nrfconnect · rlubos · Oct 23, 2024 · Aug 30, 2024 · Aug 30, 2024 · Sep 18, 2024
@@ -670,6 +670,11 @@ Trusted Firmware-M (TF-M) samples
 
 * Replaced support for the ``nrf54l15pdk/nrf54l15/cpuapp/ns`` board target with ``nrf54l15dk/nrf54l15/cpuapp/ns``.
 
+* :ref:`tfm_psa_template` sample:
+
+  * Added support for updating the network core on the nRF5340 DK.
+
+
 Thread samples
 --------------
 

@@ -25,37 +25,18 @@
 
 #include <zephyr/device.h>
 #include <sys/types.h>
+#include <dfu/pcd_common.h>
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-#ifdef CONFIG_SOC_SERIES_NRF53X
-
-#ifdef CONFIG_PCD_CMD_ADDRESS
-
-#define PCD_CMD_ADDRESS CONFIG_PCD_CMD_ADDRESS
-
-#else
-
-#include <pm_config.h>
-
-#ifdef PM_PCD_SRAM_ADDRESS
-#define PCD_CMD_ADDRESS PM_PCD_SRAM_ADDRESS
-#else
-/* extra '_' since its in a different domain */
-#define PCD_CMD_ADDRESS PM__PCD_SRAM_ADDRESS
-#endif /* PM_PCD_SRAM_ADDRESS */
-
-#endif /* CONFIG_PCD_CMD_ADDRESS */
-
-#endif /* CONFIG_SOC_SERIES_NRF53X */
-
 enum pcd_status {
 	PCD_STATUS_COPY = 0,
 	PCD_STATUS_DONE = 1,
 	PCD_STATUS_FAILED = 2,
 	PCD_STATUS_READ_VERSION = 3,
+	PCD_STATUS_LOCK_DEBUG = 4,
 };
 
 /** @brief Sets up the PCD command structure with the location and size of the
@@ -87,8 +68,10 @@ int pcd_network_core_update(const void *src_addr, size_t len);
 int pcd_network_core_update_initiate(const void *src_addr, size_t len);
 
 /** @brief Lock the RAM section used for IPC with the network core bootloader.
+ *
+ * @param lock_conf Lock configuration until next SoC reset.
  */
-void pcd_lock_ram(void);
+void pcd_lock_ram(bool lock_conf);
 
 /** @brief Update the PCD CMD to indicate that the operation has completed
  *         successfully.

