[zep fromtree] platform: nordic: Remove FLPR reserved memory from Nor…

CMakeLists.txt

@@ -42,6 +42,10 @@ set(CMAKE_CXX_COMPILER_FORCED true)
 
 project("Trusted Firmware M" VERSION ${TFM_VERSION} LANGUAGES C CXX ASM)
 
+if(BL2)
+    add_subdirectory(bl2)
+endif()
+
 add_subdirectory(lib/backtrace)
 add_subdirectory(lib/ext)
 add_subdirectory(lib/fih)
@@ -50,11 +54,7 @@ add_subdirectory(lib/tfm_log_unpriv)
 add_subdirectory(lib/tfm_vprintf)
 add_subdirectory(tools)
 add_subdirectory(secure_fw)
-
 add_subdirectory(interface)
-if(BL2)
-    add_subdirectory(bl2)
-endif()
 
 if(BL1 AND PLATFORM_DEFAULT_BL1)
     add_subdirectory(bl1/bl1_2)

bl1/bl1_2/lib/image.c

@@ -39,10 +39,10 @@ fih_int bl1_image_copy_to_sram(uint32_t image_id, uint8_t *out)
     flash_offset = bl1_image_get_flash_offset(image_id);
 
     fih_rc = fih_int_encode_zero_equality(
-                fih_not_eq(BL2_CODE_SIZE + BL2_HEADER_SIZE,
+                fih_not_eq(BL2_CODE_SIZE + BL1_2_HEADER_SIZE,
                            (FLASH_DEV_NAME_BL1.ReadData(flash_offset,
                                                         out,
-                                                        BL2_CODE_SIZE + BL2_HEADER_SIZE))));
+                                                        BL2_CODE_SIZE + BL1_2_HEADER_SIZE))));
 
     FIH_RET(fih_rc);
 }

bl1/bl1_2/lib/interface/image.h

@@ -19,7 +19,7 @@
 extern "C" {
 #endif
 
-#define BL2_HEADER_SIZE (offsetof(struct bl1_2_image_t, protected_values.encrypted_data.data))
+#define BL1_2_HEADER_SIZE (offsetof(struct bl1_2_image_t, protected_values.encrypted_data.data))
 
 /**
  *

bl1/bl1_2/main.c

@@ -107,9 +107,11 @@ static fih_int validate_image_signature(struct bl1_2_image_t *img,
     uint8_t rotpk[TFM_BL1_2_ROTPK_MAX_SIZE];
     uint8_t *p_rotpk = rotpk;
     size_t rotpk_size;
+#if defined(TFM_BL1_2_EMBED_ROTPK_IN_IMAGE) || defined(TFM_MEASURED_BOOT_API)
     uint8_t rotpk_hash[TFM_BL1_2_ROTPK_HASH_MAX_SIZE];
-    enum tfm_bl1_key_type_t key_type;
     enum tfm_bl1_hash_alg_t key_hash_alg;
+#endif /* TFM_BL1_2_EMBED_ROTPK_IN_IMAGE || TFM_MEASURED_BOOT_API */
+    enum tfm_bl1_key_type_t key_type;
 
 
     if (sig->sig_len > sizeof(sig->sig)) {

bl2/CMakeLists.txt

@@ -72,13 +72,15 @@ list(APPEND BL2_CRYPTO_SRC
     $<${build_sha_256}:${MBEDCRYPTO_PATH}/library/sha256.c>
     $<${build_sha_384}:${MBEDCRYPTO_PATH}/library/sha512.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/psa_crypto_ecp.c>
+    $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/psa_util.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/ecp.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/ecp_curves.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/ecdsa.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/bignum.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/bignum_core.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/constant_time.c>
     $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/psa_crypto_rsa.c>
+    $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/psa_util.c>
     $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/rsa.c>
     $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/rsa_alt_helpers.c>
     $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/bignum.c>

bl2/ext/mcuboot/include/flash_map/flash_map.h

@@ -165,6 +165,22 @@ uint32_t flash_area_align(const struct flash_area *area);
 int flash_area_get_sectors(int fa_id, uint32_t *count,
   struct flash_sector *sectors);
 
