From e28569583244fdfb0152766fb52b86954e93bf8a Mon Sep 17 00:00:00 2001 From: Yestin Sun Date: Fri, 26 Feb 2021 15:29:37 -0800 Subject: [PATCH 1/5] modules: trusted-firmware-m: Allow to adjust hex file base address This commit allows to append an optional --hex-addr argument to the wrapper script if speficied. This can adjust the base address of the output hex file when signing the non-secure or secure firmware images. Signed-off-by: Yestin Sun --- modules/trusted-firmware-m/CMakeLists.txt | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/trusted-firmware-m/CMakeLists.txt b/modules/trusted-firmware-m/CMakeLists.txt index b51944d6a0c82..b5b5880c3a87e 100644 --- a/modules/trusted-firmware-m/CMakeLists.txt +++ b/modules/trusted-firmware-m/CMakeLists.txt @@ -278,6 +278,14 @@ if (CONFIG_BUILD_WITH_TFM) set(TFM_PUBLIC_KEY_FORMAT "full") endif() + if(DEFINED TFM_HEX_BASE_ADDRESS_S) + set(HEX_ADDR_ARGS_S "--hex-addr=${TFM_HEX_BASE_ADDRESS_S}") + endif() + + if(DEFINED TFM_HEX_BASE_ADDRESS_NS) + set(HEX_ADDR_ARGS_NS "--hex-addr=${TFM_HEX_BASE_ADDRESS_NS}") + endif() + function(tfm_sign OUT_ARG SUFFIX PAD INPUT_FILE OUTPUT_FILE) if(PAD) set(pad_args --pad --pad-header) @@ -290,6 +298,7 @@ if (CONFIG_BUILD_WITH_TFM) --align 1 -v ${TFM_IMAGE_VERSION_${SUFFIX}} ${pad_args} + ${HEX_ADDR_ARGS_${SUFFIX}} ${ADD_${SUFFIX}_IMAGE_MIN_VER} -s auto -H ${CONFIG_ROM_START_OFFSET} From 883394f145be0a3394b9bdae94830d7390c67f7c Mon Sep 17 00:00:00 2001 From: Yestin Sun Date: Tue, 5 Jan 2021 15:08:05 -0800 Subject: [PATCH 2/5] boards: stm32l562e_dk: Add non secure target This commit adds a second target for the stm32l562e_dk board. The non secure target can be configured for TFM IPC application. Signed-off-by: Yestin Sun --- boards/arm/stm32l562e_dk/CMakeLists.txt | 14 ++++++ boards/arm/stm32l562e_dk/Kconfig.defconfig | 12 +++++ boards/arm/stm32l562e_dk/board.cmake | 10 +++++ boards/arm/stm32l562e_dk/doc/index.rst | 16 +++++++ boards/arm/stm32l562e_dk/stm32l562e_dk_ns.dts | 28 ++++++++++++ .../arm/stm32l562e_dk/stm32l562e_dk_ns.yaml | 13 ++++++ .../stm32l562e_dk/stm32l562e_dk_ns_defconfig | 44 +++++++++++++++++++ 7 files changed, 137 insertions(+) create mode 100644 boards/arm/stm32l562e_dk/CMakeLists.txt create mode 100644 boards/arm/stm32l562e_dk/stm32l562e_dk_ns.dts create mode 100644 boards/arm/stm32l562e_dk/stm32l562e_dk_ns.yaml create mode 100644 boards/arm/stm32l562e_dk/stm32l562e_dk_ns_defconfig diff --git a/boards/arm/stm32l562e_dk/CMakeLists.txt b/boards/arm/stm32l562e_dk/CMakeLists.txt new file mode 100644 index 0000000000000..009a6cab30bad --- /dev/null +++ b/boards/arm/stm32l562e_dk/CMakeLists.txt @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: Apache-2.0 + +if(${ZEPHYR_TOOLCHAIN_VARIANT} STREQUAL "zephyr") + set(COMPILER_FULL_PATH ${ZEPHYR_SDK_INSTALL_DIR}/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc) +elseif(${ZEPHYR_TOOLCHAIN_VARIANT} STREQUAL "gnuarmemb") + set(COMPILER_FULL_PATH ${GNUARMEMB_TOOLCHAIN_PATH}/bin/arm-none-eabi-gcc) +endif() + +if(CONFIG_BUILD_WITH_TFM) + set_property(GLOBAL APPEND PROPERTY extra_post_build_byproducts + #Execute post build script postbuild.sh + COMMAND ${CMAKE_BINARY_DIR}/tfm/postbuild.sh ${COMPILER_FULL_PATH} + ) +endif() diff --git a/boards/arm/stm32l562e_dk/Kconfig.defconfig b/boards/arm/stm32l562e_dk/Kconfig.defconfig index c35d42fa046d2..74798165fc796 100644 --- a/boards/arm/stm32l562e_dk/Kconfig.defconfig +++ b/boards/arm/stm32l562e_dk/Kconfig.defconfig @@ -32,4 +32,16 @@ config BT_HCI_VS_EXT endif # BT +if TRUSTED_EXECUTION_NONSECURE + +# Get flash configuration for NS image from dts flash partition +config USE_DT_CODE_PARTITION + default y + +config TFM_ISOLATION_LEVEL + default 2 + depends on BUILD_WITH_TFM + +endif # TRUSTED_EXECUTION_NONSECURE + endif # BOARD_STM32L562E_DK diff --git a/boards/arm/stm32l562e_dk/board.cmake b/boards/arm/stm32l562e_dk/board.cmake index 4e000bdbf822c..ddc46d4622c13 100644 --- a/boards/arm/stm32l562e_dk/board.cmake +++ b/boards/arm/stm32l562e_dk/board.cmake @@ -1,3 +1,13 @@ +if(CONFIG_BUILD_WITH_TFM) + set(TFM_FLASH_BASE_ADDRESS 0x0C000000) + + if (CONFIG_HAS_FLASH_LOAD_OFFSET) + MATH(EXPR TFM_HEX_BASE_ADDRESS_NS "${TFM_FLASH_BASE_ADDRESS}+${CONFIG_FLASH_LOAD_OFFSET}") + else() + set(TFM_HEX_BASE_ADDRESS_NS ${TFM_TFM_FLASH_BASE_ADDRESS}) + endif() +endif() + set_ifndef(BOARD_DEBUG_RUNNER pyocd) set_ifndef(BOARD_FLASH_RUNNER pyocd) diff --git a/boards/arm/stm32l562e_dk/doc/index.rst b/boards/arm/stm32l562e_dk/doc/index.rst index 6e4ae4589ca41..8c36423ceca13 100644 --- a/boards/arm/stm32l562e_dk/doc/index.rst +++ b/boards/arm/stm32l562e_dk/doc/index.rst @@ -166,6 +166,8 @@ The Zephyr stm32l562e_dk board configuration supports the following hardware fea +-----------+------------+-------------------------------------+ | SPI | on-chip | spi | +-----------+------------+-------------------------------------+ +| TrustZone | on-chip | Trusted Firmware-M | ++-----------+------------+-------------------------------------+ Other hardware features are not yet supported on this Zephyr port. @@ -254,6 +256,20 @@ You should see the following message on the console: Hello World! stm32l562e_dk +Building Secure/Non-Secure Zephyr applications with Arm |reg| TrustZone |reg| +----------------------------------------------------------------------------- + +The TF-M integration sample :ref:`tfm_ipc` can be run on a STM32L562E-DK Discovery, +using the ``stm32l562e_dk_ns`` target. When building a ``*_ns`` image with TF-M, +a ``build/tfm/postbuild.sh`` bash script will be run automatically as a post-build step +to make some required flash layout changes. The ``build/tfm/regression.sh`` script will +need to be run to perform device initialization, and then run ``west flash --hex-file build/tfm_merged.hex`` +to flash the board. + +Check the ``build/tfm`` directory to ensure that the commands required by these scripts +(``readlink``, etc.) are available on your system. Please also check ``STM32_Programmer_CLI`` +used