NRF9160 LittleFS build non-secure target

(replica as the previous post was archived by accident...)

Hi,

I'm trying to incorporate LittleFS into our development. We are relying on services provided by TF-M.

To recreate: build /zephyr/samples/fs/littleFS and set target nrf9160dk_nrf9160_ns

It works perfectly fine when I don't select the non-secure target.

It fails to mount. I suspect that the fs is accessing a part of flash that has been configured for secure access only. The "memcpy(data, (void *)addr, len);" triggers a security fault and the device locks up. (zephyr/drivers/flash/soc_flash_nrf.c:163)

Any way to configure regions of the flash so it wont trigger the security exception? Should the FS be moved to a different location on flash? Is there a way to see what regions on the flash are reserved for the trusted execution environment?

First part of the example works and it detects the flash area: "Area 5 at 0xfa000 on NRF_FLASH_DRV_NAME for 24576 bytes"

It is pretty clear that it has been handled when using SPM as the spm_request_read(data, addr, len); is invoked in some cases.

Cheers!

static int flash_nrf_read(const struct device *dev, off_t addr,
			    void *data, size_t len)
{
	if (is_regular_addr_valid(addr, len)) {
		addr += DT_REG_ADDR(SOC_NV_FLASH_NODE);
	} else if (!is_uicr_addr_valid(addr, len)) {
		LOG_ERR("invalid address: 0x%08lx:%zu",
				(unsigned long)addr, len);
		return -EINVAL;
	}

	if (!len) {
		return 0;
	}

#if CONFIG_ARM_NONSECURE_FIRMWARE && CONFIG_SPM && USE_PARTITION_MANAGER \
	&& CONFIG_SPM_SECURE_SERVICES
	if (addr < PM_APP_ADDRESS) {
		return spm_request_read(data, addr, len);
	}
#endif

	memcpy(data, (void *)addr, len);

	return 0;
}

0 user116410 over 4 years ago

Log:

TF-M isolation level is:

0x00000001

[1;34mBooting TFM v1.3.0

[0m

*** Booting Zephyr OS build v2.6.99-ncs1-2276-gfe21e47c97f8  ***

Area 5 at 0xf5000 on NRF_FLASH_DRV_NAME for 45056 bytes

0 user2115 over 4 years ago
Hi,

This is a continuation of this thread:

https://devzone.nordicsemi.com/f/nordic-q-a/88248/nrf9160-littlefs-build-non-secure-target

TF-M is still experimental, as described in the docs:

https://developer.nordicsemi.com/nRF_Connect_SDK/doc/1.9.1/nrf/ug_tfm.html#overview

I see a fault (stack overflow) in older ncs versions, but if you run with ncs v1.9.x, with these additions:

CONFIG_BUILD_WITH_TFM=y CONFIG_MAIN_STACK_SIZE=4096

You should be able to run the littlefs sample properly.

Could you try this and report back?

Kind regards,

Håkon
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 user116410 over 4 years ago

Hi Håkon,

As per your suggestion I tried switching to a newer NCS version.

After a quick backup I deleted all the content and used west init -m github.com/.../sdk-nrf --mr v1.9.1
and west update etc.

I just wanted a clean build system (been testing things out in the older..)

As before it builds and runs fine for the 'nrf9160dk_nrf9160' target. When switching to TF-M I now get a new error:

