zephyrproject-rtos/zephyr
0
0
Fork 0
mirror of https://github.com/zephyrproject-rtos/zephyr synced 2025-09-02 04:46:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
f66a0c3772
zephyr/samples/tfm_integration/tfm_ipc/README.rst
Nolwenn Violette fb88b0aafc sample: tfm_ipc: Add nucleo_l552ze_q support 
This commit adds the signing commands and the configuration required
to build a non secure image for a nucleo_l552ze_q.

Signed-off-by: Nolwenn Violette <nolwenn.violette01@st.com>
2020-08-27 12:02:16 +02:00

165 lines
5.1 KiB
ReStructuredText
Raw Blame History

.. _tfm_ipc:
TF-M IPC
########
Overview
********
This is a simple TF-M integration example that can be used with an ARMv8-M
supported board.
It uses **IPC Mode** for communication, where TF-M API calls are made to the
secure image via an IPC mechanism, as opposed to **Library Mode**, where the
IPC mechanism is bypassed in favor of direct calls.
Zephyr uses Trusted Firmware (TF-M) Platform Security Architecture (PSA) APIs
to run this sample in a secure configuration, with Zephyr itself running in a
non-secure configuration.
The sample prints test info to the console either as a single-thread or
multi-thread application.
Building and Running
********************
This project outputs test status and info to the console. It can be built and
executed on MPS2+ AN521 and ST Nucleo L552ZE Q.
On MPS2+ AN521:
===============
#. Build Zephyr with a non-secure configuration (``-DBOARD=mps2_an521_nonsecure``).
.. code-block:: bash
cd $ZEPHYR_ROOT/samples/tfm_integration/tfm_ipc/
mkdir build
cd build
cmake -DBOARD=mps2_an521_nonsecure ..
make
You can also use west as follows:
.. code-block:: bash
$ west build -p -b mps2_an521_nonsecure zephyr/samples/tfm_integration/tfm_ipc
#. Copy application binary files (mcuboot.bin and tfm_sign.bin) to ``<MPS2 device name>/SOFTWARE/``.
#. Open ``<MPS2 device name>/MB/HBI0263C/AN521/images.txt``. Edit the ``AN521/images.txt`` file as follows:
.. code-block:: bash
TITLE: Versatile Express Images Configuration File
[IMAGES]
TOTALIMAGES: 2 ;Number of Images (Max: 32)
IMAGE0ADDRESS: 0x10000000
IMAGE0FILE: \SOFTWARE\mcuboot.bin ; BL2 bootloader
IMAGE1ADDRESS: 0x10080000
IMAGE1FILE: \SOFTWARE\tfm_sign.bin ; TF-M with application binary blob
#. Reset MPS2+ board.
If you get the following error when running cmake:
.. code-block:: bash
CMake Error at cmake/Common/FindGNUARM.cmake:121 (message):
arm-none-eabi-gcc can not be found. Either put arm-none-eabi-gcc on the
PATH or set GNUARM_PATH properly.
You may need to edit the ``CMakeLists.txt`` file in the ``tfm_ipc`` project
folder to update the ``-DGNUARM_PATH=/opt/toolchain/arm-none-eabi`` path.
On QEMU:
========
The MPS2+ AN521 target (``mps2_an521_nonsecure``), which is based on a
dual core ARM Cortex-M33 setup, also allows you to run TF-M tests using QEMU if
you don't have access to a supported ARMv8-M development board.
As part of the normal build process above, a binary is also produced that can
be run via ``qemu-system-arm``. The binary can be executed as follows:
.. code-block:: bash
qemu-system-arm -M mps2-an521 -device loader,file=tfm_qemu.hex -serial stdio
You can also run the binary as part of the ``west`` build process by appending
the ``-t run`` flag to the end of your build command, or in the case of
ninja or make, adding the ``run`` commands:
.. code-block:: bash
$ west build -b mps2_an521_nonsecure zephyr/samples/tfm_integration/tfm_ipc -t run
Or, post build:
.. code-block:: bash
$ ninja run
On ST Nucleo L552ZE Q:
======================
This sample was tested on Ubuntu 18.04 with Zephyr SDK 0.11.3.
Build Zephyr with a non-secure configuration:
.. code-block:: bash
$ west build -b nucleo_l552ze_q_ns samples/tfm_integration/tfm_ipc/
Two scripts are avalaible in the ``build/tfm/install`` folder:
- ``regression.sh``: Sets platform option bytes config and erase platform.
- ``TFM_UPDATE.sh``: Writes bl2, secure, and non secure image in target.
Run them in the following order to flash the board:
.. code-block:: bash
$ ./build/tfm/install/regression.sh
$ ./build/tfm/install/TFM_UPDATE.sh
Reset the board.
.. note::
Note that ``arm-none-eabi-gcc`` should be available in the PATH variable and that ``STM32_Programmer_CLI`` is required to run ``regression.sh`` and ``TFM_UPDATE.sh`` (see https://www.st.com/en/development-tools/stm32cubeprog.html). If you are still having trouble running these scripts, check the Programming and Debugging section of the :ref:`nucleo_l552ze_q_board` documentation.
Sample Output
=============
.. code-block:: console
[INF] Starting bootloader
[INF] Swap type: none
[INF] Bootloader chainload address offset: 0x80000
[INF] Jumping to the first image slot
[Sec Thread] Secure image initializing!
TFM level is: 1 [Sec Thread] Jumping to non-secure code...
**** Booting Zephyr OS build zephyr-v1.14.0-2904-g89616477b115 ****
The version of the PSA Framework API is 256.
The minor version is 1.
Connect success!
TFM service support minor version is 1.
psa_call is successful!
outvec1 is: It is just for IPC call test.
outvec2 is: It is just for IPC call test.
Connect success!
Call IPC_INIT_BASIC_TEST service Pass Connect success!
Call PSA RoT access APP RoT memory test service Pass
TF-M IPC on (.*)
.. _TF-M build instruction:
https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/tfm_build_instruction.rst
.. _TF-M secure boot:
https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/user_guides/tfm_secure_boot.rst
Reference in New Issue View Git Blame Copy Permalink