for initialization is available in the PATH. + Debugging ========= diff --git a/boards/arm/stm32l562e_dk/stm32l562e_dk_ns.dts b/boards/arm/stm32l562e_dk/stm32l562e_dk_ns.dts new file mode 100644 index 0000000000000..1d9fba58fe629 --- /dev/null +++ b/boards/arm/stm32l562e_dk/stm32l562e_dk_ns.dts @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2021 Yestin Sun + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/dts-v1/; +#include "stm32l562e_dk_common.dtsi" + +/ { + model = "STMicroelectronics STM32L562E-DK Discovery board"; + compatible = "st,stm32l562e-dk"; + + #address-cells = <1>; + #size-cells = <1>; + + chosen { + zephyr,console = &usart1; + zephyr,shell-uart = &usart1; + zephyr,sram = &sram0; + zephyr,flash = &flash0; + }; + + aliases { + led0 = &green_led_10; + sw0 = &user_button; + }; +}; diff --git a/boards/arm/stm32l562e_dk/stm32l562e_dk_ns.yaml b/boards/arm/stm32l562e_dk/stm32l562e_dk_ns.yaml new file mode 100644 index 0000000000000..31d1a5b32caaa --- /dev/null +++ b/boards/arm/stm32l562e_dk/stm32l562e_dk_ns.yaml @@ -0,0 +1,13 @@ +identifier: stm32l562e_dk_ns +name: ST STM32L562E-DK Discovery non secure +type: mcu +arch: arm +toolchain: + - zephyr + - gnuarmemb +supported: + - gpio + - i2c + - lsm6dso +ram: 192 +flash: 512 diff --git a/boards/arm/stm32l562e_dk/stm32l562e_dk_ns_defconfig b/boards/arm/stm32l562e_dk/stm32l562e_dk_ns_defconfig new file mode 100644 index 0000000000000..7127c3c1999e9 --- /dev/null +++ b/boards/arm/stm32l562e_dk/stm32l562e_dk_ns_defconfig @@ -0,0 +1,44 @@ +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_SOC_SERIES_STM32L5X=y +CONFIG_SOC_STM32L562XX=y +# 110MHz system clock +CONFIG_SYS_CLOCK_HW_CYCLES_PER_SEC=110000000 + +# enable uart driver +CONFIG_SERIAL=y + +# enable pinmux +CONFIG_PINMUX=y + +# enable GPIO +CONFIG_GPIO=y + +# clock configuration +CONFIG_CLOCK_CONTROL=y +# SYSCLK selection +CONFIG_CLOCK_STM32_SYSCLK_SRC_PLL=y +# PLL configuration +CONFIG_CLOCK_STM32_PLL_SRC_MSI=y +CONFIG_CLOCK_STM32_MSI_RANGE=6 +# produce 110MHz clock at PLL output +CONFIG_CLOCK_STM32_PLL_M_DIVISOR=1 +CONFIG_CLOCK_STM32_PLL_N_MULTIPLIER=55 +CONFIG_CLOCK_STM32_PLL_P_DIVISOR=7 +CONFIG_CLOCK_STM32_PLL_Q_DIVISOR=2 +CONFIG_CLOCK_STM32_PLL_R_DIVISOR=2 +CONFIG_CLOCK_STM32_AHB_PRESCALER=1 +CONFIG_CLOCK_STM32_APB1_PRESCALER=1 +CONFIG_CLOCK_STM32_APB2_PRESCALER=1 + +# console +CONFIG_CONSOLE=y +CONFIG_UART_CONSOLE=y + +# Enable MPU +CONFIG_ARM_MPU=y + +CONFIG_ARM_TRUSTZONE_M=y +CONFIG_CORTEX_M_SYSTICK=y +CONFIG_RUNTIME_NMI=y +CONFIG_TRUSTED_EXECUTION_NONSECURE=y From 09f32e3c4a0c210d75648f46e167a3167ad6637a Mon Sep 17 00:00:00 2001 From: Yestin Sun Date: Tue, 5 Jan 2021 21:51:11 -0800 Subject: [PATCH 3/5] boards: stm32l562e_dk: Avoid GPIO pinctrl for non secure target After TZ is enabled, the GPIO peripherals are secured and are not accessible from non secure world. This commit prevents the GPIO pinctrl from the non secure target for stm32l562e_dk board. Signed-off-by: Yestin Sun --- boards/arm/stm32l562e_dk/stm32l562e_dk.dts | 4 ++++ boards/arm/stm32l562e_dk/stm32l562e_dk_common.dtsi | 1 - 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/boards/arm/stm32l562e_dk/stm32l562e_dk.dts b/boards/arm/stm32l562e_dk/stm32l562e_dk.dts index f18d240a45574..14e5ca8832584 100644 --- a/boards/arm/stm32l562e_dk/stm32l562e_dk.dts +++ b/boards/arm/stm32l562e_dk/stm32l562e_dk.dts @@ -26,3 +26,7 @@ sw0 = &user_button; }; }; + +&usart1 { + pinctrl-0 = <&usart1_tx_pa9 &usart1_rx_pa10>; +}; diff --git a/boards/arm/stm32l562e_dk/stm32l562e_dk_common.dtsi b/boards/arm/stm32l562e_dk/stm32l562e_dk_common.dtsi index d083f9e759e45..1b6c356ba1bb3 100644 --- a/boards/arm/stm32l562e_dk/stm32l562e_dk_common.dtsi +++ b/boards/arm/stm32l562e_dk/stm32l562e_dk_common.dtsi @@ -31,7 +31,6 @@ }; &usart1 { - pinctrl-0 = <&usart1_tx_pa9 &usart1_rx_pa10>; current-speed = <115200>; status = "okay"; }; From 6a09df302340dab3e8d6d5af9b7719778afebe2c Mon Sep 17 00:00:00 2001 From: Yestin Sun Date: Tue, 5 Jan 2021 15:27:12 -0800 Subject: [PATCH 4/5] boards: stm32l562e_dk: Enable TF-M IPC application This commit enables the TF-M IPC sample application on stm32l562e_dk board. It provides device tree flash partition as an overlay in order to configure and flash the bl2, secure/non secure firmwares. Signed-off-by: Yestin Sun --- modules/trusted-firmware-m/Kconfig | 1 + samples/tfm_integration/tfm_ipc/README.rst | 21 ++++--- .../tfm_ipc/boards/stm32l562e_dk_ns.overlay | 55 +++++++++++++++++++ samples/tfm_integration/tfm_ipc/sample.yaml | 2 +- 4 files changed, 70 insertions(+), 9 deletions(-) create mode 100644 samples/tfm_integration/tfm_ipc/boards/stm32l562e_dk_ns.overlay diff --git a/modules/trusted-firmware-m/Kconfig b/modules/trusted-firmware-m/Kconfig index 196c59e85fc74..d0ffc11f9f83f 100644 --- a/modules/trusted-firmware-m/Kconfig +++ b/modules/trusted-firmware-m/Kconfig @@ -14,6 +14,7 @@ config TFM_BOARD default "nxp/lpcxpresso55s69" if BOARD_LPCXPRESSO55S69_CPU0 default "mps2/an521" if BOARD_MPS2_AN521 default "stm/nucleo_l552ze_q" if BOARD_NUCLEO_L552ZE_Q + default "stm/stm32l562e_dk" if BOARD_STM32L562E_DK default "musca_b1" if BOARD_MUSCA_B1 default "musca_s1" if BOARD_MUSCA_S1 help diff --git a/samples/tfm_integration/tfm_ipc/README.rst b/samples/tfm_integration/tfm_ipc/README.rst index b76255b3af0e8..848c63d3fe83c 100644 --- a/samples/tfm_integration/tfm_ipc/README.rst +++ b/samples/tfm_integration/tfm_ipc/README.rst @@ -103,33 +103,38 @@ Or, post build: $ ninja run -On ST Nucleo L552ZE Q: -====================== +On ST Nucleo L552ZE Q or STM32L562E-DK Discovery: +================================================= This sample was tested on Ubuntu 18.04 with Zephyr SDK 0.11.3. Build Zephyr with a non-secure configuration: + Example, for building non-secure configuration for Nucleo L552ZE Q + .. code-block:: bash $ west build -b nucleo_l552ze_q_ns samples/tfm_integration/tfm_ipc/ -Two scripts are avalaible in the ``build/tfm`` folder: + Example, for