tf-m: Add Attestation support for nRF54L15

Add support for PSA Attestation to the nRF54L15.

Ref: NCSDK-22598
Signed-off-by: Sigurd Hellesvik <[email protected]>

Author: hellesvik-nordic

lib/identity_key/Kconfig

@@ -36,3 +36,12 @@ config IDENTITY_KEY_DUMMY
 	  testing purposes.
 
 endif # IDENTITY_KEY
+
+config IDENTITY_KEY_TFM
+	bool "Identity key support in TF-M"
+	depends on HAS_HW_NRF_CC3XX
+	depends on TRUSTED_EXECUTION_NONSECURE
+	help
+	  This option adds support for an identity key stored in the KMU to TF-M.
+	  The key is stored in an encrypted form and is decrypted by the identity key library.
+	  The identity key is an ECC secp256r1 key pair.

modules/trusted-firmware-m/CMakeLists.txt

@@ -307,6 +307,13 @@ if(CONFIG_NRF_SECURE_APPROTECT_USER_HANDLING)
   )
 endif()
 
+if(CONFIG_IDENTITY_KEY_TFM)
+  set_property(TARGET zephyr_property_target
+    APPEND PROPERTY TFM_CMAKE_OPTIONS
+    -DCONFIG_IDENTITY_KEY_TFM=ON
+  )
+endif()
+
 zephyr_include_directories(${ZEPHYR_NRF_MODULE_DIR}/include/tfm)
 
 # Default values from config_base.h in TF-M.

modules/trusted-firmware-m/Kconfig.tfm.defconfig

@@ -66,7 +66,7 @@ config TFM_PARTITION_INITIAL_ATTESTATION
 	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
 	select PSA_WANT_ALG_ECDSA
 	select PSA_WANT_ECC_SECP_R1_256
-	select SECURE_BOOT_STORAGE
+	select SECURE_BOOT_STORAGE if TRUSTED_EXECUTION_SECURE
 
 config TFM_PARTITION_PROTECTED_STORAGE
 	bool

modules/trusted-firmware-m/tfm_boards/CMakeLists.txt

@@ -116,7 +116,7 @@ if (${TFM_PARTITION_CRYPTO})
     tfm_sprt
   )
 
-  if (${TFM_PARTITION_INITIAL_ATTESTATION})
+  if((${TFM_PARTITION_INITIAL_ATTESTATION}) AND CONFIG_IDENTITY_KEY_TFM)
     target_sources(platform_s
       PRIVATE
       ${ZEPHYR_NRF_MODULE_DIR}/lib/identity_key/identity_key.c

modules/trusted-firmware-m/tfm_boards/common/attest_hal.c

@@ -8,15 +8,27 @@
 
 #include <stddef.h>
 #include <stdint.h>
+#include <psa/error.h>
+#include <psa/crypto.h>
 #include "tfm_attest_hal.h"
 #include "tfm_plat_boot_seed.h"
 #include "tfm_plat_device_id.h"
-#include <nrf_cc3xx_platform.h>
 #include "tfm_strnlen.h"
 #include "nrf_provisioning.h"
-#include <nrfx_nvmc.h>
 #include <bl_storage.h>
 
+#ifdef CONFIG_NRFX_NVMC
+#include <nrfx_nvmc.h>
+#endif
+#ifdef CONFIG_HAS_HW_NRF_CC3XX
+#include <nrf_cc3xx_platform.h>
+#endif
+
+#if defined(CONFIG_CRACEN_HW_PRESENT)
+static bool boot_seed_set;
+static uint8_t boot_seed[BOOT_SEED_SIZE];
+#endif
+
 static enum tfm_security_lifecycle_t map_bl_storage_lcs_to_tfm_slc(enum lcs lcs)
 {
 	switch (lcs) {
@@ -101,8 +113,11 @@ enum tfm_plat_err_t tfm_attest_hal_get_profile_definition(uint32_t *size, uint8_
 
 enum tfm_plat_err_t tfm_plat_get_boot_seed(uint32_t size, uint8_t *buf)
 {
+#if defined(CONFIG_HAS_HW_NRF_CC3XX)
 	int nrf_err;
 
+	_Static_assert(NRF_CC3XX_PLATFORM_TFM_BOOT_SEED_SIZE == BOOT_SEED_SIZE,
+		"NRF_CC3XX_PLATFORM_TFM_BOOT_SEED_SIZE must match BOOT_SEED_SIZE");
 	if (size != NRF_CC3XX_PLATFORM_TFM_BOOT_SEED_SIZE) {
 		return TFM_PLAT_ERR_INVALID_INPUT;
 	}
@@ -111,6 +126,24 @@ enum tfm_plat_err_t tfm_plat_get_boot_seed(uint32_t size, uint8_t *buf)
 	if (nrf_err != NRF_CC3XX_PLATFORM_SUCCESS) {
 		return TFM_PLAT_ERR_SYSTEM_ERR;
 	}
+#elif defined(CONFIG_CRACEN_HW_PRESENT)
+	if (!boot_seed_set) {
+		psa_status_t psa_err = psa_generate_random(boot_seed, sizeof(boot_seed));
+
+		if (psa_err != PSA_SUCCESS) {
+			return TFM_PLAT_ERR_SYSTEM_ERR;
+		}
+
+		boot_seed_set = true;
+	}
+
+	if (size != BOOT_SEED_SIZE) {
+		return TFM_PLAT_ERR_INVALID_INPUT;
+	}
+	memcpy(buf, boot_seed, size);
+#else
+#error "No crypto hardware to generate boot seed available."
+#endif
 
 	return TFM_PLAT_ERR_SUCCESS;
 }

modules/trusted-firmware-m/tfm_boards/nrf54l15_cpuapp/config.cmake

@@ -13,3 +13,11 @@ include(${PLATFORM_PATH}/common/${NRF_SOC_VARIANT}/config.cmake)
 
 # Override PS_CRYPTO_KDF_ALG
 set(PS_CRYPTO_KDF_ALG                  PSA_ALG_SP800_108_COUNTER_CMAC CACHE STRING    "KDF Algorithm to use")
+
+# attest_hal.c includes bl_storage.h, which needs CONFIG_NRFX_RRAMC to be defined.
+# This is because bl_storage is a lib intended to be run from either the bootloader (Zephyr) or from TF-M.
+# This is independent from the NS image's CONFIG_NRFX_RRAMC, which must be disabled, so we can not inherit
+# this from app Kconfig.
+if(TFM_PARTITION_INITIAL_ATTESTATION)
+  add_compile_definitions(CONFIG_NRFX_RRAMC)
+endif()

samples/tfm/tfm_psa_template/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf

@@ -0,0 +1,7 @@
+CONFIG_SPI_NOR=n
+CONFIG_PM_PARTITION_SIZE_TFM=0x50800
+
+# Since provisioning is not supported for the nRF54L15 yet,
+# we will use dummy provisioning for now.
+CONFIG_TFM_NRF_PROVISIONING=n
+CONFIG_TFM_DUMMY_PROVISIONING=y

samples/tfm/tfm_psa_template/prj.conf

@@ -12,6 +12,7 @@ CONFIG_TFM_EXCEPTION_INFO_DUMP=y
 
 CONFIG_TFM_PARTITION_INITIAL_ATTESTATION=y
 CONFIG_TFM_NRF_PROVISIONING=y
+CONFIG_IDENTITY_KEY_TFM=y
 
 CONFIG_SECURE_BOOT=y
 

samples/tfm/tfm_psa_template/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp.conf

@@ -0,0 +1,6 @@
+CONFIG_PM_PARTITION_SIZE_MCUBOOT=0xb800
+CONFIG_SPI_NOR=n
+CONFIG_BOOT_MAX_IMG_SECTORS=256
+
+# FPROTECT is set in NSIB instead
+CONFIG_FPROTECT=n

subsys/bootloader/bl_storage/Kconfig

@@ -6,4 +6,4 @@
 
 config SECURE_BOOT_STORAGE
 	bool "Library for accessing the bootloader storage"
-	select NRFX_RRAMC if SOC_SERIES_NRF54LX
+	select NRFX_RRAMC if SOC_SERIES_NRF54LX && !TRUSTED_EXECUTION_NONSECURE