Add docs for NSC APIs and update H5 option bytes

mattia-moffa · mattia-moffa · commit ea9484f6a4d8 · 2025-10-29T15:02:58.000+01:00
diff --git a/docs/API.md b/docs/API.md
@@ -66,3 +66,35 @@ the two images again.
 For more information about the update process, see [Firmware Update](firmware_update.md)
 
 For the image format, see [Firmware Image](firmware_image.md)
+
+## NSC API
+
+If you're running wolfBoot on an ARM TrustZone-enabled device (see for example
+[STM32-TZ](STM32-TZ.md)) you may wish to run your application in non-secure
+mode, while keeping the UPDATE and SWAP partitions in the secure domain. In
+order to accomplish this, any operation by the application that requires access
+to those partitions needs to be performed via wolfBoot code running in the
+secure domain. For this purpose, wolfBoot provides Non-Secure Callable (NSC)
+APIs that allow code running in the non-secure domain to call into the secure
+domain managed by wolfBoot.
+
+These APIs are listed below.
+
+- `void wolfBoot_nsc_success(void)`: wrapper for `wolfBoot_success()`
+- `void wolfBoot_nsc_update_trigger(void)`: wrapper for
+  `wolfBoot_update_trigger()`
+- `uint32_t wolfBoot_nsc_get_image_version(uint8_t part)`: wrapper for
+  `wolfBoot_get_image_version()`
+- `uint32_t wolfBoot_nsc_current_firmware_version(void)`: wrapper for
+  `wolfBoot_current_firmware_version()`
+- `uint32_t wolfBoot_nsc_update_firmware_version(void)`: wrapper for
+  `wolfBoot_update_firmware_version()`
+- `int wolfBoot_nsc_get_partition_state(uint8_t part, uint8_t *st)`: wrapper
+  for `wolfBoot_get_partition_state()`
+- `int wolfBoot_nsc_erase_update(uint32_t address, uint32_t len)`: allows the
+  application to erase the update partition in secure mode. The `address`
+  parameter is an offset from the beginning of the partition.
+- `int wolfBoot_nsc_write_update(uint32_t address, const uint8_t *buf, uint32_t
+  len)`: allows the application to write to the update partition in secure
+  mode. The `address` parameter is an offset from the beginning of the
+  partition.
diff --git a/docs/STM32-TZ.md b/docs/STM32-TZ.md
@@ -55,6 +55,12 @@ image header size must be supplied as an environment variable. For example:
 IMAGE_HEADER_SIZE=1024 ./tools/keytools/sign --sha256 --ecc256 myapp.bin wolfboot_signing_private_key.der 1
 ```
 
+### NSC API
+
+wolfBoot provides a few Non-Secure Callable functions to allow a non-secure
+application to perform certain operations that must be run from the secure
+domain. For more information, see [API](docs/API.md#nsc-api).
+
 ### Example using STM32L552
 
   - Copy the example configuration for STM32-L5 with support for wolfCrypt in
@@ -210,8 +216,8 @@ OPTION BYTES BANK: 4
 
    Bank2 - Flash watermark area definition:
 
-     SECWM2_STRT  : 0x2F  (0x0815e000)
-     SECWM2_END   : 0x0  (0x08100000)
+     SECWM2_STRT  : 0x0  (0x08100000)
+     SECWM2_END   : 0x7F  (0x081fe0000)
 
    Write sector group protection 2:
 
diff --git a/docs/Targets.md b/docs/Targets.md
@@ -915,7 +915,7 @@ The example configuration for this scenario is available in [/config/examples/st
 `STM32_Programmer_CLI -c port=swd -ob TZEN=0xB4`
 
 - set the option bytes to enable flash secure protection of first 384KB and remainder as non-secure:
-`STM32_Programmer_CLI -c port=swd -ob SECWM1_STRT=0x0 SECWM1_END=0x2F SECWM2_STRT=0x2F SECWM2_END=0x0`
+`STM32_Programmer_CLI -c port=swd -ob SECWM1_STRT=0x0 SECWM1_END=0x2F SECWM2_STRT=0x0 SECWM2_END=0x7F`
 
 - flash the wolfboot image to the secure partition:
 `STM32_Programmer_CLI -c port=swd -d wolfboot.bin 0x0C000000`
@@ -934,7 +934,7 @@ echo -n "pBOOT" > trigger_magic.bin
   update.bin \
     0x0     test-app/image_v2_signed.bin \
     0x9FFFB trigger_magic.bin
-STM32_Programmer_CLI -c port=swd -d update.bin 0x08100000
+STM32_Programmer_CLI -c port=swd -d update.bin 0x0C100000
 ```
 
 