building non-secure configuration for STM32L562E-DK Discovery + + .. code-block:: bash + + $ west build -b stm32l562e_dk_ns samples/tfm_integration/tfm_ipc/ + +The script to initialize the device is avalaible in the ``build/tfm`` folder: - ``regression.sh``: Sets platform option bytes config and erase platform. - - ``TFM_UPDATE.sh``: Writes bl2, secure, and non secure image in target. Run them in the following order to flash the board: .. code-block:: bash $ ./build/tfm/regression.sh - $ ./build/tfm/TFM_UPDATE.sh - -Reset the board. + $ west flash --hex-file build/tfm_merged.hex .. note:: - Note that ``arm-none-eabi-gcc`` should be available in the PATH variable and that ``STM32_Programmer_CLI`` is required to run ``regression.sh`` and ``TFM_UPDATE.sh`` (see https://www.st.com/en/development-tools/stm32cubeprog.html). If you are still having trouble running these scripts, check the Programming and Debugging section of the :ref:`nucleo_l552ze_q_board` documentation. + Note that ``arm-none-eabi-gcc`` should be available in the PATH variable and that ``STM32_Programmer_CLI`` is required to run ``regression.sh`` (see https://www.st.com/en/development-tools/stm32cubeprog.html). If you are still having trouble running these scripts, check the Programming and Debugging section of the :ref:`nucleo_l552ze_q_board` or :ref:`stm32l562e_dk_board` documentation. On LPCxpresso55S69: =================== diff --git a/samples/tfm_integration/tfm_ipc/boards/stm32l562e_dk_ns.overlay b/samples/tfm_integration/tfm_ipc/boards/stm32l562e_dk_ns.overlay new file mode 100644 index 0000000000000..b36ca6bfeb924 --- /dev/null +++ b/samples/tfm_integration/tfm_ipc/boards/stm32l562e_dk_ns.overlay @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2021 Yestin Sun + * + * SPDX-License-Identifier: Apache-2.0 + */ + + /* This partition table should be used along with TFM configuration: + * - TFM_PSA_API=ON (IPC) + * - ISOLATION_LEVEL 2 + * - TEST_S=ON (REGRESSION) + * - TEST_NS=OFF (By default) + * + * In this configuration, TFM binary includes tests. As a consequence, + * its size is bloated and it is not possible to set secondary partitions + * for secured or non secured images. + */ + +/ { + chosen { + zephyr,code-partition = &slot1_partition; + }; +}; + +&flash0 { + + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + boot_partition: partition@0 { + label = "mcuboot"; + reg = <0x00000000 0x00013000>; + read-only; + }; + /* Secure image primary slot */ + slot0_partition: partition@00013000 { + label = "image-0"; + reg = <0x00013000 0x00038000>; + }; + /* Non-secure image primary slot */ + slot1_partition: partition@0004B000 { + label = "image-1"; + reg = <0x0004B000 0x0002A000>; + }; + /* + * The flash starting at 0x7F000 and ending at + * 0x80000 is reserved for the application. + */ + storage_partition: partition@7F000 { + label = "storage"; + reg = <0x0007F000 0x00001000>; + }; + }; +}; diff --git a/samples/tfm_integration/tfm_ipc/sample.yaml