west.yml: Bump tf-m with stm32 patches #93520

nandojve · 2025-07-22T15:13:14Z

This patches are necessary to make STM32U5Axxx works with TF-M.

Tested with

west build -p -b b_u585i_iot02a/stm32u585xx/ns samples/tfm_integration/tfm_ipc
./build/tfm/api_ns/regression.sh
west flash

press reset button

[INF] BANK 1 secure flash [0, 75] : OB [0, 127]
[ERR] Unexpected value for secure flash protection: set wmsec1
[INF] BANK 2 secure flash [127, 0] : OB [0, 127]
[INF] BANK 1 flash write protection [10, 21] : OB [127, 0]
[ERR] Unexpected value for write protection : set wrp1
[INF] BANK 1 secure user flash [8, 20] : OB [0, 0]
[ERR] Unexpected value for secure user flash protection : set hdp1
[INF] BANK 1 secure flash [0, 75] : OB [8, 75]
[ERR] Unexpected value for secure flash protection: set wmsec1
[INF] Starting bootloader
[WRN] This device was provisioned with dummy keys. This device is NOT SECURE
[INF] Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
[INF] Scratch: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
[INF] Boot source: primary slot
[INF] Image index: 1, Swap type: none
[INF] Primary image: magic=bad, swap_type=0x1, copy_done=0x3, image_ok=0x3
[INF] Scratch: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
[INF] Boot source: none
[INF] Image index: 0, Swap type: none
[INF] Bootloader chainload address offset: 0x38000
[INF] Image version: v0.0.0
[INF] Jumping to the first image slot
Booting TF-M v2.2.0+gdf04cce18
[WRN] This device was provisioned with dummy keys. This device is NOT SECURE
[Sec Thread] Secure image initializing!
Creating an empty ITS flash layout.
Creating an empty PS flash layout.
[INF][PS] Encryption alg: 0x5500200
[INF][Crypto] Init HW accelerator...
[INF][Crypto] Init HW accelerator... complete.
*** Booting Zephyr OS build v4.2.0-301-g3d4020728bce ***
TF-M IPC on b_u585i_iot02a
The version of the PSA Framework API is 257.
The PSA Crypto service minor version is 1.
Generating 256 bytes of random data:
EC 3D 3E B7 C1 02 14 10 6A 23 93 9F A7 80 BF CC 
CF E0 0A 62 71 B5 A2 38 3D 17 78 CE DA 9F 1D A6 
18 C4 E7 5B 86 AD 86 F5 A7 B2 3B A0 89 F8 A5 56 
94 E6 E3 6B 37 18 02 B7 AB B8 F9 78 BA 4A 63 D2 
B2 F7 A2 71 66 70 14 35 15 33 B0 86 B8 55 78 C9 
BD FB 63 9A FD 50 55 61 9E 5E 76 05 C6 16 83 0D 
3B 51 AE E6 93 2B 99 D9 77 1D F0 0D 0B E0 2B B6 
D7 0B 17 E8 9B 59 2C 07 60 2A 58 EA 28 AF A6 A6 
67 FB E7 C1 D2 A5 A8 A8 DE 6B 03 20 49 35 DE 8A 
D0 A4 47 DB 7F 40 70 D8 FC 5D 80 28 4C F2 03 09 
C9 BB 64 9E D8 FE 0B A1 0F B7 93 B7 3F 74 56 99 
DF 64 31 B9 05 22 26 FA 3C 1E BE 21 45 50 1B A5 
FE 3D D0 24 C5 28 5A D7 44 75 B5 A3 09 6A D1 BD 
47 ED AA D1 F7 68 F3 13 95 62 B2 73 4F 89 F4 54 
8D BC E6 99 D4 73 CE 95 9C 9B 22 DA 96 EC F0 12 
92 FE A9 A7 C3 52 D9 04 0C 21 7B 1E 5C 22 3E B3

github-actions · 2025-07-22T15:14:43Z

The following west manifest projects have changed revision in this Pull Request:

Name	Old Revision	New Revision	Diff
trusted-firmware-m	zephyrproject-rtos/trusted-firmware-m@`cc80026`	zephyrproject-rtos/trusted-firmware-m@`3e12b0c` (`main`)	zephyrproject-rtos/[email protected]

✅ All manifest checks OK

Note: This message is automatically posted and updated by the Manifest GitHub Action.

etienne-lms

Look good with some comments.

