update to 2.1.2 #130
Merged
update to 2.1.2 #130
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This reverts commit 857f369.
This reverts commit 9118ec3.
This reverts commit f5c06e9.
This reverts commit 25dff73.
This reverts commit 455f4fb.
This reverts commit 5e3e071.
This reverts commit b30274e.
This reverts commit fc73ce9.
This reverts commit 3f4e152.
This reverts commit 75146b4.
…or nordic boards""" This reverts commit 188eae4.
This reverts commit 88ac039.
This reverts commit ae87a61.
This reverts commit e988105.
…pos" This reverts commit 0a94444.
This reverts commit dfd1757.
This reverts commit 2df797c.
This reverts commit bd53893.
This reverts commit 35f70e3.
This reverts commit 8236896.
This reverts commit 20652c2.
This reverts commit 752d8d5.
This reverts commit 491afbe.
This reverts commit abba8e0.
…addr" This reverts commit 976f68c.
This reverts commit cb9ba41.
This reverts commit f04edd1.
This reverts commit 0cd40f7.
This reverts commit 918f32d.
This reverts commit 2f13847.
Currently "BOOT_TFM_SHARED_DATA_*" represents the shared data region used by mcuboot to share measurements with runtime. However, these macros are tightly coupled with linker scripts, which prevents sharing of this region for any other use. This patch simply introduces a macro indirection (SHARED_BOOT_MEASUREMENT_* -> BOOT_TFM_SHARED_DATA_* -> ) so to allow regions to be shared as per platform needs. Signed-off-by: Maulik Patel <[email protected]> Change-Id: Ifa8b3645c907f39a773573f45b89fb3357214609 (cherry picked from commit 152f786)
Before this there was only support for building the nRF54L15. This updates the nRF54L15 files to add an initial support for running TF-M. This is NOT full upstream support. There are important limitations: - Hardware crypto acceleration with Cracen is not supported - Random number generation with Cracen is not supported - The tests suites PSA arch tests and TF-M regression tests are not tested - BL2 is not supported - Some soc related configurations are not supported and they rely on hard-coded values (check nordicsemi_nrf54l_init for more info) This was tested using some basic Zephyr samples. This change updates the flash_layout.h and the region_maps.h headers with a layout that makes sense for the nRF54L15. Only one layout is supported at the moment. The RTE_Device.h is modified to use the UART20 and UART30 ports in order to support UART serial output. The function nordicsemi_nrf54l_init was copied from the soc.c in Zephyr and was simplified to support one single configuration. Later it can be considered to add configurability if needed. Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: I0369987cc1f4e7994078202e9d1bcb53c6372281 (cherry picked from commit 01b4551)
Make sure that the TFM_PERIPHERAL_GPIO0_PIN_MASK_SECURE is defined before it is used in target_cfg.c Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: Ibe0d5c5161a6c52c85296dd856e1640edc964a48 (cherry picked from commit 7bdbc33)
Setting OWNERID is not available on all devices. Change-Id: I1d536516f591186acc90e6fd3c0210d666b42477 Signed-off-by: Nikodem Kastelik <[email protected]> (cherry picked from commit 8fcb69b)
Move all the partition folders in common folder so that they can be used by Zephyr when it builds with TF-M. Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: I1a6910437162ea1e082747c04c100ca3a8a60ba1 (cherry picked from commit 6a67c63)
The nordic platforms enable SECURE_UART1 by default, enabling this without TFM_SPM_LOG_RAW_ENABLED doesn't make sense since it will configure a UART as secure and then it will not use it. This also causes a building issue since the code expects both these two options to be enabled. Also fixes a building issue related to flash. The cmsis flash driver is used by both PLATFORM_DEFAULT_OTP and byITS but it was only included when ITS was build. So it was failing for builds with PLATFORM_DEFAULT_OTP and without ITS Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: I4f8f75ec2a2817634c190ebb844b9be9cc7f1a45 (cherry picked from commit c4f46d4)
Enable the secure UART only when the TF-M logging is enabled. This makes sure that the the UART1 is not configured as secure when there is no logging enabled for TF-M. This works better with the Zephyr intergration since the TF-M logging level option exists in Zephyr. Change-Id: I65c8d80143c95fc22963567cc4b2115b9de7f4e1 Signed-off-by: Georgios Vasilakis <[email protected]> (cherry picked from commit 5b8b25e)