➜  littlefs west build
[0/196] Performing build step for 'tfm'
[2/24] Linking C executable bin/tfm_s.axf
FAILED: bin/tfm_s.axf 
: && /opt/gnuarmemb/gcc-arm-none-eabi-10.3-2021.10/bin/arm-none-eabi-gcc -mcpu=cortex-m33+nodsp+nofp -g -mcpu=cortex-m33+nodsp+nofp --entry=Reset_Handler --specs=nano.specs -Wl,-check-sections -Wl,-fatal-warnings -Wl,--gc-sections -Wl,--no-wchar-size-warning -Wl,--print-memory-usage -Wl,-Map=/home/pbor/xxxxxxxxx/yyyyyy/integration_testing/little_fs_v2/littlefs/build/tfm/bin/tfm_s.map -mfloat-abi=soft -Wl,--cmse-implib,--out-implib=/home/pbor/xxxxxxxxx/yyyyyy/integration_testing/little_fs_v2/littlefs/build/tfm/secure_fw/s_veneers.o -T /home/pbor/xxxxxxxxx/yyyyyy/integration_testing/little_fs_v2/littlefs/build/tfm/platform/target/nrf9160/nrf_common/CMakeFiles/tfm_s_scatter.dir/./gcc/nordic_nrf_s.ld secure_fw/CMakeFiles/tfm_s.dir/__/generated/secure_fw/spm/cmsis_func/tfm_veneers.o secure_fw/CMakeFiles/tfm_s.dir/__/platform/ext/target/nordic_nrf/common/nrf9160/gcc/startup_nrf9160_s.o secure_fw/CMakeFiles/tfm_s.dir/__/platform/ext/target/nordic_nrf/common/core/plat_test.o secure_fw/CMakeFiles/tfm_s.dir/partitions/lib/sprt/tfm_sp_log_raw.o secure_fw/CMakeFiles/tfm_s.dir/__/platform/ext/common/tfm_hal_sp_logdev_periph.o -o bin/tfm_s.axf  platform/libplatform_s.a  secure_fw/partitions/lib/sprt/libtfm_sprt.a  secure_fw/spm/libtfm_spm.a  lib/fih/libtfm_fih.a  secure_fw/partitions/crypto/mbedcrypto/nrf_security_src/libcrypto_service_mbedcrypto.a  secure_fw/partitions/audit_logging/libtfm_psa_rot_partition_audit.a  secure_fw/partitions/crypto/libtfm_psa_rot_partition_crypto.a  secure_fw/partitions/initial_attestation/libtfm_psa_rot_partition_attestation.a  secure_fw/partitions/protected_storage/libtfm_app_rot_partition_ps.a  secure_fw/partitions/internal_trusted_storage/libtfm_psa_rot_partition_its.a  secure_fw/partitions/platform/libtfm_psa_rot_partition_platform.a  platform/libplatform_s.a  secure_fw/partitions/lib/sprt/libtfm_sprt.a  secure_fw/spm/libtfm_spm.a  lib/fih/libtfm_fih.a  secure_fw/partitions/crypto/mbedcrypto/nrf_security_src/libcrypto_service_mbedcrypto.a  secure_fw/partitions/audit_logging/libtfm_psa_rot_partition_audit.a  secure_fw/partitions/crypto/libtfm_psa_rot_partition_crypto.a  secure_fw/partitions/initial_attestation/libtfm_psa_rot_partition_attestation.a  secure_fw/partitions/protected_storage/libtfm_app_rot_partition_ps.a  secure_fw/partitions/internal_trusted_storage/libtfm_psa_rot_partition_its.a  secure_fw/partitions/platform/libtfm_psa_rot_partition_platform.a  platform/libplatform_s.a  secure_fw/partitions/lib/sprt/libtfm_sprt.a  secure_fw/spm/libtfm_spm.a  lib/fih/libtfm_fih.a  secure_fw/partitions/crypto/mbedcrypto/nrf_security_src/libcrypto_service_mbedcrypto.a  secure_fw/partitions/audit_logging/libtfm_psa_rot_partition_audit.a  secure_fw/partitions/crypto/libtfm_psa_rot_partition_crypto.a  secure_fw/partitions/initial_attestation/libtfm_psa_rot_partition_attestation.a  secure_fw/partitions/protected_storage/libtfm_app_rot_partition_ps.a  secure_fw/partitions/internal_trusted_storage/libtfm_psa_rot_partition_its.a  secure_fw/partitions/platform/libtfm_psa_rot_partition_platform.a  /home/pbor/xxxxxxxxx/yyyyyy/nrf-sdk-yyyyyy/nrfxlib/crypto/nrf_cc310_platform/lib/cortex-m33/soft-float/no-interrupts/libnrf_cc310_platform_0.9.13.a  