Commit message for "boards: st: b_u585i_iot02a: ns: Redesign flash partitions" should emphasis that the new layout is synced with TF-M flash layout (possibly with a Zephyr/TF-M P-R reference).

Since b_u585i_iot02a board flash layout is changed, a firmware update (e.g. FOTA) will not be able to upgrade a Zephyr v4.2.0 (or older) system to a v4.3.0 (or later) version. Terefore I think it would be nice there are a few words about it in the migration guide file (doc/releases/migration-guide-4.3.rst).

boards/st/b_u585i_iot02a/b_u585i_iot02a_stm32u585xx_ns.dts

nandojve · 2025-09-01T06:51:02Z

Hi @tomi-font , @etienne-lms ,

Could you help me to identify what is missing ?

etienne-lms

The main missing part is to wait zephyrproject-rtos/trusted-firmware-m#145 is merged so you can update this P-R with the relevant TF-M Git SHA1 reference in west.yml.

doc/releases/migration-guide-4.3.rst

nandojve · 2025-09-04T11:17:03Z

rebase
fix board name in the release migration.

nandojve · 2025-09-04T12:57:13Z

Hi @erwango ,

The #94869 add a regression that CI is getting in here which will be fixed by #95470.

nandojve · 2025-09-05T10:49:02Z

rebase due to stm32: include: zephyr: drivers: dma: update ll_dma_get_channel_instance macro #95470 got merged.

nandojve · 2025-09-05T13:46:57Z

Hi @erwango , @etienne-lms , @tomi-font , @ceolin , @anasnashif
The TF-M side is fully approved. As Etienne mentioned, Zephyr side is waiting TF-M be merged.
CI is green.

erwango · 2025-09-08T14:14:49Z

@nandojve Could you rebase ?

The S and NS shares the extermal NOR memory. This extracts the external NOR partition definitions from b_u585i_iot02a-common.dtsi and move to b_u585i_iot02a.dts to allow NS software defined their own external partition layout. Signed-off-by: BUDKE Gerson Fernando <[email protected]>

nandojve · 2025-09-08T18:00:09Z

@nandojve Could you rebase ?

Done!

This brings many tf-m patches related to stm32 SoCs. It sync stm32 with the vendor mainline patches and add all the necessary pieces to allow STM32U5Axxx SoC work with TF-M. The patch list can be checked in: zephyrproject-rtos/trusted-firmware-m#145 In addition, redesign the b_u585i_iot02a flash partitions. The current b_u585i_iot02a NS flash layout difficult the development of large applications. Since there is an external NOR memory which is already supported by tf-m, this proposes a layout reconfiguration which allows bigger bootloader, S and NS software. With this redesign the overlay in the tests can be safely removed. This new layout is synced with TF-M 2.1.1 mainline, see: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/41126 The bootloader BL2 now will fetch FOTA content from the external memory. Signed-off-by: BUDKE Gerson Fernando <[email protected]>

sonarqubecloud · 2025-09-08T19:05:47Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

nandojve · 2025-09-09T06:15:57Z

Hi @erwango , @etienne-lms , @tomi-font , @ceolin , @d3zd3z ,

PR in TF-M got merged and CI is green here.

!!! WARNING: !!! Please, do not review this change. It is currently under review at: !!! zephyrproject-rtos#93520 The S and NS shares the extermal NOR memory. This extracts the external NOR partition definitions from b_u585i_iot02a-common.dtsi and move to b_u585i_iot02a.dts to allow NS software defined their own external partition layout. Signed-off-by: BUDKE Gerson Fernando <[email protected]>

!!! WARNING: !!! Please, do not review this change. It is currently under review at: !!! zephyrproject-rtos#93520 This brings many tf-m patches related to stm32 SoCs. It sync stm32 with the vendor mainline patches and add all the necessary pieces to allow STM32U5Axxx SoC work with TF-M. The patch list can be checked in: zephyrproject-rtos/trusted-firmware-m#145 In addition, redesign the b_u585i_iot02a flash partitions. The current b_u585i_iot02a NS flash layout difficult the development of large applications. Since there is an external NOR memory which is already supported by tf-m, this proposes a layout reconfiguration which allows bigger bootloader, S and NS software. With this redesign the overlay in the tests can be safely removed. This new layout is synced with TF-M 2.1.1 mainline, see: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/41126 The bootloader BL2 now will fetch FOTA content from the external memory. Signed-off-by: BUDKE Gerson Fernando <[email protected]>

zephyrbot added the size: XS A PR changing only a single line of code label Jul 22, 2025

github-actions bot added manifest manifest-trusted-firmware-m DNM (manifest) This PR should not be merged (controlled by action-manifest) labels Jul 22, 2025

nandojve added the backport v4.2-branch Request backport to the v4.2-branch label Jul 22, 2025

nandojve requested review from ceolin, erwango, etienne-lms and tomi-font July 22, 2025 18:10

nandojve force-pushed the tfm/add_bump_u5a_patches branch from de1ec72 to f4b0642 Compare August 13, 2025 16:03

zephyrbot added the platform: STM32 ST Micro STM32 label Aug 13, 2025

zephyrbot requested review from FRASTM, GeorgeCGV, djiatsaf-st, gautierg-st, marwaiehm-st and mathieuchopstm August 13, 2025 16:11

zephyrbot assigned erwango Aug 13, 2025

nandojve added this to the v4.3.0 milestone Aug 13, 2025

etienne-lms reviewed Aug 18, 2025

View reviewed changes

nandojve force-pushed the tfm/add_bump_u5a_patches branch 2 times, most recently from 45668a5 to accb6cb Compare August 18, 2025 13:55

zephyrbot added Release Notes To be mentioned in the release notes area: Flash labels Aug 18, 2025

zephyrbot requested review from cfriedt, de-nordic, jhedberg, kartben and rghaddab August 18, 2025 13:56

nandojve force-pushed the tfm/add_bump_u5a_patches branch from d595d99 to 6aadae9 Compare August 29, 2025 06:07

nandojve requested a review from etienne-lms August 29, 2025 07:03

etienne-lms reviewed Sep 2, 2025

View reviewed changes

doc/releases/migration-guide-4.3.rst Show resolved Hide resolved

nandojve force-pushed the tfm/add_bump_u5a_patches branch from 6aadae9 to d0298d4 Compare September 4, 2025 11:16

nandojve requested a review from etienne-lms September 4, 2025 11:17

nandojve force-pushed the tfm/add_bump_u5a_patches branch from d0298d4 to e12adc7 Compare September 5, 2025 10:48

nandojve force-pushed the tfm/add_bump_u5a_patches branch 2 times, most recently from 9c0993e to f81f23a Compare September 8, 2025 16:52

nandojve force-pushed the tfm/add_bump_u5a_patches branch from f81f23a to ea7eb4d Compare September 8, 2025 18:41

github-actions bot removed the DNM (manifest) This PR should not be merged (controlled by action-manifest) label Sep 8, 2025

erwango approved these changes Sep 9, 2025

View reviewed changes

etienne-lms mentioned this pull request Sep 9, 2025

st: wba65: add stm32wba65i_dk1 board, 'ns' variant for dk1 and nucleo boards #95722

Open

etienne-lms approved these changes Sep 9, 2025

View reviewed changes

kartben merged commit f376602 into zephyrproject-rtos:main Sep 9, 2025
29 checks passed

github-actions bot mentioned this pull request Sep 9, 2025

[Backport v4.2-branch] Failed to backport #93520 #95758

Open

nandojve deleted the tfm/add_bump_u5a_patches branch September 9, 2025 20:34

nandojve mentioned this pull request Sep 9, 2025

trusted-firmware-m: Fix sign images to allow FOTA #94470

Open

west.yml: Bump tf-m with stm32 patches #93520

west.yml: Bump tf-m with stm32 patches #93520

Uh oh!

Conversation

nandojve commented Jul 22, 2025

Uh oh!

github-actions bot commented Jul 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

etienne-lms left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

nandojve commented Sep 1, 2025

Uh oh!

etienne-lms left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

nandojve commented Sep 4, 2025

Uh oh!

nandojve commented Sep 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nandojve commented Sep 5, 2025

Uh oh!

nandojve commented Sep 5, 2025

Uh oh!

erwango commented Sep 8, 2025

Uh oh!

nandojve commented Sep 8, 2025

Uh oh!

sonarqubecloud bot commented Sep 8, 2025

Quality Gate passed

Uh oh!

nandojve commented Sep 9, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

github-actions bot commented Jul 22, 2025 •

edited

Loading

nandojve commented Sep 4, 2025 •

edited

Loading