b/samples/tfm_integration/tfm_ipc/sample.yaml index 96c8f46f0dca3..7814f173fb904 100644 --- a/samples/tfm_integration/tfm_ipc/sample.yaml +++ b/samples/tfm_integration/tfm_ipc/sample.yaml @@ -7,7 +7,7 @@ tests: tags: introduction tfm platform_allow: mps2_an521_nonsecure lpcxpresso55s69_ns nrf5340dk_nrf5340_cpuappns nrf9160dk_nrf9160ns nucleo_l552ze_q_ns - v2m_musca_s1_nonsecure + stm32l562e_dk_ns v2m_musca_s1_nonsecure harness: console harness_config: type: multi_line From da58bd0f31f0b268fd2f908ba0503d754b1e6422 Mon Sep 17 00:00:00 2001 From: Yestin Sun Date: Fri, 26 Feb 2021 16:03:43 -0800 Subject: [PATCH 5/5] boards: nucleo_l552ze_q: Leverage consolidated TFM signing code This commit removes the signing commands from the post build steps, in order to leverage the consolidated TFM signing code. Also with the support to adjust the hex base address when signing, there is no need to run the TFM_UPDATE.sh script. We can use west flash to flash the merged hex file on the board. Signed-off-by: Yestin Sun --- boards/arm/nucleo_l552ze_q/CMakeLists.txt | 54 +------------------ boards/arm/nucleo_l552ze_q/board.cmake | 14 ++++- .../nucleo_l552ze_q/doc/nucleol552ze_q.rst | 11 +++- 3 files changed, 24 insertions(+), 55 deletions(-) diff --git a/boards/arm/nucleo_l552ze_q/CMakeLists.txt b/boards/arm/nucleo_l552ze_q/CMakeLists.txt index 83a4f7ea62a6c..16db9aa1ea3a6 100644 --- a/boards/arm/nucleo_l552ze_q/CMakeLists.txt +++ b/boards/arm/nucleo_l552ze_q/CMakeLists.txt @@ -11,58 +11,8 @@ elseif(${ZEPHYR_TOOLCHAIN_VARIANT} STREQUAL "gnuarmemb") endif() if (CONFIG_BUILD_WITH_TFM) - # Set default image versions if not defined elsewhere - if (NOT DEFINED TFM_IMAGE_VERSION_S) - set(TFM_IMAGE_VERSION_S 0.0.0+0) - endif() - - if (NOT DEFINED TFM_IMAGE_VERSION_NS) - set(TFM_IMAGE_VERSION_NS 0.0.0+0) - endif() - - set(PREPROCESSED_FILE_S "${CMAKE_BINARY_DIR}/tfm/bl2/ext/mcuboot/CMakeFiles/signing_layout_s.dir/signing_layout_s.o") - set(PREPROCESSED_FILE_NS "${CMAKE_BINARY_DIR}/tfm/bl2/ext/mcuboot/CMakeFiles/signing_layout_ns.dir/signing_layout_ns.o") - set(TFM_MCUBOOT_DIR "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/trusted-firmware-m/bl2/ext/mcuboot") - - # Configure which format (full or hash) to include the public key in - # the image manifest - set(TFM_PUBLIC_KEY_FORMAT "full") - - #Create and sign for concatenated binary image, should align with the TF-M BL2 - set_property(GLOBAL APPEND PROPERTY extra_post_build_commands - - #Sign secure binary image with public key - COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/wrapper/wrapper.py - --layout ${PREPROCESSED_FILE_S} - -k ${CONFIG_TFM_KEY_FILE_S} - --public-key-format ${TFM_PUBLIC_KEY_FORMAT} - --align 1 - -v ${TFM_IMAGE_VERSION_S} - --pad - --pad-header - ${ADD_NS_IMAGE_MIN_VER} - -s auto - -H 0x400 - $ - ${CMAKE_BINARY_DIR}/tfm_s_signed.bin - - #Sign non-secure binary image with public key - COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/wrapper/wrapper.py - --layout ${PREPROCESSED_FILE_NS} - -k ${CONFIG_TFM_KEY_FILE_NS} - --public-key-format ${TFM_PUBLIC_KEY_FORMAT} - --align 1 - -v ${TFM_IMAGE_VERSION_NS} - -s auto - ${ADD_S_IMAGE_MIN_VER} - -H 0x400 - ${CMAKE_BINARY_DIR}/zephyr/${KERNEL_BIN_NAME} - ${CMAKE_BINARY_DIR}/zephyr_ns_signed.bin - - #Copy mcuboot.bin - COMMAND ${CMAKE_COMMAND} -E copy $ ${CMAKE_BINARY_DIR}/mcuboot.bin - + set_property(GLOBAL APPEND PROPERTY extra_post_build_byproducts #Execute post build script postbuild.sh COMMAND ${CMAKE_BINARY_DIR}/tfm/postbuild.sh ${COMPILER_FULL_PATH} - ) + ) endif() diff --git a/boards/arm/nucleo_l552ze_q/board.cmake b/boards/arm/nucleo_l552ze_q/board.cmake index c963eb224fe6a..c1f04ce1bc6e4 100644 --- a/boards/arm/nucleo_l552ze_q/board.cmake +++ b/boards/arm/nucleo_l552ze_q/board.cmake @@ -1,5 +1,15 @@ - set_ifndef(BOARD_DEBUG_RUNNER pyocd) - set_ifndef(BOARD_FLASH_RUNNER pyocd) +if(CONFIG_BUILD_WITH_TFM) + set(FLASH_BASE_ADDRESS_S 0x0C000000) + + if (CONFIG_HAS_FLASH_LOAD_OFFSET) + MATH(EXPR TFM_HEX_BASE_ADDRESS_NS "${FLASH_BASE_ADDRESS_S}+${CONFIG_FLASH_LOAD_OFFSET}") + else() + set(TFM_HEX_BASE_ADDRESS_NS ${TFM_FLASH_BASE_ADDRESS_S}) + endif() +endif() + +set_ifndef(BOARD_DEBUG_RUNNER pyocd) +set_ifndef(BOARD_FLASH_RUNNER pyocd) board_runner_args(pyocd "--target=stm32l552zetxq") diff --git a/boards/arm/nucleo_l552ze_q/doc/nucleol552ze_q.rst b/boards/arm/nucleo_l552ze_q/doc/nucleol552ze_q.rst index 561126992afc6..fc6bb3d491d99 100644 --- a/boards/arm/nucleo_l552ze_q/doc/nucleol552ze_q.rst +++ b/boards/arm/nucleo_l552ze_q/doc/nucleol552ze_q.rst @@ -276,7 +276,16 @@ You should see the following message on the console: Building a secure/non-secure with Arm |reg| TrustZone |reg| ----------------------------------------------------------- -The TF-M integration sample :ref:`tfm_ipc` can be run by a Nucleo L552ZE Q, using the ``nucleo_l552ze_q_ns`` target. When building a ``*_ns`` image with TF-M, a ``build/tfm/install/postbuild.sh`` bash script will be run as a post-build step to make some required flash layout changes. The ``build/tfm/install/postbuild.sh`` script will also be used to flash the board. Check the ``build/tfm/install`` directory to ensure that the commands required by these scripts (``readlink``, etc.) are available on your system. +The TF-M integration sample :ref:`tfm_ipc` can be run by a Nucleo L552ZE Q, +using the ``nucleo_l552ze_q_ns`` target. When building a ``*_ns`` image with TF-M, +a ``build/tfm/install/postbuild.sh`` bash script will be run as a post-build step +to make some required flash layout changes. The ``build/tfm/regression.sh`` script +will need to be run to perform device initialization, and then run ``west flash --hex-file build/tfm_merged.hex`` +to flash the board. + +Check the ``build/tfm/`` directory to ensure that the commands required by these scripts +(``readlink``, etc.) are available on your system. Please also check ``STM32_Programmer_CLI`` +used for initialization is available in the PATH. Debugging =========