Fix minor building issue when building upstream TF-M. Change-Id: Ifa0b8ccfedf8f3cb2fa20713a339c0eafbd91cdd Signed-off-by: Georgios Vasilakis <[email protected]> (cherry picked from commit feaf99a)
Create a nrf54l folder which can be used for other devices in the series as well. This is preparation work for the addition of the nrf54l10. This also updates the the source and header files which use ifdefs with nrf54l15 specific defines with the macro NRF54L_SERIES. Also removes the executable permissions from the region_defs.h which was enabled by accident. Change-Id: I1b2a0876fefef3fb460cf8995b9b802aa089b7aa Signed-off-by: Georgios Vasilakis <[email protected]> (cherry picked from commit a49f175)
This adds nRF54L10 initial support for TF-M. This is NOT full upstream support. There are important limitations: - Hardware crypto acceleration with Cracen is not supported - Random number generation with Cracen is not supported - The tests suites PSA arch tests and TF-M regression tests are not tested - BL2 is not supported - Some soc related configurations are not supported and they rely on hard-coded values (check nordicsemi_nrf54l_init for more info) This was tested using some basic Zephyr samples. Only one flash/RAM layout is supported at the moment. This adds the same level of support with the nRF54L15, the configuration is nearly identical, the main difference is the partitioning scheme since these devices have different RRAM/RAM sizes. Signed-off-by: Georgios Vasilakis <[email protected]> Change-Id: I396d0d570ebd9b471138b7f02019bc0a1279e0d1 (cherry picked from commit d301766)
This forces DWARF version 4 output so that zephyr debugging and usage still works with the pyelftools library which does not currently support v5. Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Markus Swarowsky <[email protected]>
Avoids including `t_cose` and `qcbor` in the build unless the initial attestation secure partition is enabled via the `TFM_PARTITION_INITIAL_ATTESTATION` flag. This is required to avoid automatically downloading QCBOR at build time -- pulled in as a dependency of t_cose -- unless required. This commit should be reverted once an acceptable upstream solution has been found for this situation, and merged there. Signed-off-by: Kevin Townsend <[email protected]>
Add zephyr module file to to include CMakeLists.txt and Kconfig located in the zephyr repository. Originally included in: 69dc29a but this will change the root folder of the module. Signed-off-by: Joakim Andersson <[email protected]>
Save the lpcxpresso55s69 platform SDK files that get downloaded when building TF-M. The version used is defined by the CMake variable NXP_SDK_GIT_TAG found in platform/ext/target/nxp/lpcxpresso55s69/config.cmake. Signed-off-by: Tomi Fontanilles <[email protected]>
This adds all the files (minus `.git*` and `CMSIS/Documentation/` for saving on size) from the CMSIS v6 repository (https://github.com/ARM-software/CMSIS_6) at the revision `d0c460c169` as defined in `lib/ext/cmsis/CMakeLists.txt`. The patch `lib/ext/cmsis/0001-iar-Add-missing-v8.1m-check` is applied on top. This is because as of v2.1.0 TF-M has updated to CMSIS v6 and switched from hosting the sources to depending on the upstream repository, cloning it at build time. To prevent a download from happening during the build, CMSIS v6 sources are pushed and the CMSIS_PATH CMake variable is used to point to them. Signed-off-by: Tomi Fontanilles <[email protected]>
Add CPE and PURL references for use by Zephyr's SPDX generation tool. Signed-off-by: Matt Rodgers <[email protected]> Signed-off-by: Tomi Fontanilles <[email protected]>
tomi-font
force-pushed
the
bump_to_2.1.2
branch
from
f61ba75 to
ffefb75
Compare
|
I dropped the 4 |
wearyzen
reviewed
Apr 17, 2025
|
I would be for using some other strategy than revert, merge, re-apply, but I think that this requires some discussion/approval to actually happen. The current strategy is what has been used before and is allowed: https://docs.zephyrproject.org/latest/develop/modules.html#synchronizing-with-upstream. About TF-M 2.1/2.2, I think that it's been agreed (in the security WG) to stick to the 2.1 LTS branch for the time being, for certification reasons. Feel free to bring this up in the security WG. |
tomi-font
requested review from
d3zd3z,
Vge0rge,
valeriosetti,
wearyzen and
ithinuel
and removed request for
wearyzen
valeriosetti
approved these changes
Apr 17, 2025
wearyzen
approved these changes
Apr 17, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
mainupstream.