelectronics. All rights reserved. +# +# SPDX-License-Identifier: BSD-3-Clause +# +#------------------------------------------------------------------------------- +set(PSA_API_TEST_TARGET nucleo_u5a5zj_q) From 5e699895681dd21c215a404e163350e5d899a7cb Mon Sep 17 00:00:00 2001 From: BUDKE Gerson Fernando Date: Thu, 21 Aug 2025 18:41:30 +0200 Subject: [PATCH 4/4] boards: st: nucleo_u5a5zj_q: Add support to TF-M Introduce the TF-M support for the stm32u5a5xx SoC. Signed-off-by: BUDKE Gerson Fernando --- boards/st/nucleo_u5a5zj_q/Kconfig.defconfig | 24 +++++ .../nucleo_u5a5zj_q/Kconfig.nucleo_u5a5zj_q | 2 +- boards/st/nucleo_u5a5zj_q/board.cmake | 15 +++ boards/st/nucleo_u5a5zj_q/board.yml | 2 + boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts | 1 + .../nucleo_u5a5zj_q_stm32u5a5xx_ns.dts | 98 +++++++++++++++++++ .../nucleo_u5a5zj_q_stm32u5a5xx_ns.yaml | 27 +++++ .../nucleo_u5a5zj_q_stm32u5a5xx_ns_defconfig | 31 ++++++ 8 files changed, 199 insertions(+), 1 deletion(-) create mode 100644 boards/st/nucleo_u5a5zj_q/Kconfig.defconfig create mode 100644 boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.dts create mode 100644 boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.yaml create mode 100644 boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns_defconfig diff --git a/boards/st/nucleo_u5a5zj_q/Kconfig.defconfig b/boards/st/nucleo_u5a5zj_q/Kconfig.defconfig new file mode 100644 index 0000000000000..5630e5930471c --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/Kconfig.defconfig @@ -0,0 +1,24 @@ +# Copyright (c) 2025 +# SPDX-License-Identifier: Apache-2.0 + +if BOARD_NUCLEO_U5A5ZJ_Q + +config TFM_BOARD + default "${ZEPHYR_BASE}/boards/st/nucleo_u5a5zj_q/tfm" + +if BUILD_WITH_TFM + +config USE_DT_CODE_PARTITION + default y if TRUSTED_EXECUTION_NONSECURE + +config TFM_INITIAL_ATTESTATION_KEY + default y + +# Disabled to show how to define custom keys, +# see nucleo_u5a5zj_q_stm32u5a5xx_ns_defconfig +config TFM_DUMMY_PROVISIONING + default n + +endif # BUILD_WITH_TFM + +endif # BOARD_NUCLEO_U5A5ZJ_Q diff --git a/boards/st/nucleo_u5a5zj_q/Kconfig.nucleo_u5a5zj_q b/boards/st/nucleo_u5a5zj_q/Kconfig.nucleo_u5a5zj_q index 58256af223f38..8f850f91db02a 100644 --- a/boards/st/nucleo_u5a5zj_q/Kconfig.nucleo_u5a5zj_q +++ b/boards/st/nucleo_u5a5zj_q/Kconfig.nucleo_u5a5zj_q @@ -1,4 +1,4 @@ -# Copyright (c) 2023 STMicroelectronics +# Copyright (c) 2025 STMicroelectronics # SPDX-License-Identifier: Apache-2.0 config BOARD_NUCLEO_U5A5ZJ_Q diff --git a/boards/st/nucleo_u5a5zj_q/board.cmake b/boards/st/nucleo_u5a5zj_q/board.cmake index e846f79f3817b..0d02c605b67c1 100644 --- a/boards/st/nucleo_u5a5zj_q/board.cmake +++ b/boards/st/nucleo_u5a5zj_q/board.cmake @@ -1,3 +1,18 @@ +# SPDX-License-Identifier: Apache-2.0 + +if(CONFIG_BUILD_WITH_TFM) + set(TFM_FLASH_BASE_ADDRESS 0x0C000000) + + # Flash merged TF-M + Zephyr binary + set_property(TARGET runners_yaml_props_target PROPERTY hex_file tfm_merged.hex) + + if (CONFIG_HAS_FLASH_LOAD_OFFSET) + MATH(EXPR TFM_HEX_BASE_ADDRESS_NS "${TFM_FLASH_BASE_ADDRESS}+${CONFIG_FLASH_LOAD_OFFSET}") + else() + set(TFM_HEX_BASE_ADDRESS_NS ${TFM_TFM_FLASH_BASE_ADDRESS}) + endif() +endif() + # keep first board_runner_args(stm32cubeprogrammer "--port=swd" "--reset-mode=hw") diff --git a/boards/st/nucleo_u5a5zj_q/board.yml b/boards/st/nucleo_u5a5zj_q/board.yml index d5376588b215f..96cdbf94e8e81 100644 --- a/boards/st/nucleo_u5a5zj_q/board.yml +++ b/boards/st/nucleo_u5a5zj_q/board.yml @@ -4,3 +4,5 @@ board: vendor: st socs: - name: stm32u5a5xx + variants: + - name: ns diff --git a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts index 17b4b13e7de44..4760ab5c361d4 100644 --- a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts +++ b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts @@ -21,6 +21,7 @@ zephyr,flash = &flash0; zephyr,canbus = &fdcan1; zephyr,code-partition = &slot0_partition; + zephyr,entropy = &rng; }; aliases { diff --git