secure_fw/partitions/crypto/mbedcrypto/nrf_security_crypto/liboberon_mbedcrypto__psa_3.0.10.a  /home/pbor/xxxxxxxxx/yyyyyy/nrf-sdk-yyyyyy/nrfxlib/crypto/nrf_oberon/lib/cortex-m33/soft-float/liboberon_mbedtls_3.0.10.a  secure_fw/partitions/crypto/mbedcrypto/nrf_security_src/libmbedcrypto_base.a  /home/pbor/xxxxxxxxx/yyyyyy/nrf-sdk-yyyyyy/nrfxlib/crypto/nrf_oberon/lib/cortex-m33/soft-float/liboberon_3.0.10.a  lib/ext/t_cose/libtfm_t_cose_s.a  lib/ext/qcbor/libtfm_qcbor_s.a && :
/opt/gnuarmemb/gcc-arm-none-eabi-10.3-2021.10/bin/../lib/gcc/arm-none-eabi/10.3.1/../../../../arm-none-eabi/bin/ld: bin/tfm_s.axf section `.tfm_rodata' will not fit in region `FLASH'
/opt/gnuarmemb/gcc-arm-none-eabi-10.3-2021.10/bin/../lib/gcc/arm-none-eabi/10.3.1/../../../../arm-none-eabi/bin/ld: address 0x47ec0 of bin/tfm_s.axf section `.gnu.sgstubs' is not within region `FLASH'
/opt/gnuarmemb/gcc-arm-none-eabi-10.3-2021.10/bin/../lib/gcc/arm-none-eabi/10.3.1/../../../../arm-none-eabi/bin/ld: address 0x47ec0 of bin/tfm_s.axf section `.gnu.sgstubs' is not within region `FLASH'
/opt/gnuarmemb/gcc-arm-none-eabi-10.3-2021.10/bin/../lib/gcc/arm-none-eabi/10.3.1/../../../../arm-none-eabi/bin/ld: region `FLASH' overflowed by 32768 bytes
Memory region         Used Size  Region Size  %age Used
           FLASH:        288 KB       256 KB    112.50%
             RAM:       44916 B        88 KB     49.84%
collect2: error: ld returned 1 exit status
ninja: build stopped: subcommand failed.
FAILED: modules/trusted-firmware-m/tfm-prefix/src/tfm-stamp/tfm-build tfm/secure_fw/s_veneers.o tfm/app/libtfm_api_ns.a tfm/generated/interface/include/psa_manifest/sid.h tfm/platform/libplatform_ns.a tfm/bin/tfm_s.bin tfm/bin/tfm_s.hex tfm/bin/tfm_ns.bin tfm/bin/tfm_ns.hex tfm/bin/tfm_s_signed.bin tfm/bin/tfm_ns_signed.bin tfm/bin/tfm_s_ns_signed.bin 
cd /home/pbor/xxxxxxxxx/yyyyyy/integration_testing/little_fs_v2/littlefs/build/tfm && /home/pbor/cmake/cmake-3.20.5-linux-x86_64/bin/cmake --build .
ninja: build stopped: subcommand failed.
FATAL ERROR: command exited with status 1: /home/pbor/cmake/cmake-3.20.5-linux-x86_64/bin/cmake --build /home/pbor/xxxxxxxxx/yyyyyy/integration_testing/little_fs_v2/littlefs/build

It can be fixed by hard-coding a larger partition, but I suspect something is broken when I upgraded?

With CONFIG_TFM_MINIMAL:

Memory region         Used Size  Region Size  %age Used
           FLASH:         96 KB        64 KB    150.00%
             RAM:       49280 B        88 KB     54.69%
collect2: error: ld returned 1 exit status

Cheers,
P

0 user2115 over 4 years ago in reply to user116410
Hi,

My deepest apologies here, I have tested incorrectly yesterday.

Yes, you're completely right. You need to comment out, or 'n' select this symbol for fitting the image into the section:

CONFIG_DEBUG=n

However, you will still have issues when running on ncs v1.9.1, as the non-secure storage partition isn't properly handled wrt. non-secure access.

ie. a secure fault will occur when you try to access the address range.

Support for TF-M non-secure storage partition was added with this PR: https://github.com/nrfconnect/sdk-nrf/pull/7702

And the latest tag where this is present is "v2.0.0-rc1"

Kind regards,

Håkon
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel