diff --git a/boards/adi/max32657evkit/Kconfig.defconfig b/boards/adi/max32657evkit/Kconfig.defconfig index 0309586a787e..dc6e2838d637 100644 --- a/boards/adi/max32657evkit/Kconfig.defconfig +++ b/boards/adi/max32657evkit/Kconfig.defconfig @@ -22,4 +22,24 @@ DT_CHOSEN_Z_CODE_PARTITION := zephyr,code-partition config FLASH_LOAD_SIZE default $(dt_chosen_reg_size_hex,$(DT_CHOSEN_Z_CODE_PARTITION)) +if BOARD_MAX32657EVKIT_MAX32657_NS + +config FLASH_LOAD_OFFSET + default $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_CODE_PARTITION)) + +# MAX32657 has one UART interface, +# It can be used either on TFM or Zephyr +# Enabling debug (TFM_SPM_LOG_LEVEL || TFM_PARTITION_LOG_LEVEL) will transfer it to the TFM side +# Disabling TFM debug will transfer it to the Zephyr side. + +choice TFM_SPM_LOG_LEVEL + default TFM_SPM_LOG_LEVEL_SILENCE +endchoice + +choice TFM_PARTITION_LOG_LEVEL + default TFM_PARTITION_LOG_LEVEL_SILENCE +endchoice + +endif # BOARD_MAX32657EVKIT_MAX32657_NS + endif # BOARD_MAX32657EVKIT diff --git a/boards/adi/max32657evkit/Kconfig.max32657evkit b/boards/adi/max32657evkit/Kconfig.max32657evkit index 7f1cae8fc837..c43a70cd6f71 100644 --- a/boards/adi/max32657evkit/Kconfig.max32657evkit +++ b/boards/adi/max32657evkit/Kconfig.max32657evkit @@ -2,4 +2,5 @@ # SPDX-License-Identifier: Apache-2.0 config BOARD_MAX32657EVKIT - select SOC_MAX32657 if BOARD_MAX32657EVKIT_MAX32657 + select SOC_MAX32657 if BOARD_MAX32657EVKIT_MAX32657 || \ + BOARD_MAX32657EVKIT_MAX32657_NS diff --git a/boards/adi/max32657evkit/board.cmake b/boards/adi/max32657evkit/board.cmake index 09717336e5fd..ecf66679a233 100644 --- a/boards/adi/max32657evkit/board.cmake +++ b/boards/adi/max32657evkit/board.cmake @@ -1,6 +1,10 @@ # Copyright (c) 2024-2025 Analog Devices, Inc. # SPDX-License-Identifier: Apache-2.0 +if(CONFIG_BOARD_MAX32657EVKIT_MAX32657_NS) + set_property(TARGET runners_yaml_props_target PROPERTY hex_file tfm_merged.hex) +endif() + board_runner_args(jlink "--device=MAX32657" "--reset-after-load") include(${ZEPHYR_BASE}/boards/common/openocd-adi-max32.boards.cmake) diff --git a/boards/adi/max32657evkit/board.yml b/boards/adi/max32657evkit/board.yml index 48af69011b6b..6fa072a593ce 100644 --- a/boards/adi/max32657evkit/board.yml +++ b/boards/adi/max32657evkit/board.yml @@ -6,3 +6,5 @@ board: vendor: adi socs: - name: max32657 + variants: + - name: "ns" diff --git a/boards/adi/max32657evkit/doc/index.rst b/boards/adi/max32657evkit/doc/index.rst index 67694e070eb1..e96410f6a1e1 100644 --- a/boards/adi/max32657evkit/doc/index.rst +++ b/boards/adi/max32657evkit/doc/index.rst @@ -288,6 +288,7 @@ Zephyr board options The MAX32657 microcontroller (MCU) is an advanced system-on-chip (SoC) featuring an ARM Cortex-M33 architecture that provides Trustzone technology which allow define secure and non-secure application. +Zephyr provides support for building for both Secure (S) and Non-Secure (NS) firmware. The BOARD options are summarized below: @@ -296,16 +297,18 @@ The BOARD options are summarized below: +===============================+===========================================+ | max32657evkit/max32657 | For building Trust Zone Disabled firmware | +-------------------------------+-------------------------------------------+ +| max32657evkit/max32657/ns | Building with TF-M (includes NS+S images) | ++-------------------------------+-------------------------------------------+ BOARD: max32657evkit/max32657 ============================= -Build the zephyr app for ``max32657evkit/max32657`` board will generate secure firmware +Build the zephyr app for ``max32657evkit/max32657`` board target will generate secure firmware for zephyr. In this configuration 960KB of flash is used to store the code and 64KB is used for storage section. In this mode tf-m is off and secure mode flag is on -``:kconfig:option:CONFIG_TRUSTED_EXECUTION_SECURE=y`` and -``:kconfig:option:CONFIG_BUILD_WITH_TFM=n`` +(:kconfig:option:`CONFIG_TRUSTED_EXECUTION_SECURE` to ``y`` and +:kconfig:option:`CONFIG_BUILD_WITH_TFM` to ``n``) +----------+------------------+---------------------------------+ | Name | Address[Size] | Comment | @@ -324,6 +327,172 @@ using :zephyr:code-sample:`blinky` sample: :goals: build +BOARD: max32657evkit/max32657/ns +================================ + +The ``max32657evkit/max32657/ns`` board target is used to build the secure firmware +image using TF-M (:kconfig:option:`CONFIG_BUILD_WITH_TFM` to ``y``) and +the non-secure firmware image using Zephyr +(:kconfig:option:`CONFIG_TRUSTED_EXECUTION_NONSECURE` to ``y``). + +Here are the instructions to build zephyr with a non-secure configuration, +using :zephyr:code-sample:`blinky` sample: + +.. zephyr-app-commands:: + :zephyr-app: samples/basic/blinky/ + :board: max32657evkit/max32657/ns + :goals: build + +The above command will: + * Build a bootloader image (MCUboot) + * Build a TF-M (secure) firmware image + * Build Zephyr application as non-secure firmware image + * Merge them as ``tfm_merged.hex`` which contain all images. + + +Note: + +Zephyr build TF-M with :kconfig:option:`CONFIG_TFM_PROFILE_TYPE_NOT_SET` mode +that meet most use case configuration especially for BLE related applications. +if TF-M small profile meet your application requirement you can set TF-M profile as small +:kconfig:option:`CONFIG_TFM_PROFILE_TYPE_SMALL` to ``y`` to decrease TF-M RAM and flash use. + + +Memory mappings +--------------- + +MAX32657 1MB flash and 256KB RAM split to define section for MCUBoot, +TF-M (S), Zephyr (NS) and storage that used for secure services and configurations. +Default layout of MAX32657 is listed in below table. + ++----------+------------------+---------------------------------+ +| Name | Address[Size] | Comment | ++==========+==================+=================================+ +| boot | 0x1000000[64K] | MCU Bootloader | ++----------+------------------+---------------------------------+ +| slot0 | 0x1010000[320k] | Secure image slot0 (TF-M) | ++----------+------------------+---------------------------------+ +| slot0_ns | 0x1060000[576k] | Non-secure image slot0 (Zephyr) | ++----------+------------------+---------------------------------+ +| slot1 | 0x10F0000[0k] | Updates slot0 image | ++----------+------------------+---------------------------------+ +| slot1_ns | 0x10F0000[0k] | Updates slot0_ns image | ++----------+------------------+---------------------------------+ +| storage | 0x10f0000[64k] | Persistent storage | ++----------+------------------+---------------------------------+ + + ++----------------+------------------+-------------------+ +| RAM | Address[Size] | Comment | ++================+==================+===================+ +| secure_ram | 0x20000000[64k] | Secure memory | ++----------------+------------------+-------------------+ +| non_secure_ram | 0x20010000[192k] | Non-Secure memory | ++----------------+------------------+-------------------+ + + +Flash memory layout are defines both on zephyr board file and `Trusted Firmware M`_ (TF-M) project +these definition shall be match. Zephyr defines it in +:zephyr_file:`boards/adi/max32657evkit/max32657evkit_max32657_common.dtsi` +file under flash section. TF-M project define them in +../modules/tee/tf-m/trusted-firmware-m/platform/ext/target/adi/max32657/partition/flash_layout.h file.` +If you would like to update flash region for your application you shall update related section in +these files. + +Additionally if firmware update feature requires slot1 and slot1_ns section need to be +defined. On default the section size set as 0 due to firmware update not requires on default. + + +Peripherals and Memory Ownership +-------------------------------- + +The ARM Security Extensions model allows system developers to partition device hardware and +software resources, so that they exist in either the Secure world for the security subsystem, +or the Normal world for everything else. Correct system design can ensure that no Secure world +assets can be accessed from the Normal world. A Secure design places all sensitive resources +in the Secure world, and ideally has robust software running that can protect assets against +a wide range of possible software attacks (`1`_). + +MPC (Memory Protection Controller) and PPC (Peripheral Protection Controller) are allow to +protect memory and peripheral. Incase of need peripheral and flash ownership can be updated in +../modules/tee/tf-m/trusted-firmware-m/platform/ext/target/adi/max32657/s_ns_access.cmake` +file by updating cmake flags to ON/OFF. + +As an example for below configuration TRNG, SRAM_0 and SRAM_1 is not going to be accessible +by non-secure. All others is going to be accessible by NS world. + +.. code-block:: + + set(ADI_NS_PRPH_GCR ON CACHE BOOL "") + set(ADI_NS_PRPH_SIR ON CACHE BOOL "") + set(ADI_NS_PRPH_FCR ON CACHE BOOL "") + set(ADI_NS_PRPH_WDT ON CACHE BOOL "") + set(ADI_NS_PRPH_AES OFF CACHE BOOL "") + set(ADI_NS_PRPH_AESKEY OFF CACHE BOOL "") + set(ADI_NS_PRPH_CRC ON CACHE BOOL "") + set(ADI_NS_PRPH_GPIO0 ON CACHE BOOL "") + set(ADI_NS_PRPH_TIMER0 ON CACHE BOOL "") + set(ADI_NS_PRPH_TIMER1 ON CACHE BOOL "") + set(ADI_NS_PRPH_TIMER2 ON CACHE BOOL "") + set(ADI_NS_PRPH_TIMER3 ON CACHE BOOL "") + set(ADI_NS_PRPH_TIMER4 ON CACHE BOOL "") + set(ADI_NS_PRPH_TIMER5 ON CACHE BOOL "") + set(ADI_NS_PRPH_I3C ON CACHE BOOL "") + set(ADI_NS_PRPH_UART ON CACHE BOOL "") + set(ADI_NS_PRPH_SPI ON CACHE BOOL "") + set(ADI_NS_PRPH_TRNG OFF CACHE BOOL "") + set(ADI_NS_PRPH_BTLE_DBB ON CACHE BOOL "") + set(ADI_NS_PRPH_BTLE_RFFE ON CACHE BOOL "") + set(ADI_NS_PRPH_RSTZ ON CACHE BOOL "") + set(ADI_NS_PRPH_BOOST ON CACHE BOOL "") + set(ADI_NS_PRPH_BBSIR ON CACHE BOOL "") + set(ADI_NS_PRPH_BBFCR ON CACHE BOOL "") + set(ADI_NS_PRPH_RTC ON CACHE BOOL "") + set(ADI_NS_PRPH_WUT0 ON CACHE BOOL "") + set(ADI_NS_PRPH_WUT1 ON CACHE BOOL "") + set(ADI_NS_PRPH_PWR ON CACHE BOOL "") + set(ADI_NS_PRPH_MCR ON CACHE BOOL "") + + # SRAMs + set(ADI_NS_SRAM_0 OFF CACHE BOOL "Size: 32KB") + set(ADI_NS_SRAM_1 OFF CACHE BOOL "Size: 32KB") + set(ADI_NS_SRAM_2 ON CACHE BOOL "Size: 64KB") + set(ADI_NS_SRAM_3 ON CACHE BOOL "Size: 64KB") + set(ADI_NS_SRAM_4 ON CACHE BOOL "Size: 64KB") + + # Ramfuncs section size + set(ADI_S_RAM_CODE_SIZE "0x800" CACHE STRING "Default: 2KB") + + # Flash: BL2, TFM and Zephyr are contiguous sections. + set(ADI_FLASH_AREA_BL2_SIZE "0x10000" CACHE STRING "Default: 64KB") + set(ADI_FLASH_S_PARTITION_SIZE "0x50000" CACHE STRING "Default: 320KB") + set(ADI_FLASH_NS_PARTITION_SIZE "0x90000" CACHE STRING "Default: 576KB") + set(ADI_FLASH_PS_AREA_SIZE "0x4000" CACHE STRING "Default: 16KB") + set(ADI_FLASH_ITS_AREA_SIZE "0x4000" CACHE STRING "Default: 16KB") + + # + # Allow user set S-NS resources ownership by overlay file + # + if(EXISTS "${CMAKE_BINARY_DIR}/../../s_ns_access_overlay.cmake") + include(${CMAKE_BINARY_DIR}/../../s_ns_access_overlay.cmake) + endif() + + +As an alternative method (which recommended) user can configurate ownership peripheral by +an cmake overlay file too without touching TF-M source files. For this path +create ``s_ns_access_overlay.cmake`` file under your project root folder and put peripheral/memory +you would like to be accessible by secure world. + +As an example if below configuration files been put in the ``s_ns_access_overlay.cmake`` file +TRNG, SRAM_0 and SRAM_1 will be accessible by secure world only. + +.. code-block:: + + set(ADI_NS_PRPH_TRNG OFF CACHE BOOL "") + set(ADI_NS_SRAM_0 OFF CACHE BOOL "Size: 32KB") + set(ADI_NS_SRAM_1 OFF CACHE BOOL "Size: 32KB") + + Programming and Debugging ************************* @@ -348,6 +517,34 @@ see the following message in the terminal: ***** Booting Zephyr OS build v4.1.0 ***** Hello World! max32657evkit/max32657 +Building and flashing secure/non-secure with Arm |reg| TrustZone |reg| +---------------------------------------------------------------------- +The TF-M integration samples can be run using the +``max32657evkit/max32657/ns`` board target. To run we need to manually flash +the resulting image (``tfm_merged.hex``) with a J-Link as follows +(reset and erase are for recovering a locked core): + +.. zephyr-app-commands:: + :zephyr-app: samples/hello_world + :board: max32657evkit/max32657/ns + :goals: build + +.. code-block:: console + + west flash --hex-file build/zephyr/tfm_merged.hex + +.. code-block:: console + + [INF] Starting bootloader + [WRN] This device was provisioned with dummy keys. This device is NOT SECURE + [INF] PSA Crypto init done, sig_type: RSA-3072 + [WRN] Cannot upgrade: slots have non-compatible sectors + [WRN] Cannot upgrade: slots have non-compatible sectors + [INF] Bootloader chainload address offset: 0x10000 + [INF] Jumping to the first image slot + ***** Booting Zephyr OS build v4.1.0 ***** + Hello World! max32657evkit/max32657/ns + Debugging ========= @@ -367,3 +564,12 @@ should see the following message in the terminal: ***** Booting Zephyr OS build v4.1.0 ***** Hello World! max32657evkit/max32657 + +References +********** + +.. _1: + https://developer.arm.com/documentation/100935/0100/The-TrustZone-hardware-architecture- + +.. _Trusted Firmware M: + https://tf-m-user-guide.trustedfirmware.org/building/tfm_build_instruction.html diff --git a/boards/adi/max32657evkit/max32657evkit_max32657_ns.dts b/boards/adi/max32657evkit/max32657evkit_max32657_ns.dts new file mode 100644 index 000000000000..a8e9369eeedb --- /dev/null +++ b/boards/adi/max32657evkit/max32657evkit_max32657_ns.dts @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2024-2025 Analog Devices, Inc. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/dts-v1/; + +#include +#include "max32657evkit_max32657_common.dtsi" + +/ { + chosen { + zephyr,sram = &non_secure_ram; + zephyr,flash = &flash0; + zephyr,code-partition = &slot0_ns_partition; + }; + + reserved-memory { + #address-cells = <1>; + #size-cells = <1>; + ranges; + + /* RAM split used by TFM */ + secure_ram: partition@20000000 { + label = "secure-memory"; + reg = <0x20000000 DT_SIZE_K(64)>; + }; + + non_secure_ram: partition@20010000 { + label = "non-secure-memory"; + reg = <0x20010000 DT_SIZE_K(192)>; + }; + }; +}; + +&flash0 { + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + boot_partition: partition@0 { + label = "mcuboot"; + reg = <0x0 DT_SIZE_K(64)>; + read-only; + }; + + slot0_partition: partition@10000 { + label = "image-0"; + reg = <0x10000 DT_SIZE_K(320)>; + }; + + slot0_ns_partition: partition@60000 { + label = "image-0-nonsecure"; + reg = <0x60000 DT_SIZE_K(576)>; + }; + + /* + * slot1_partition: partition@f0000 { + * label = "image-1"; + * reg = <0xf0000 DT_SIZE_K(0)>; + * }; + * slot1_ns_partition: partition@f0000 { + * label = "image-1-nonsecure"; + * reg = <0xf0000 DT_SIZE_K(0)>; + * }; + */ + + storage_partition: partition@f0000 { + label = "storage"; + reg = <0xf0000 DT_SIZE_K(64)>; + }; + }; +}; diff --git a/boards/adi/max32657evkit/max32657evkit_max32657_ns.yaml b/boards/adi/max32657evkit/max32657evkit_max32657_ns.yaml new file mode 100644 index 000000000000..82703d9e3544 --- /dev/null +++ b/boards/adi/max32657evkit/max32657evkit_max32657_ns.yaml @@ -0,0 +1,13 @@ +identifier: max32657evkit/max32657/ns +name: max32657evkit-max32657-Non-Secure +vendor: adi +type: mcu +arch: arm +toolchain: + - zephyr + - gnuarmemb +supported: + - serial + - gpio +ram: 192 +flash: 576 diff --git a/boards/adi/max32657evkit/max32657evkit_max32657_ns_defconfig b/boards/adi/max32657evkit/max32657evkit_max32657_ns_defconfig new file mode 100644 index 000000000000..d808f79c5459 --- /dev/null +++ b/boards/adi/max32657evkit/max32657evkit_max32657_ns_defconfig @@ -0,0 +1,19 @@ +# Copyright (c) 2024-2025 Analog Devices, Inc. +# SPDX-License-Identifier: Apache-2.0 + +# Enable GPIO +CONFIG_GPIO=y + +# Console +CONFIG_CONSOLE=y +CONFIG_UART_CONSOLE=y + +# Enable UART +CONFIG_SERIAL=y +CONFIG_UART_INTERRUPT_DRIVEN=y + +# It is non-secure fw, enable flags +CONFIG_TRUSTED_EXECUTION_NONSECURE=y + +# Set TFM and Zephyr sign key +CONFIG_TFM_MCUBOOT_SIGNATURE_TYPE="RSA-3072" diff --git a/dts/arm/adi/max32/max32657_ns.dtsi b/dts/arm/adi/max32/max32657_ns.dtsi new file mode 100644 index 000000000000..673ca25b0cfa --- /dev/null +++ b/dts/arm/adi/max32/max32657_ns.dtsi @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2024-2025 Analog Devices, Inc. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include +#include +#include + +/ { + soc { + sram: sram@20000000 { + ranges = <0x0 0x20000000 0x40000>; + }; + + peripheral: peripheral@40000000 { + ranges = <0x0 0x40000000 0x10000000>; + + pinctrl: pin-controller@8000 { + ranges = <0x8000 0x40008000 0x1000>; + }; + }; + + flc0: flash_controller@50029000 { + compatible = "adi,max32-flash-controller"; + reg = <0x50029000 0x400>; + + #address-cells = <1>; + #size-cells = <1>; + status = "okay"; + + flash0: flash@1000000 { + compatible = "soc-nv-flash"; + reg = <0x01000000 DT_SIZE_K(1024)>; + write-block-size = <16>; + erase-block-size = <8192>; + }; + }; + }; +}; + +#include "max32657_common.dtsi" diff --git a/modules/trusted-firmware-m/CMakeLists.txt b/modules/trusted-firmware-m/CMakeLists.txt index e7cfa66ef137..9130f9629789 100644 --- a/modules/trusted-firmware-m/CMakeLists.txt +++ b/modules/trusted-firmware-m/CMakeLists.txt @@ -246,6 +246,11 @@ if (CONFIG_BUILD_WITH_TFM) list(APPEND TFM_CMAKE_ARGS -DTFM_PLATFORM_NXP_HAL_FILE_PATH=${TFM_PLATFORM_NXP_HAL_FILE_PATH}) endif() + if(CONFIG_BOARD_MAX32657EVKIT_MAX32657_NS) + # Supply path to hal_adi for TF-M build + list(APPEND TFM_CMAKE_ARGS -DHAL_ADI_PATH=${ZEPHYR_ADI_MODULE_DIR}) + endif() + if(CONFIG_TFM_BL2 AND CONFIG_TFM_MCUBOOT_PATH_LOCAL) # Supply path to MCUboot for TF-M build list(APPEND TFM_CMAKE_ARGS -DMCUBOOT_PATH=${ZEPHYR_MCUBOOT_MODULE_DIR}) diff --git a/modules/trusted-firmware-m/Kconfig.tfm b/modules/trusted-firmware-m/Kconfig.tfm index 7a8e4592009f..d1cf81f8f0ac 100644 --- a/modules/trusted-firmware-m/Kconfig.tfm +++ b/modules/trusted-firmware-m/Kconfig.tfm @@ -22,6 +22,7 @@ config TFM_BOARD default "stm/stm32l562e_dk" if BOARD_STM32L562E_DK default "arm/musca_b1" if BOARD_V2M_MUSCA_B1 default "arm/musca_s1" if BOARD_V2M_MUSCA_S1 + default "adi/max32657" if BOARD_MAX32657EVKIT_MAX32657_NS default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf9160" if SOC_NRF9160 default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf9120" if SOC_NRF9120 default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf5340_cpuapp" if SOC_NRF5340_CPUAPP diff --git a/samples/tfm_integration/psa_crypto/boards/max32657evkit_max32657_ns.conf b/samples/tfm_integration/psa_crypto/boards/max32657evkit_max32657_ns.conf new file mode 100644 index 000000000000..82dda8af6ab8 --- /dev/null +++ b/samples/tfm_integration/psa_crypto/boards/max32657evkit_max32657_ns.conf @@ -0,0 +1,8 @@ +# Copyright (c) 2025 Analog Devices, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +CONFIG_TFM_IPC=n +CONFIG_TFM_SFN=y +CONFIG_TFM_ISOLATION_LEVEL=1 diff --git a/samples/tfm_integration/psa_crypto/sample.yaml b/samples/tfm_integration/psa_crypto/sample.yaml index ff5448cc5e6c..ea9844730fc1 100644 --- a/samples/tfm_integration/psa_crypto/sample.yaml +++ b/samples/tfm_integration/psa_crypto/sample.yaml @@ -20,6 +20,7 @@ tests: - nrf9160dk/nrf9160/ns - stm32l562e_dk/stm32l562xx/ns - bl5340_dvk/nrf5340/cpuapp/ns + - max32657evkit/max32657/ns integration_platforms: - mps2/an521/cpu0/ns harness: console diff --git a/samples/tfm_integration/psa_protected_storage/sample.yaml b/samples/tfm_integration/psa_protected_storage/sample.yaml index 0488e1a06cc0..753f10d92335 100644 --- a/samples/tfm_integration/psa_protected_storage/sample.yaml +++ b/samples/tfm_integration/psa_protected_storage/sample.yaml @@ -10,6 +10,7 @@ common: - nrf9160dk/nrf9160/ns - bl5340_dvk/nrf5340/cpuapp/ns - lpcxpresso55s69/lpc55s69/cpu0/ns + - max32657evkit/max32657/ns integration_platforms: - mps2/an521/cpu0/ns harness: console diff --git a/samples/tfm_integration/tfm_secure_partition/sample.yaml b/samples/tfm_integration/tfm_secure_partition/sample.yaml index 03b84ca634ba..f9d23b7a35bd 100644 --- a/samples/tfm_integration/tfm_secure_partition/sample.yaml +++ b/samples/tfm_integration/tfm_secure_partition/sample.yaml @@ -7,6 +7,7 @@ common: - nrf5340dk/nrf5340/cpuapp/ns - nrf9160dk/nrf9160/ns - lpcxpresso55s69/lpc55s69/cpu0/ns + - max32657evkit/max32657/ns integration_platforms: - mps2/an521/cpu0/ns harness: console diff --git a/soc/adi/max32/Kconfig b/soc/adi/max32/Kconfig index 63e2d1b4b3e7..5750ddb609aa 100644 --- a/soc/adi/max32/Kconfig +++ b/soc/adi/max32/Kconfig @@ -68,4 +68,9 @@ config MAX32_SECONDARY_RV32_BOOT_ADDRESS default $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_CODE_RV32_PARTITION)) depends on MAX32_SECONDARY_RV32 +config BUILD_WITH_TFM + default y if TRUSTED_EXECUTION_NONSECURE + help + Auto set WITH_TFM for a Non-Secure version of the board, + endif # SOC_FAMILY_MAX32 diff --git a/tests/subsys/jwt/testcase.yaml b/tests/subsys/jwt/testcase.yaml index 95ac8929baad..9a7a547f56ba 100644 --- a/tests/subsys/jwt/testcase.yaml +++ b/tests/subsys/jwt/testcase.yaml @@ -8,6 +8,8 @@ common: - qemu_x86 extra_configs: - CONFIG_TEST_RANDOM_GENERATOR=y + platform_exclude: + - max32657evkit/max32657/ns tests: libraries.encoding.jwt.ecdsa.psa: extra_configs: diff --git a/west.yml b/west.yml index fd2d3c486487..7a34ec14528d 100644 --- a/west.yml +++ b/west.yml @@ -360,7 +360,7 @@ manifest: groups: - tee - name: trusted-firmware-m - revision: 64738996dca5f5e058e0a358b81033f4b792be27 + revision: c150f48855f04d77451a39bfaa80d14eb61d918b path: modules/tee/tf-m/trusted-firmware-m groups: - tee