a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.dts b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.dts new file mode 100644 index 0000000000000..b78639e79214a --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.dts @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2025 Leica Geosystems AG + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/dts-v1/; +#include "nucleo_u5a5zj_q-common.dtsi" + +/ { + model = "STMicroelectronics STM32U5A5ZJ-NUCLEO-Q board"; + compatible = "st,stm32u5a5zj-nucleo-q"; + + #address-cells = <1>; + #size-cells = <1>; + + chosen { + zephyr,console = &usart1; + zephyr,shell-uart = &usart1; + zephyr,sram = &sram0; + zephyr,flash = &flash0; + zephyr,code-partition = &slot0_ns_partition; + zephyr,entropy = &psa_rng; + }; + + aliases { + led0 = &blue_led_1; + sw0 = &user_button; + }; + + /* SRAM3 + SRAM5 (832 kiB + 832kiB)*/ + /delete-node/ memory@20000000; + sram0: memory@200d0000 { + compatible = "mmio-sram"; + reg = <0x200d0000 DT_SIZE_K(1664)>; + }; + + psa_rng: psa-rng { + compatible = "zephyr,psa-crypto-rng"; + status = "okay"; + }; +}; + +&flash0 { + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + /* + * Following flash partition is compatible with requirements + * given in TFM configuration given for current board. + * It might require adjustment depending on evolutions on TFM. + */ + boot_partition: partition@0 { + label = "mcuboot"; + reg = <0x00000000 DT_SIZE_K(384)>; + read-only; + }; + + /* Secure image primary slot */ + slot0_partition: partition@60000 { + label = "image-0"; + reg = <0x00060000 DT_SIZE_K(512)>; + }; + + /* Non-secure image primary slot */ + slot0_ns_partition: partition@e0000 { + label = "image-0-nonsecure"; + reg = <0x000e0000 DT_SIZE_K(1280)>; + }; + + /* Secure image secondary slot */ + slot1_partition: partition@220000 { + label = "image-1"; + reg = <0x00220000 DT_SIZE_K(512)>; + }; + + /* Non-secure image secondary slot */ + slot1_ns_partition: partition@2a0000 { + label = "image-1-nonsecure"; + reg = <0x002a0000 DT_SIZE_K(1280)>; + }; + + /* Applicative Non Volatile Storage */ + storage_partition: partition@3e0000 { + label = "storage"; + reg = <0x003e0000 DT_SIZE_K(128)>; + }; + }; +}; + +&usart1 { + pinctrl-0 = <&usart1_tx_pa9 &usart1_rx_pa10>; + pinctrl-names = "default"; + current-speed = <115200>; + status = "okay"; +}; diff --git a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.yaml b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.yaml new file mode 100644 index 0000000000000..02dbd5211c27a --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.yaml @@ -0,0 +1,27 @@ +# +# Copyright (c) 2025 Leica Geosystems AG +# +# SPDX-License-Identifier: Apache-2.0 +# + +identifier: nucleo_u5a5zj_q/stm32u5a5xx/ns +name: ST Nucleo U5A5ZJ Q +type: mcu +arch: arm +toolchain: + - zephyr +supported: + - backup_sram + - can + - dac + - dma + - gpio + - i2c + - rtc + - spi + - trusted-firmware-m + - usart + - usbd + - watchdog +ram: 1664 +flash: 1280 diff --git a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns_defconfig b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns_defconfig new file mode 100644 index 0000000000000..e16562f776d5b --- /dev/null +++ b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns_defconfig @@ -0,0 +1,31 @@ +# +# Copyright (c) 2025 Leica Geosystems AG +# +# SPDX-License-Identifier: Apache-2.0 +# + +# enable uart driver +CONFIG_SERIAL=y + +# enable GPIO +CONFIG_GPIO=y + +# console +CONFIG_CONSOLE=y +CONFIG_UART_CONSOLE=y + +# Enable MPU +CONFIG_ARM_MPU=y + +# Enable HW stack protection +CONFIG_HW_STACK_PROTECTION=y + +# TF-M +CONFIG_ARM_TRUSTZONE_M=y +CONFIG_RUNTIME_NMI=y +CONFIG_TRUSTED_EXECUTION_NONSECURE=y + +# Keys - These are for development purposes only and should be changed. +CONFIG_TFM_MCUBOOT_SIGNATURE_TYPE="RSA-3072" +CONFIG_TFM_KEY_FILE_S="${BOARD_DIR}/tfm/keys/rsa-3072-private-s.pem" +CONFIG_TFM_KEY_FILE_NS="${BOARD_DIR}/tfm/keys/rsa-3072-private-ns.pem"