+/* Retrieve the flash sector a given offset belongs to.
+ *
+ * Returns 0 on success, or an error code on failure.
+ */
+int flash_area_sector_from_off(uint32_t off, struct flash_sector *sector);
+
+/* Retrieve the flash sector a given offset, within flash area.
+ *
+ * @param fa        flash area.
+ * @param off       offset of sector.
+ * @param sector    pointer to structure for obtained information.
+ * Returns 0 on success, or an error code on failure.
+ */
+int flash_area_get_sector(const struct flash_area *fa, uint32_t off,
+  struct flash_sector *sector);
+
 /*
  * Similar to flash_area_get_sectors(), but return the values in an
  * array of struct flash_area instead.

config/config_base.cmake

@@ -41,7 +41,7 @@ set(MBEDCRYPTO_VERSION                  "mbedtls-3.6.3" CACHE STRING "The versio
 set(MBEDCRYPTO_GIT_REMOTE               "https://github.com/Mbed-TLS/mbedtls.git" CACHE STRING "The URL (or path) to retrieve MbedTLS from.")
 
 set(MCUBOOT_PATH                        "DOWNLOAD"  CACHE PATH      "Path to MCUboot (or DOWNLOAD to fetch automatically")
-set(MCUBOOT_VERSION                     "6071ceb"    CACHE STRING    "The version of MCUboot to use")
+set(MCUBOOT_VERSION                     "v2.2.0"    CACHE STRING    "The version of MCUboot to use")
 
 set(PLATFORM_PSA_ADAC_SECURE_DEBUG      FALSE       CACHE BOOL      "Whether to use psa-adac secure debug.")
 set(PLATFORM_PSA_ADAC_SOURCE_PATH       "DOWNLOAD"  CACHE PATH      "Path to source dir of psa-adac.")

docs/contributing/maintainers.rst

@@ -220,6 +220,13 @@ William Vinnicombe
     :email: `William.Vinnicombe@raspberrypi.com <william.vinnicombe@raspberrypi.com>`__
     :github: `Raspberry Pi <https://github.com/raspberrypi>`__
 
+Analog Devices Platform:
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+Sadik Ozer
+    :email: `Sadik.Ozer@analog.com`__
+    :github: `ozersa <https://github.com/ozersa>`__
+
 =============
 
 .. _Project Maintenance Process: https://trusted-firmware-docs.readthedocs.io/en/latest/generic_processes/project_maintenance_process.html

docs/platform/adi/index.rst

@@ -0,0 +1,13 @@
+##############################
+Analog Devices, Inc. Platforms
+##############################
+
+.. toctree::
+    :maxdepth: 1
+    :titlesonly:
+
+    MAX32657 <max32657/README.rst>
+
+--------------
+
+*Copyright (c) 2025, Analog Devices, Inc. All rights reserved.*

docs/platform/adi/max32657/README.rst

@@ -0,0 +1,224 @@
+MAX32657
+========
+
+
+Introduction
+------------
+
+The MAX32657 microcontroller (MCU) is an advanced system-on-chip (SoC)
+featuring an Arm® Cortex®-M33 core with single-precision floating point unit (FPU)
+with digital signal processing (DSP) instructions, large flash and SRAM memories,
+and the latest generation Bluetooth® 5.4 Low Energy (LE) radio.
+The nano-power modes increase battery life substantially.
+
+MAX32657 1MB flash and 256KB RAM split to define section for MCUBoot,
+TF-M (S), Zephyr (NS) and storage that used for secure services and configurations.
+Default layout of MAX32657 is listed in below table.
+
++----------+------------------+---------------------------------+
+| Name     | Address[Size]    | Comment                         |
++==========+==================+=================================+
+| boot     | 0x1000000[64K]   | MCU Bootloader                  |
++----------+------------------+---------------------------------+
+| slot0    | 0x1010000[320k]  | Secure image slot0 (TF-M)       |
++----------+------------------+---------------------------------+
+| slot0_ns | 0x1060000[576k]  | Non-secure image slot0          |
++----------+------------------+---------------------------------+
+| slot1    | 0x10F0000[0k]    | Updates slot0 image             |
++----------+------------------+---------------------------------+
+| slot1_ns | 0x10F0000[0k]    | Updates slot0_ns image          |
++----------+------------------+---------------------------------+
+| storage  | 0x10f0000[64k]   | File system, persistent storage |
++----------+------------------+---------------------------------+
+
+
++----------------+------------------+-------------------+
+| RAM            | Address[Size]    | Comment           |
++================+==================+===================+
+| secure_ram     | 0x30000000[64k]  | Secure memory     |
++----------------+------------------+-------------------+
+| non_secure_ram | 0x20010000[192k] | Non-Secure memory |
++----------------+------------------+-------------------+
+
+
+Secure Boot ROM
+---------------
+
+MAX32657 has Secure Boot ROM that used to authenticate user code via ECDSA 256 public key.
+The Secure Boot ROM is disabled on default, to enable it user need to provision device first.
+
+ADI provides enable_secure_boot.py (under <CMAKE_BINARY_DIR>/lib/ext/tesa-toolkit-src/devices/max32657/scripts/bl1_provision)
+script to simply provision the device. This script reads user certificate via command line parameter
+then writes user key on the device and disables debug interface.
+
+To create pub & private key pair for MAX32657 run:
+
+.. code-block:: bash
+
+    openssl ecparam -out <MY_CERT_FILE.pem> -genkey -name prime256v1
+
+
+.. note::
+
+   Debug interface will be disabled after secure boot is enabled.
+   User must write final firmware before provisioning the device. It can
+   be written during device provision, Just add your final firmware hex file in
+   JLinkScript under <CMAKE_BINARY_DIR>/lib/ext/tesa-toolkit-src/devices/max32657/scripts/bl1_provision folder.
+
+
+After secure boot has been enabled BL2 image must be signed with user certificate
+otherwise Secure Boot ROM will not validate BL2 image and will not execute it.
+The sign process will be done automatically if BL1 be ON ``-DBL1=ON``
+The sign key can be sepecified over command line option -DTFM_BL2_SIGNING_KEY_PATH=<MY_KEY_FILE>
+or by setting the flag in <TF-M base folder>/platform/ext/target/adi/max32657/config.cmake
+Development purpose test certificate is here:
+<CMAKE_BINARY_DIR>/lib/ext/tesa-toolkit-src/devices/max32657/keys/bl1_dummy.pem
+It shall not been used for production purpose just for development purpose.
+
+.. note::
+
+   The signature generation depends on ecdsa that's have to be installed::
+
+    pip3 install ecdsa
+
+
+Building TF-M
+-------------
+
+This platform port supports TF-M regression tests (Secure and Non-secure)
+with Isolation Level 1.
+
+To build S and NS application, run the following commands:
+
+.. note::
+
+   Only GNU toolchain is supported.
+
+.. note::
+
+   Only "profile_small" predefined profile is supported.
+
+Prepare the tf-m-tests repository inside the TF-M base folder.
+
+.. code-block:: bash
+
+    cd <TF-M base folder>
+    git clone https://git.trustedfirmware.org/TF-M/tf-m-tests.git
+
+.. code:: bash
+
+    cd <TF-M base folder>/tf-m-test/tests_reg
+
+    cmake -S spe -B build_spe \
+            -G"Unix Makefiles"               \
+            -DTFM_PLATFORM=adi/max32657      \
+            -DCONFIG_TFM_SOURCE_PATH=<TF-M base folder>/trusted-firmware-m \
+            -DTFM_TOOLCHAIN_FILE=<TF-M base folder>/trusted-firmware-m/toolchain_GNUARM.cmake \
+            -DTEST_S=OFF                \
+            -DTEST_NS=ON               \
+            -DTFM_NS_REG_TEST=ON        \
+            -DTFM_BL2_LOG_LEVEL=LOG_LEVEL_INFO  \
+            -DTFM_ISOLATION_LEVEL=1
+    cmake --build build_spe -- install
+
+    cmake -S . -B build_test    \
+            -G"Unix Makefiles"  \
+            -DCONFIG_SPE_PATH=<TF-M base folder>/tf-m-tests/tests_reg/build_spe/api_ns \
+            -DTFM_TOOLCHAIN_FILE=cmake/toolchain_ns_GNUARM.cmake \
+            -DTFM_NS_REG_TEST=ON
+    cmake --build build_test
+
+
+Merge and Flash Images
+----------------------
+
+Follow the steps below to program the flash with a compiled TF-M image (i.e. S, NS or both).
+
+
+Generate Intel hex files from the output binary (bin) files as follows:
+
+.. code-block:: console
+
+    srec_cat build_spe/bin/tfm_s_signed.bin -binary --offset 0x01010000 -o build_spe/bin/tfm_s_signed.hex -intel
+    srec_cat build_test/bin/tfm_ns_signed.bin -binary --offset 0x01060000 -o build_test/bin/tfm_ns_signed.hex -intel
+
+
+Merge hex files as follows:
+
+.. code-block:: console
+
+    srec_cat build_spe/bin/bl2.hex -Intel build_spe/bin/tfm_s_signed.hex -Intel build_test/bin/tfm_ns_signed.hex -Intel -o tfm_merged.hex -Intel
+
+Alternatively, you can merge hex files with `mergehex.py <https://github.com/zephyrproject-rtos/zephyr/blob/main/scripts/build/mergehex.py>`_
+
+.. code-block:: console
+
+    python /PATH/TO/mergehex.py -o tfm_merged.hex build_spe/bin/bl2.hex build_spe/bin/tfm_s_signed.hex build_test/bin/tfm_ns_signed.hex
+
+.. note::
+
+   Use bl2_signed.hex instead bl2.hex if Secure Boot ROM is enabled.
+
+
+Flash them with JLink as follows:
+
+.. code-block:: console
+
+    JLinkExe -device MAX32657 -if swd -speed 2000 -autoconnect 1
+    J-Link>h
+    J-Link>r
+    J-Link>erase
+    J-Link>loadfile build_spe/bin/tfm_merged.hex
+
+
+BL2 and TF-M Provisioning
+-------------------------
+
+On default ``-DPLATFORM_DEFAULT_PROVISIONING=ON`` and ``-DTFM_DUMMY_PROVISIONING=ON``
+which will use default provisioning and dummpy keys, these configuration is fine
+for development purpose but for production customer specific keys shall be used
+Provisioning bundles can be generated with the ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` flag.
+The provisioning bundle binary will be generated and it's going to contain
+the provisioning code and provisioning values.
+
+If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` and ``-DTFM_DUMMY_PROVISIONING=ON`` then the keys in
+the ``tf-m/platform/ext/target/common/provisioning/provisioning_config.cmake`` and the
+default MCUBoot signing keys will be used for provisioning.
+
+If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` and ``-DTFM_DUMMY_PROVISIONING=OFF`` are set
+then unique values can be used for provisioning. The keys and seeds can be changed by
+passing the new values to the build command, or by setting the ``-DPROVISIONING_KEYS_CONFIG`` flag
+to a .cmake file that contains the keys. An example config cmake file can be seen at
+``tf-m/platform/ext/target/common/provisioning/provisioning_config.cmake``.
+Otherwise new random values are going to be generated and used. For the image signing
+the ${MCUBOOT_KEY_S} and ${MCUBOOT_KEY_NS} will be used. These variables should point to
+.pem files that contain the code signing private keys. The public keys are going to be generated
+from these private keys and will be used for provisioning. The hash of the public key is going to
+be written into the ``provisioning_data.c`` automatically.
+
+If ``-DMCUBOOT_GENERATE_SIGNING_KEYPAIR=ON`` is set then a new mcuboot signing public and private
+keypair is going to be generated and it's going to be used to sign the S and NS binaries.
+
+The new generated keypair can be found in the ``<build dir>/bin`` folder or in the
+``<install directory>/image_signing/keys`` after installation.
+The generated provisioning_data.c file can be found at
+``<build directory>/platform/target/provisioning/provisioning_data.c``
+
+.. note::
+
+   The provisioning bundle generation depends on pyelftools that's have to be installed::
+
+    pip3 install pyelftools
+
+UART Console
+************
+
+MAX32657 has one UART (UART0) peripheral which is routed for Non-Secure console output by default.
+S and NS firmware can not use UART at the same time.
+If TFM_S_REG_TEST been defined the UART console will be routed to the Secure side otherwise it will
+be on NS side.
+
+--------------
+
+*Copyright 2025 Analog Devices, Inc. All rights reserved.
+*SPDX-License-Identifier: BSD-3-Clause*

docs/platform/index.rst

@@ -7,6 +7,7 @@ TF-M Platforms
 .. toctree::
     :maxdepth: 2
 
+    Analog Devices, Inc. <adi/index>
     Arm <arm/index>
     ArmChina <armchina/index>
     Cypress <cypress/index>

docs/platform/platform_introduction.rst

@@ -47,6 +47,8 @@ Supported Platforms
           <https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF5340-DK>`_
         - `BL5340 DVK (lairdconnectivity/bl5340_dvk_cpuapp).
           <https://www.lairdconnect.com/wireless-modules/bluetooth-modules/bluetooth-5-modules/bl5340-series-multi-core-bluetooth-52-802154-nfc-modules>`_
+        - `MAX32657 (adi/max32657).
+          <https://www.analog.com/en/products/max32657.html>`_
 
     - Cortex-M23 system: