From 28cc41c02e4cff23a0398e70febcde1e7642884c Mon Sep 17 00:00:00 2001 From: Sadik Ozer Date: Tue, 15 Apr 2025 13:27:04 +0300 Subject: [PATCH 01/10] manifest: Update tf-m module for MAX32657 Update tf-m node to get MAX32657 support Signed-off-by: Sadik Ozer --- west.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/west.yml b/west.yml index fd2d3c486487..7a34ec14528d 100644 --- a/west.yml +++ b/west.yml @@ -360,7 +360,7 @@ manifest: groups: - tee - name: trusted-firmware-m - revision: 64738996dca5f5e058e0a358b81033f4b792be27 + revision: c150f48855f04d77451a39bfaa80d14eb61d918b path: modules/tee/tf-m/trusted-firmware-m groups: - tee From 0fb09d51290d14cdd356d7a201b7d769d97d10f8 Mon Sep 17 00:00:00 2001 From: Sadik Ozer Date: Tue, 2 Apr 2024 10:24:06 +0300 Subject: [PATCH 02/10] soc: Add the MAX32657 NS Peripheral This commit adds MAX32657 Non-Secure peripheral support Signed-off-by: Sadik Ozer --- dts/arm/adi/max32/max32657_ns.dtsi | 43 ++++++++++++++++++++++++++++++ soc/adi/max32/Kconfig | 5 ++++ 2 files changed, 48 insertions(+) create mode 100644 dts/arm/adi/max32/max32657_ns.dtsi diff --git a/dts/arm/adi/max32/max32657_ns.dtsi b/dts/arm/adi/max32/max32657_ns.dtsi new file mode 100644 index 000000000000..673ca25b0cfa --- /dev/null +++ b/dts/arm/adi/max32/max32657_ns.dtsi @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2024-2025 Analog Devices, Inc. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include +#include +#include + +/ { + soc { + sram: sram@20000000 { + ranges = <0x0 0x20000000 0x40000>; + }; + + peripheral: peripheral@40000000 { + ranges = <0x0 0x40000000 0x10000000>; + + pinctrl: pin-controller@8000 { + ranges = <0x8000 0x40008000 0x1000>; + }; + }; + + flc0: flash_controller@50029000 { + compatible = "adi,max32-flash-controller"; + reg = <0x50029000 0x400>; + + #address-cells = <1>; + #size-cells = <1>; + status = "okay"; + + flash0: flash@1000000 { + compatible = "soc-nv-flash"; + reg = <0x01000000 DT_SIZE_K(1024)>; + write-block-size = <16>; + erase-block-size = <8192>; + }; + }; + }; +}; + +#include "max32657_common.dtsi" diff --git a/soc/adi/max32/Kconfig b/soc/adi/max32/Kconfig index 63e2d1b4b3e7..5750ddb609aa 100644 --- a/soc/adi/max32/Kconfig +++ b/soc/adi/max32/Kconfig @@ -68,4 +68,9 @@ config MAX32_SECONDARY_RV32_BOOT_ADDRESS default $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_CODE_RV32_PARTITION)) depends on MAX32_SECONDARY_RV32 +config BUILD_WITH_TFM + default y if TRUSTED_EXECUTION_NONSECURE + help + Auto set WITH_TFM for a Non-Secure version of the board, + endif # SOC_FAMILY_MAX32 From 09fb5f0b120cc24992883200134d04db365ed44b Mon Sep 17 00:00:00 2001 From: Sadik Ozer Date: Wed, 3 Apr 2024 16:28:32 +0300 Subject: [PATCH 03/10] boards: Add MAX32657EVKit NS board This commit enables max32657 NS board support To build: - west build -b max32657evkit/max32657/ns -p Signed-off-by: Sadik Ozer --- boards/adi/max32657evkit/Kconfig.defconfig | 7 + .../adi/max32657evkit/Kconfig.max32657evkit | 3 +- boards/adi/max32657evkit/board.yml | 2 + boards/adi/max32657evkit/doc/index.rst | 212 +++++++++++++++++- .../max32657evkit_max32657_ns.dts | 75 +++++++ .../max32657evkit_max32657_ns.yaml | 13 ++ .../max32657evkit_max32657_ns_defconfig | 19 ++ modules/trusted-firmware-m/Kconfig.tfm | 1 + 8 files changed, 328 insertions(+), 4 deletions(-) create mode 100644 boards/adi/max32657evkit/max32657evkit_max32657_ns.dts create mode 100644 boards/adi/max32657evkit/max32657evkit_max32657_ns.yaml create mode 100644 boards/adi/max32657evkit/max32657evkit_max32657_ns_defconfig diff --git a/boards/adi/max32657evkit/Kconfig.defconfig b/boards/adi/max32657evkit/Kconfig.defconfig index 0309586a787e..bf48bf837698 100644 --- a/boards/adi/max32657evkit/Kconfig.defconfig +++ b/boards/adi/max32657evkit/Kconfig.defconfig @@ -22,4 +22,11 @@ DT_CHOSEN_Z_CODE_PARTITION := zephyr,code-partition config FLASH_LOAD_SIZE default $(dt_chosen_reg_size_hex,$(DT_CHOSEN_Z_CODE_PARTITION)) +if BOARD_MAX32657EVKIT_MAX32657_NS + +config FLASH_LOAD_OFFSET + default $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_CODE_PARTITION)) + +endif # BOARD_MAX32657EVKIT_MAX32657_NS + endif # BOARD_MAX32657EVKIT diff --git a/boards/adi/max32657evkit/Kconfig.max32657evkit b/boards/adi/max32657evkit/Kconfig.max32657evkit index 7f1cae8fc837..c43a70cd6f71 100644 --- a/boards/adi/max32657evkit/Kconfig.max32657evkit +++ b/boards/adi/max32657evkit/Kconfig.max32657evkit @@ -2,4 +2,5 @@ # SPDX-License-Identifier: Apache-2.0 config BOARD_MAX32657EVKIT - select SOC_MAX32657 if BOARD_MAX32657EVKIT_MAX32657 + select SOC_MAX32657 if BOARD_MAX32657EVKIT_MAX32657 || \ + BOARD_MAX32657EVKIT_MAX32657_NS diff --git a/boards/adi/max32657evkit/board.yml b/boards/adi/max32657evkit/board.yml index 48af69011b6b..6fa072a593ce 100644 --- a/boards/adi/max32657evkit/board.yml +++ b/boards/adi/max32657evkit/board.yml @@ -6,3 +6,5 @@ board: vendor: adi socs: - name: max32657 + variants: + - name: "ns" diff --git a/boards/adi/max32657evkit/doc/index.rst b/boards/adi/max32657evkit/doc/index.rst index 67694e070eb1..e96410f6a1e1 100644 --- a/boards/adi/max32657evkit/doc/index.rst +++ b/boards/adi/max32657evkit/doc/index.rst @@ -288,6 +288,7 @@ Zephyr board options The MAX32657 microcontroller (MCU) is an advanced system-on-chip (SoC) featuring an ARM Cortex-M33 architecture that provides Trustzone technology which allow define secure and non-secure application. +Zephyr provides support for building for both Secure (S) and Non-Secure (NS) firmware. The BOARD options are summarized below: @@ -296,16 +297,18 @@ The BOARD options are summarized below: +===============================+===========================================+ | max32657evkit/max32657 | For building Trust Zone Disabled firmware | +-------------------------------+-------------------------------------------+ +| max32657evkit/max32657/ns | Building with TF-M (includes NS+S images) | ++-------------------------------+-------------------------------------------+ BOARD: max32657evkit/max32657 ============================= -Build the zephyr app for ``max32657evkit/max32657`` board will generate secure firmware +Build the zephyr app for ``max32657evkit/max32657`` board target will generate secure firmware for zephyr. In this configuration 960KB of flash is used to store the code and 64KB is used for storage section. In this mode tf-m is off and secure mode flag is on -``:kconfig:option:CONFIG_TRUSTED_EXECUTION_SECURE=y`` and -``:kconfig:option:CONFIG_BUILD_WITH_TFM=n`` +(:kconfig:option:`CONFIG_TRUSTED_EXECUTION_SECURE` to ``y`` and +:kconfig:option:`CONFIG_BUILD_WITH_TFM` to ``n``) +----------+------------------+---------------------------------+ | Name | Address[Size] | Comment | @@ -324,6 +327,172 @@ using :zephyr:code-sample:`blinky` sample: :goals: build +BOARD: max32657evkit/max32657/ns +================================ + +The ``max32657evkit/max32657/ns`` board target is used to build the secure firmware +image using TF-M (:kconfig:option:`CONFIG_BUILD_WITH_TFM` to ``y``) and +the non-secure firmware image using Zephyr +(:kconfig:option:`CONFIG_TRUSTED_EXECUTION_NONSECURE` to ``y``). + +Here are the instructions to build zephyr with a non-secure configuration, +using :zephyr:code-sample:`blinky` sample: + +.. zephyr-app-commands:: + :zephyr-app: samples/basic/blinky/ + :board: max32657evkit/max32657/ns + :goals: build + +The above command will: + * Build a bootloader image (MCUboot) + * Build a TF-M (secure) firmware image + * Build Zephyr application as non-secure firmware image + * Merge them as ``tfm_merged.hex`` which contain all images. + + +Note: + +Zephyr build TF-M with :kconfig:option:`CONFIG_TFM_PROFILE_TYPE_NOT_SET` mode +that meet most use case configuration especially for BLE related applications. +if TF-M small profile meet your application requirement you can set TF-M profile as small +:kconfig:option:`CONFIG_TFM_PROFILE_TYPE_SMALL` to ``y`` to decrease TF-M RAM and flash use. + + +Memory mappings +--------------- + +MAX32657 1MB flash and 256KB RAM split to define section for MCUBoot, +TF-M (S), Zephyr (NS) and storage that used for secure services and configurations. +Default layout of MAX32657 is listed in below table. + ++----------+------------------+---------------------------------+ +| Name | Address[Size] | Comment | ++==========+==================+=================================+ +| boot | 0x1000000[64K] | MCU Bootloader | ++----------+------------------+---------------------------------+ +| slot0 | 0x1010000[320k] | Secure image slot0 (TF-M) | ++----------+------------------+---------------------------------+ +| slot0_ns | 0x1060000[576k] | Non-secure image slot0 (Zephyr) | ++----------+------------------+---------------------------------+ +| slot1 | 0x10F0000[0k] | Updates slot0 image | ++----------+------------------+---------------------------------+ +| slot1_ns | 0x10F0000[0k] | Updates slot0_ns image | ++----------+------------------+---------------------------------+ +| storage | 0x10f0000[64k] | Persistent storage | ++----------+------------------+---------------------------------+ + + ++----------------+------------------+-------------------+ +| RAM | Address[Size] | Comment | ++================+==================+===================+ +| secure_ram | 0x20000000[64k] | Secure memory | ++----------------+------------------+-------------------+ +| non_secure_ram | 0x20010000[192k] | Non-Secure memory | ++----------------+------------------+-------------------+ + + +Flash memory layout are defines both on zephyr board file and `Trusted Firmware M`_ (TF-M) project +these definition shall be match. Zephyr defines it in +:zephyr_file:`boards/adi/max32657evkit/max32657evkit_max32657_common.dtsi` +file under flash section. TF-M project define them in +../modules/tee/tf-m/trusted-firmware-m/platform/ext/target/adi/max32657/partition/flash_layout.h file.` +If you would like to update flash region for your application you shall update related section in +these files. + +Additionally if firmware update feature requires slot1 and slot1_ns section need to be +defined. On default the section size set as 0 due to firmware update not requires on default. + + +Peripherals and Memory Ownership +-------------------------------- + +The ARM Security Extensions model allows system developers to partition device hardware and +software resources, so that they exist in either the Secure world for the security subsystem, +or the Normal world for everything else. Correct system design can ensure that no Secure world +assets can be accessed from the Normal world. A Secure design places all sensitive resources +in the Secure world, and ideally has robust software running that can protect assets against +a wide range of possible software attacks (`1`_). + +MPC (Memory Protection Controller) and PPC (Peripheral Protection Controller) are allow to +protect memory and peripheral. Incase of need peripheral and flash ownership can be updated in +../modules/tee/tf-m/trusted-firmware-m/platform/ext/target/adi/max32657/s_ns_access.cmake` +file by updating cmake flags to ON/OFF. + +As an example for below configuration TRNG, SRAM_0 and SRAM_1 is not going to be accessible +by non-secure. All others is going to be accessible by NS world. + +.. code-block:: + + set(ADI_NS_PRPH_GCR ON CACHE BOOL "") + set(ADI_NS_PRPH_SIR ON CACHE BOOL "") + set(ADI_NS_PRPH_FCR ON CACHE BOOL "") + set(ADI_NS_PRPH_WDT ON CACHE BOOL "") + set(ADI_NS_PRPH_AES OFF CACHE BOOL "") + set(ADI_NS_PRPH_AESKEY OFF CACHE BOOL "") + set(ADI_NS_PRPH_CRC ON CACHE BOOL "") + set(ADI_NS_PRPH_GPIO0 ON CACHE BOOL "") + set(ADI_NS_PRPH_TIMER0 ON CACHE BOOL "") + set(ADI_NS_PRPH_TIMER1 ON CACHE BOOL "") + set(ADI_NS_PRPH_TIMER2 ON CACHE BOOL "") + set(ADI_NS_PRPH_TIMER3 ON CACHE BOOL "") + set(ADI_NS_PRPH_TIMER4 ON CACHE BOOL "") + set(ADI_NS_PRPH_TIMER5 ON CACHE BOOL "") + set(ADI_NS_PRPH_I3C ON CACHE BOOL "") + set(ADI_NS_PRPH_UART ON CACHE BOOL "") + set(ADI_NS_PRPH_SPI ON CACHE BOOL "") + set(ADI_NS_PRPH_TRNG OFF CACHE BOOL "") + set(ADI_NS_PRPH_BTLE_DBB ON CACHE BOOL "") + set(ADI_NS_PRPH_BTLE_RFFE ON CACHE BOOL "") + set(ADI_NS_PRPH_RSTZ ON CACHE BOOL "") + set(ADI_NS_PRPH_BOOST ON CACHE BOOL "") + set(ADI_NS_PRPH_BBSIR ON CACHE BOOL "") + set(ADI_NS_PRPH_BBFCR ON CACHE BOOL "") + set(ADI_NS_PRPH_RTC ON CACHE BOOL "") + set(ADI_NS_PRPH_WUT0 ON CACHE BOOL "") + set(ADI_NS_PRPH_WUT1 ON CACHE BOOL "") + set(ADI_NS_PRPH_PWR ON CACHE BOOL "") + set(ADI_NS_PRPH_MCR ON CACHE BOOL "") + + # SRAMs + set(ADI_NS_SRAM_0 OFF CACHE BOOL "Size: 32KB") + set(ADI_NS_SRAM_1 OFF CACHE BOOL "Size: 32KB") + set(ADI_NS_SRAM_2 ON CACHE BOOL "Size: 64KB") + set(ADI_NS_SRAM_3 ON CACHE BOOL "Size: 64KB") + set(ADI_NS_SRAM_4 ON CACHE BOOL "Size: 64KB") + + # Ramfuncs section size + set(ADI_S_RAM_CODE_SIZE "0x800" CACHE STRING "Default: 2KB") + + # Flash: BL2, TFM and Zephyr are contiguous sections. + set(ADI_FLASH_AREA_BL2_SIZE "0x10000" CACHE STRING "Default: 64KB") + set(ADI_FLASH_S_PARTITION_SIZE "0x50000" CACHE STRING "Default: 320KB") + set(ADI_FLASH_NS_PARTITION_SIZE "0x90000" CACHE STRING "Default: 576KB") + set(ADI_FLASH_PS_AREA_SIZE "0x4000" CACHE STRING "Default: 16KB") + set(ADI_FLASH_ITS_AREA_SIZE "0x4000" CACHE STRING "Default: 16KB") + + # + # Allow user set S-NS resources ownership by overlay file + # + if(EXISTS "${CMAKE_BINARY_DIR}/../../s_ns_access_overlay.cmake") + include(${CMAKE_BINARY_DIR}/../../s_ns_access_overlay.cmake) + endif() + + +As an alternative method (which recommended) user can configurate ownership peripheral by +an cmake overlay file too without touching TF-M source files. For this path +create ``s_ns_access_overlay.cmake`` file under your project root folder and put peripheral/memory +you would like to be accessible by secure world. + +As an example if below configuration files been put in the ``s_ns_access_overlay.cmake`` file +TRNG, SRAM_0 and SRAM_1 will be accessible by secure world only. + +.. code-block:: + + set(ADI_NS_PRPH_TRNG OFF CACHE BOOL "") + set(ADI_NS_SRAM_0 OFF CACHE BOOL "Size: 32KB") + set(ADI_NS_SRAM_1 OFF CACHE BOOL "Size: 32KB") + + Programming and Debugging ************************* @@ -348,6 +517,34 @@ see the following message in the terminal: ***** Booting Zephyr OS build v4.1.0 ***** Hello World! max32657evkit/max32657 +Building and flashing secure/non-secure with Arm |reg| TrustZone |reg| +---------------------------------------------------------------------- +The TF-M integration samples can be run using the +``max32657evkit/max32657/ns`` board target. To run we need to manually flash +the resulting image (``tfm_merged.hex``) with a J-Link as follows +(reset and erase are for recovering a locked core): + +.. zephyr-app-commands:: + :zephyr-app: samples/hello_world + :board: max32657evkit/max32657/ns + :goals: build + +.. code-block:: console + + west flash --hex-file build/zephyr/tfm_merged.hex + +.. code-block:: console + + [INF] Starting bootloader + [WRN] This device was provisioned with dummy keys. This device is NOT SECURE + [INF] PSA Crypto init done, sig_type: RSA-3072 + [WRN] Cannot upgrade: slots have non-compatible sectors + [WRN] Cannot upgrade: slots have non-compatible sectors + [INF] Bootloader chainload address offset: 0x10000 + [INF] Jumping to the first image slot + ***** Booting Zephyr OS build v4.1.0 ***** + Hello World! max32657evkit/max32657/ns + Debugging ========= @@ -367,3 +564,12 @@ should see the following message in the terminal: ***** Booting Zephyr OS build v4.1.0 ***** Hello World! max32657evkit/max32657 + +References +********** + +.. _1: + https://developer.arm.com/documentation/100935/0100/The-TrustZone-hardware-architecture- + +.. _Trusted Firmware M: + https://tf-m-user-guide.trustedfirmware.org/building/tfm_build_instruction.html diff --git a/boards/adi/max32657evkit/max32657evkit_max32657_ns.dts b/boards/adi/max32657evkit/max32657evkit_max32657_ns.dts new file mode 100644 index 000000000000..a8e9369eeedb --- /dev/null +++ b/boards/adi/max32657evkit/max32657evkit_max32657_ns.dts @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2024-2025 Analog Devices, Inc. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/dts-v1/; + +#include +#include "max32657evkit_max32657_common.dtsi" + +/ { + chosen { + zephyr,sram = &non_secure_ram; + zephyr,flash = &flash0; + zephyr,code-partition = &slot0_ns_partition; + }; + + reserved-memory { + #address-cells = <1>; + #size-cells = <1>; + ranges; + + /* RAM split used by TFM */ + secure_ram: partition@20000000 { + label = "secure-memory"; + reg = <0x20000000 DT_SIZE_K(64)>; + }; + + non_secure_ram: partition@20010000 { + label = "non-secure-memory"; + reg = <0x20010000 DT_SIZE_K(192)>; + }; + }; +}; + +&flash0 { + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + boot_partition: partition@0 { + label = "mcuboot"; + reg = <0x0 DT_SIZE_K(64)>; + read-only; + }; + + slot0_partition: partition@10000 { + label = "image-0"; + reg = <0x10000 DT_SIZE_K(320)>; + }; + + slot0_ns_partition: partition@60000 { + label = "image-0-nonsecure"; + reg = <0x60000 DT_SIZE_K(576)>; + }; + + /* + * slot1_partition: partition@f0000 { + * label = "image-1"; + * reg = <0xf0000 DT_SIZE_K(0)>; + * }; + * slot1_ns_partition: partition@f0000 { + * label = "image-1-nonsecure"; + * reg = <0xf0000 DT_SIZE_K(0)>; + * }; + */ + + storage_partition: partition@f0000 { + label = "storage"; + reg = <0xf0000 DT_SIZE_K(64)>; + }; + }; +}; diff --git a/boards/adi/max32657evkit/max32657evkit_max32657_ns.yaml b/boards/adi/max32657evkit/max32657evkit_max32657_ns.yaml new file mode 100644 index 000000000000..82703d9e3544 --- /dev/null +++ b/boards/adi/max32657evkit/max32657evkit_max32657_ns.yaml @@ -0,0 +1,13 @@ +identifier: max32657evkit/max32657/ns +name: max32657evkit-max32657-Non-Secure +vendor: adi +type: mcu +arch: arm +toolchain: + - zephyr + - gnuarmemb +supported: + - serial + - gpio +ram: 192 +flash: 576 diff --git a/boards/adi/max32657evkit/max32657evkit_max32657_ns_defconfig b/boards/adi/max32657evkit/max32657evkit_max32657_ns_defconfig new file mode 100644 index 000000000000..d808f79c5459 --- /dev/null +++ b/boards/adi/max32657evkit/max32657evkit_max32657_ns_defconfig @@ -0,0 +1,19 @@ +# Copyright (c) 2024-2025 Analog Devices, Inc. +# SPDX-License-Identifier: Apache-2.0 + +# Enable GPIO +CONFIG_GPIO=y + +# Console +CONFIG_CONSOLE=y +CONFIG_UART_CONSOLE=y + +# Enable UART +CONFIG_SERIAL=y +CONFIG_UART_INTERRUPT_DRIVEN=y + +# It is non-secure fw, enable flags +CONFIG_TRUSTED_EXECUTION_NONSECURE=y + +# Set TFM and Zephyr sign key +CONFIG_TFM_MCUBOOT_SIGNATURE_TYPE="RSA-3072" diff --git a/modules/trusted-firmware-m/Kconfig.tfm b/modules/trusted-firmware-m/Kconfig.tfm index 7a8e4592009f..d1cf81f8f0ac 100644 --- a/modules/trusted-firmware-m/Kconfig.tfm +++ b/modules/trusted-firmware-m/Kconfig.tfm @@ -22,6 +22,7 @@ config TFM_BOARD default "stm/stm32l562e_dk" if BOARD_STM32L562E_DK default "arm/musca_b1" if BOARD_V2M_MUSCA_B1 default "arm/musca_s1" if BOARD_V2M_MUSCA_S1 + default "adi/max32657" if BOARD_MAX32657EVKIT_MAX32657_NS default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf9160" if SOC_NRF9160 default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf9120" if SOC_NRF9120 default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf5340_cpuapp" if SOC_NRF5340_CPUAPP From 48bbd99c2f27e51c6fc0402fa3ac783d3de09c41 Mon Sep 17 00:00:00 2001 From: Sadik Ozer Date: Fri, 3 Jan 2025 13:52:33 +0300 Subject: [PATCH 04/10] boards: adi: MAX32657evkit disable TF-M debugging MAX32657 has one UART interface, It can be used either on TF-M or Zephyr Enabling debug (TFM_SPM_LOG_LEVEL || TFM_PARTITION_LOG_LEVEL) will transfer it to the TF-M side Disabling TF-M debug will transfer it to the Zephyr side. This commit disable TFM debugs Signed-off-by: Sadik Ozer --- boards/adi/max32657evkit/Kconfig.defconfig | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/boards/adi/max32657evkit/Kconfig.defconfig b/boards/adi/max32657evkit/Kconfig.defconfig index bf48bf837698..dc6e2838d637 100644 --- a/boards/adi/max32657evkit/Kconfig.defconfig +++ b/boards/adi/max32657evkit/Kconfig.defconfig @@ -27,6 +27,19 @@ if BOARD_MAX32657EVKIT_MAX32657_NS config FLASH_LOAD_OFFSET default $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_CODE_PARTITION)) +# MAX32657 has one UART interface, +# It can be used either on TFM or Zephyr +# Enabling debug (TFM_SPM_LOG_LEVEL || TFM_PARTITION_LOG_LEVEL) will transfer it to the TFM side +# Disabling TFM debug will transfer it to the Zephyr side. + +choice TFM_SPM_LOG_LEVEL + default TFM_SPM_LOG_LEVEL_SILENCE +endchoice + +choice TFM_PARTITION_LOG_LEVEL + default TFM_PARTITION_LOG_LEVEL_SILENCE +endchoice + endif # BOARD_MAX32657EVKIT_MAX32657_NS endif # BOARD_MAX32657EVKIT From 27a9b25938c1a9389cd707715b6143ec38c2fa4d Mon Sep 17 00:00:00 2001 From: Mert Ekren Date: Mon, 23 Dec 2024 10:24:10 +0300 Subject: [PATCH 05/10] boards: max32657evkit/max32657/ns: flash tfm_merged.hex on default This commit provides flashing tfm_merged.hex (includes mcuboot+tfm+ns_image) on default. Signed-off-by: Mert Ekren --- boards/adi/max32657evkit/board.cmake | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/boards/adi/max32657evkit/board.cmake b/boards/adi/max32657evkit/board.cmake index 09717336e5fd..ecf66679a233 100644 --- a/boards/adi/max32657evkit/board.cmake +++ b/boards/adi/max32657evkit/board.cmake @@ -1,6 +1,10 @@ # Copyright (c) 2024-2025 Analog Devices, Inc. # SPDX-License-Identifier: Apache-2.0 +if(CONFIG_BOARD_MAX32657EVKIT_MAX32657_NS) + set_property(TARGET runners_yaml_props_target PROPERTY hex_file tfm_merged.hex) +endif() + board_runner_args(jlink "--device=MAX32657" "--reset-after-load") include(${ZEPHYR_BASE}/boards/common/openocd-adi-max32.boards.cmake) From 1604958b067c0d3a87dd48c8d8b758fa91e25427 Mon Sep 17 00:00:00 2001 From: Sadik Ozer Date: Thu, 23 Jan 2025 12:14:49 +0300 Subject: [PATCH 06/10] tests: subsys: jwt: Exlucde JWT test from auto tests JWT test fails on max32657evkit/max32657/ns board, due to it requries hardware TRNG on TF-M side which not activated yet until it's issue been fixed it is excluded from automated test to workflow been succeeded Signed-off-by: Sadik Ozer --- tests/subsys/jwt/testcase.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/subsys/jwt/testcase.yaml b/tests/subsys/jwt/testcase.yaml index 95ac8929baad..9a7a547f56ba 100644 --- a/tests/subsys/jwt/testcase.yaml +++ b/tests/subsys/jwt/testcase.yaml @@ -8,6 +8,8 @@ common: - qemu_x86 extra_configs: - CONFIG_TEST_RANDOM_GENERATOR=y + platform_exclude: + - max32657evkit/max32657/ns tests: libraries.encoding.jwt.ecdsa.psa: extra_configs: From f72bcb8c7e6ac526d404794689e459ba405f9a4c Mon Sep 17 00:00:00 2001 From: Sadik Ozer Date: Tue, 28 Jan 2025 16:31:12 +0300 Subject: [PATCH 07/10] samples: tfm_integration: Enable secure_partion on max32657evkit This commit enables secure_partion sample for max32657evkit NS board Signed-off-by: Sadik Ozer --- samples/tfm_integration/tfm_secure_partition/sample.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/samples/tfm_integration/tfm_secure_partition/sample.yaml b/samples/tfm_integration/tfm_secure_partition/sample.yaml index 03b84ca634ba..f9d23b7a35bd 100644 --- a/samples/tfm_integration/tfm_secure_partition/sample.yaml +++ b/samples/tfm_integration/tfm_secure_partition/sample.yaml @@ -7,6 +7,7 @@ common: - nrf5340dk/nrf5340/cpuapp/ns - nrf9160dk/nrf9160/ns - lpcxpresso55s69/lpc55s69/cpu0/ns + - max32657evkit/max32657/ns integration_platforms: - mps2/an521/cpu0/ns harness: console From 38bcee2e9062d7ee1df381aae8fd0f53a3d175c8 Mon Sep 17 00:00:00 2001 From: Sadik Ozer Date: Mon, 27 Jan 2025 16:13:30 +0300 Subject: [PATCH 08/10] samples: tfm_integration: Enable psa_protected test for max32657evkit This commit enable psa_protected_storage test for max32657evkit/ns board Signed-off-by: Sadik Ozer --- samples/tfm_integration/psa_protected_storage/sample.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/samples/tfm_integration/psa_protected_storage/sample.yaml b/samples/tfm_integration/psa_protected_storage/sample.yaml index 0488e1a06cc0..753f10d92335 100644 --- a/samples/tfm_integration/psa_protected_storage/sample.yaml +++ b/samples/tfm_integration/psa_protected_storage/sample.yaml @@ -10,6 +10,7 @@ common: - nrf9160dk/nrf9160/ns - bl5340_dvk/nrf5340/cpuapp/ns - lpcxpresso55s69/lpc55s69/cpu0/ns + - max32657evkit/max32657/ns integration_platforms: - mps2/an521/cpu0/ns harness: console From ba148cc36570e083548e11a7078965f89ba5fbad Mon Sep 17 00:00:00 2001 From: Sadik Ozer Date: Tue, 8 Apr 2025 14:32:27 +0300 Subject: [PATCH 09/10] samples: tfm_integration: psa_crypto: To works on MAX32657 Update psa_crypto test not work on MAX32657 This commit enable/disable flags for MAX32657 to make it works for MAX32657. Signed-off-by: Sadik Ozer --- .../psa_crypto/boards/max32657evkit_max32657_ns.conf | 8 ++++++++ samples/tfm_integration/psa_crypto/sample.yaml | 1 + 2 files changed, 9 insertions(+) create mode 100644 samples/tfm_integration/psa_crypto/boards/max32657evkit_max32657_ns.conf diff --git a/samples/tfm_integration/psa_crypto/boards/max32657evkit_max32657_ns.conf b/samples/tfm_integration/psa_crypto/boards/max32657evkit_max32657_ns.conf new file mode 100644 index 000000000000..82dda8af6ab8 --- /dev/null +++ b/samples/tfm_integration/psa_crypto/boards/max32657evkit_max32657_ns.conf @@ -0,0 +1,8 @@ +# Copyright (c) 2025 Analog Devices, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +CONFIG_TFM_IPC=n +CONFIG_TFM_SFN=y +CONFIG_TFM_ISOLATION_LEVEL=1 diff --git a/samples/tfm_integration/psa_crypto/sample.yaml b/samples/tfm_integration/psa_crypto/sample.yaml index ff5448cc5e6c..ea9844730fc1 100644 --- a/samples/tfm_integration/psa_crypto/sample.yaml +++ b/samples/tfm_integration/psa_crypto/sample.yaml @@ -20,6 +20,7 @@ tests: - nrf9160dk/nrf9160/ns - stm32l562e_dk/stm32l562xx/ns - bl5340_dvk/nrf5340/cpuapp/ns + - max32657evkit/max32657/ns integration_platforms: - mps2/an521/cpu0/ns harness: console From f3058cc773c9b92aed0520180ffd7d85d1c90522 Mon Sep 17 00:00:00 2001 From: Sadik Ozer Date: Fri, 11 Apr 2025 12:03:24 +0300 Subject: [PATCH 10/10] soc: adi: Do not download hal_adi for TF-M build Set HAL_ADI_PATH to TF-M uses hal_adi that comes with zephyr. Signed-off-by: Sadik Ozer --- modules/trusted-firmware-m/CMakeLists.txt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/trusted-firmware-m/CMakeLists.txt b/modules/trusted-firmware-m/CMakeLists.txt index e7cfa66ef137..9130f9629789 100644 --- a/modules/trusted-firmware-m/CMakeLists.txt +++ b/modules/trusted-firmware-m/CMakeLists.txt @@ -246,6 +246,11 @@ if (CONFIG_BUILD_WITH_TFM) list(APPEND TFM_CMAKE_ARGS -DTFM_PLATFORM_NXP_HAL_FILE_PATH=${TFM_PLATFORM_NXP_HAL_FILE_PATH}) endif() + if(CONFIG_BOARD_MAX32657EVKIT_MAX32657_NS) + # Supply path to hal_adi for TF-M build + list(APPEND TFM_CMAKE_ARGS -DHAL_ADI_PATH=${ZEPHYR_ADI_MODULE_DIR}) + endif() + if(CONFIG_TFM_BL2 AND CONFIG_TFM_MCUBOOT_PATH_LOCAL) # Supply path to MCUboot for TF-M build list(APPEND TFM_CMAKE_ARGS -DMCUBOOT_PATH=${ZEPHYR_MCUBOOT_MODULE_DIR})