@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+/** @file pcd_common.h
+ *
+ * @ingroup pcd
+ * @{
+ * @brief Common definitions for the PCD API.
+ *
+ * Common definitions are split out from the main PCD API to allow usage
+ * from non-Zephyr code.
+ */
+
+#ifndef PCD_COMMON_H__
+#define PCD_COMMON_H__
+
+#ifndef CONFIG_SOC_SERIES_NRF53X
+#error "PCD is only supported on nRF53 series"
+#endif
+
+#ifdef CONFIG_PCD_CMD_ADDRESS
+/* PCD command block location is static. */
+#define PCD_CMD_ADDRESS CONFIG_PCD_CMD_ADDRESS
+
+#else
+/* PCD command block location is configured with Partition Manager. */
+#include <pm_config.h>
+
+#ifdef PM_PCD_SRAM_ADDRESS
+/* PCD command block is in this domain, we are compiling for application core. */
+#define PCD_CMD_ADDRESS PM_PCD_SRAM_ADDRESS
+#else
+/* PCD command block is in a different domain, we are compiling for network core.
+ * Extra '_' since its in a different domain.
+ */
+#define PCD_CMD_ADDRESS PM__PCD_SRAM_ADDRESS
+#endif /* PM_PCD_SRAM_ADDRESS */
+
+#endif /* CONFIG_PCD_CMD_ADDRESS */
+
+/** Magic value written to indicate that a copy should take place. */
+#define PCD_CMD_MAGIC_COPY 0xb5b4b3b6
+/** Magic value written to indicate that debug should be locked. */
+#define PCD_CMD_MAGIC_LOCK_DEBUG 0xb6f249ec
+/** Magic value written to indicate that a something failed. */
+#define PCD_CMD_MAGIC_FAIL 0x25bafc15
+/** Magic value written to indicate that a copy is done. */
+#define PCD_CMD_MAGIC_DONE 0xf103ce5d
+/** Magic value written to indicate that a version number read should take place. */
+#define PCD_CMD_MAGIC_READ_VERSION 0xdca345ea
+
+struct pcd_cmd {
+	uint32_t magic;         /* Magic value to identify this structure in memory */
+	const void *data;       /* Data to copy*/
+	size_t len;             /* Number of bytes to copy */
+	__INTPTR_TYPE__ offset; /* Offset to store the flash image in */
+} __aligned(4);
+
+#define PCD_CMD ((volatile struct pcd_cmd * const)(PCD_CMD_ADDRESS))
+
+static inline void pcd_write_cmd_lock_debug(void)
+{
+	*PCD_CMD = (struct pcd_cmd){
+		.magic = PCD_CMD_MAGIC_LOCK_DEBUG,
+	};
+}
+
+static inline bool pcd_read_cmd_done(void)
+{
+	return PCD_CMD->magic == PCD_CMD_MAGIC_DONE;
+}
+
+static inline bool pcd_read_cmd_lock_debug(void)
+{
+	return PCD_CMD->magic == PCD_CMD_MAGIC_LOCK_DEBUG;
+}
+
+#endif /* PCD_COMMON_H__ */
+
+/**@} */
@@ -16,6 +16,51 @@
 #include "nrf_provisioning.h"
 #include <identity_key.h>
 #include <tfm_spm_log.h>
+#include <pm_config.h>
+#if defined(NRF53_SERIES) && defined(PM_CPUNET_APP_ADDRESS)
+#include <dfu/pcd_common.h>
+#include <spu.h>
+#include <hal/nrf_reset.h>
+
+#define DEBUG_LOCK_TIMEOUT_MS 3000
+#define USEC_IN_MSEC 1000
+#define USEC_IN_SEC 1000000
+
+static enum tfm_plat_err_t disable_netcore_debug(void)
+{
+	/* NRF_RESET to secure.
+	 * It will be configured to the original value after the provisioning is done.
+	 */
+	spu_peripheral_config_secure(NRF_RESET_S_BASE, SPU_LOCK_CONF_UNLOCKED);
+
+	/* Ensure that the network core is stopped. */
+	nrf_reset_network_force_off(NRF_RESET, true);
+
+	/* Debug lock command will be read in b0n startup. */
+	pcd_write_cmd_lock_debug();
+
+	/* Start the network core. */
+	nrf_reset_network_force_off(NRF_RESET, false);
+
+	/* Wait 1 second for the network core to start up. */
+	NRFX_DELAY_US(USEC_IN_SEC);
+
+	/* Wait for the debug lock to complete. */
+	for (int i = 0; i < DEBUG_LOCK_TIMEOUT_MS; i++) {
+		if (!pcd_read_cmd_lock_debug()) {
+			break;
+		}
+		NRFX_DELAY_US(USEC_IN_MSEC);
-	/* Wait 1 second for the network core to start up. */
-	NRFX_DELAY_US(USEC_IN_SEC);
-
-	/* Wait for the debug lock to complete. */
-	for (int i = 0; i < DEBUG_LOCK_TIMEOUT_MS; i++) {
-		if (!pcd_read_cmd_lock_debug()) {
-			break;
-		}
-		NRFX_DELAY_US(USEC_IN_MSEC);
+	/* Wait for the core to boot and debug lock to complete. */
+	for (int i = 0; i < DEBUG_LOCK_TIMEOUT_MS; i++) {
+		NRFX_DELAY_US(USEC_IN_MSEC);
+		if (!pcd_read_cmd_lock_debug()) {
+			break;
+		}
-	/* Wait 1 second for the network core to start up. */
-	NRFX_DELAY_US(USEC_IN_SEC);
-
-	/* Wait for the debug lock to complete. */
-	for (int i = 0; i < DEBUG_LOCK_TIMEOUT_MS; i++) {
-		if (!pcd_read_cmd_lock_debug()) {
-			break;
-		}
-		NRFX_DELAY_US(USEC_IN_MSEC);
+	/* Wait for the core to boot and debug lock to complete. */
+	for (int i = 0; i < DEBUG_LOCK_TIMEOUT_MS; i++) {
+		NRFX_DELAY_US(USEC_IN_MSEC);
+		if (!pcd_read_cmd_lock_debug()) {
+			break;
+		}
+	}
+
+	if (!pcd_read_cmd_done()) {
+		SPMLOG_ERRMSG("Failed to lock debug in network core.");
+		return TFM_PLAT_ERR_SYSTEM_ERR;
+	}
+
+	return TFM_PLAT_ERR_SUCCESS;
+}
+#endif /* NRF53_SERIES && PM_CPUNET_APP_ADDRESS */
 
 static enum tfm_plat_err_t verify_debug_disabled(void)
 {
@@ -71,10 +116,18 @@ enum tfm_plat_err_t tfm_plat_provisioning_perform(void)
 	 * that secure boot is already enabled at this stage
 	 */
 
+	/* Application debug should already be disabled */
 	if (verify_debug_disabled() != TFM_PLAT_ERR_SUCCESS) {
 		return TFM_PLAT_ERR_SYSTEM_ERR;
 	}
 
+#if defined(NRF53_SERIES) && defined(PM_CPUNET_APP_ADDRESS)
+	/* Disable network core debug in here */
+	if (disable_netcore_debug() != TFM_PLAT_ERR_SUCCESS) {
+		return TFM_PLAT_ERR_SYSTEM_ERR;
+	}
+#endif
+
 	/* Transition to the SECURED lifecycle state */
 	if (tfm_attest_update_security_lifecycle_otp(TFM_SLC_SECURED) != 0) {
 		return TFM_PLAT_ERR_SYSTEM_ERR;

@@ -151,23 +151,23 @@
 
 #ifdef PM_MCUBOOT_ADDRESS
 #define REGION_MCUBOOT_ADDRESS	   PM_MCUBOOT_ADDRESS
-#define REGION_MCUBOOT_END_ADDRESS PM_MCUBOOT_END_ADDRESS
+#define REGION_MCUBOOT_LIMIT       PM_MCUBOOT_END_ADDRESS - 1
 #endif
 #ifdef PM_B0_ADDRESS
 #define REGION_B0_ADDRESS     PM_B0_ADDRESS
-#define REGION_B0_END_ADDRESS PM_B0_END_ADDRESS
+#define REGION_B0_LIMIT       PM_B0_END_ADDRESS - 1
 #endif
 #ifdef PM_S0_ADDRESS
 #define REGION_S0_ADDRESS     PM_S0_ADDRESS
-#define REGION_S0_END_ADDRESS PM_S0_END_ADDRESS
+#define REGION_S0_LIMIT       PM_S0_END_ADDRESS - 1
 #endif
 #ifdef PM_S1_ADDRESS
 #define REGION_S1_ADDRESS     PM_S1_ADDRESS
-#define REGION_S1_END_ADDRESS PM_S1_END_ADDRESS
+#define REGION_S1_LIMIT       PM_S1_END_ADDRESS - 1
 #endif
 #ifdef PM_PCD_SRAM_ADDRESS
 #define REGION_PCD_SRAM_ADDRESS	    PM_PCD_SRAM_ADDRESS
-#define REGION_PCD_SRAM_END_ADDRESS PM_PCD_SRAM_END_ADDRESS
+#define REGION_PCD_SRAM_LIMIT       PM_PCD_SRAM_END_ADDRESS - 1
 #endif
 
 #endif /* __REGION_DEFS_H__ */
@@ -15,6 +15,9 @@
 #include <dfu/pcd.h>
 #include <zephyr/device.h>
 #include <zephyr/devicetree.h>
+#ifdef CONFIG_PCD_LOCK_NETCORE_APPROTECT
+#include <nrfx_nvmc.h>
+#endif
 
 int main(void)
 {
@@ -39,10 +42,26 @@ int main(void)
 
 	uint32_t s0_addr = s0_address_read();
 	bool valid = false;
-	uint8_t status = pcd_fw_copy_status_get();
+
+	switch (pcd_fw_copy_status_get()) {
+#ifdef CONFIG_PCD_LOCK_NETCORE_DEBUG
+	case PCD_STATUS_LOCK_DEBUG:
+		nrfx_nvmc_word_write((uint32_t)&NRF_UICR_NS->APPROTECT,
+				     UICR_APPROTECT_PALL_Protected);
+		while (!nrfx_nvmc_write_done_check())
+			;
+
+		pcd_done();
+
+		/* Success, waiting to be rebooted */
+		while (1)
+			;
+		CODE_UNREACHABLE;
+	break;
+#endif
 
 #ifdef CONFIG_PCD_READ_NETCORE_APP_VERSION
-	if (status == PCD_STATUS_READ_VERSION) {
+	case PCD_STATUS_READ_VERSION:
 		err = pcd_find_fw_version();
 		if (err < 0) {
 			printk("Unable to find valid firmware version %d\n\r", err);
@@ -54,10 +73,10 @@ int main(void)
 		while (1)
 			;
 		CODE_UNREACHABLE;
-	}
+	break;
 #endif
 
-	if (status == PCD_STATUS_COPY) {
+	case PCD_STATUS_COPY:
 		/* First we validate the data where the PCD CMD tells
 		 * us that we can find it.
 		 */
@@ -94,6 +113,10 @@ int main(void)
 		while (1)
 			;
 		CODE_UNREACHABLE;
+	break;
+
+	default:
+		break;
 	}
 
 	err = fprotect_area(PM_APP_ADDRESS, PM_APP_SIZE);

@@ -0,0 +1,30 @@
+#
+# Copyright (c) 2024 Nordic Semiconductor
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+source "${ZEPHYR_BASE}/share/sysbuild/Kconfig"
+
+if BOARD_NRF5340DK_NRF5340_CPUAPP_NS
+
+choice NETCORE
+	default NETCORE_EMPTY
+endchoice
+
+config SECURE_BOOT_NETCORE
+	default y
+
+config NETCORE_APP_UPDATE
+	default y
+
+config MCUBOOT_APP_SYNC_UPDATEABLE_IMAGES
+	default y
+
+config PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY
+	default y
+
+config MCUBOOT_USE_ALL_AVAILABLE_RAM
+	default y
+
+endif