samples: tfm_integration: Remove psa_firmware

# SPDX-License-Identifier: Apache-2.0

cmake_minimum_required(VERSION 3.20.0)

find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})

project(tfm_psa_firmware)

if (NOT CONFIG_APP_FIRMWARE_UPDATE_IMAGE)

   message(FATAL_ERROR "CONFIG_APP_FIRMWARE_UPDATE_IMAGE required")

endif()

# NOTE: These must not include ${CMAKE_BINARY_DIR} otherwise you get an

# absolute path as part of the C symbols in the generated object file.

# This is difficult to use in a correct and portable way. Instead, we will

# take advantage of running everything from within the build directory.

set(UPDATE_SIGNED_HEX update-signed.hex)

set(UPDATE_BIN update-image.bin)

set(UPDATE_OBJ update-image.o)

set(UPDATE_HEADER_BIN update-header.bin)

set(UPDATE_HEADER_OBJ update-header.o)

# The following sequence of add_custom_command calls builds a dependency

# graph of all the bits we need to sign# an image. The process looks

# something like:

#

#                 [(1) sample.hex ]

#                         |

#                         v

#              [(2) sign with imgtool ]

#                         |

#                         v

#               [(3) split-header.py ]

#                  |             |

#              app |             | header

#                  v             v

#             [(4,5) objdump bin to obj ]

#                  |             |

#          app obj |             | header obj

#                  v             v

#              [(6) target_sources(..) ]

#

# Note that node (1) is an input.

# This is duplicated from the trusted-firmware-m CMakeLists.txt, as this

# needs it and CMAKE does not allow us to import the varibales from that

# directory.

set(TFM_MCUBOOT_DIR "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/bl2/ext/mcuboot")

# Node (2) in the above graphic

add_custom_command(

  DEPENDS ${CONFIG_APP_FIRMWARE_UPDATE_IMAGE}

  OUTPUT ${UPDATE_SIGNED_HEX}

  COMMAND ${CMAKE_COMMAND} -E env PYTHONPATH=${ZEPHYR_MCUBOOT_MODULE_DIR}/scripts

    ${PYTHON_EXECUTABLE}

    ${TFM_MCUBOOT_DIR}/scripts/wrapper/wrapper.py

    --layout "${CMAKE_BINARY_DIR}/tfm/bl2/ext/mcuboot/CMakeFiles/signing_layout_ns.dir/signing_layout_ns.o"

    -k ${CONFIG_TFM_KEY_FILE_NS}

    --public-key-format "full"

    --align 1

    -v ${CONFIG_APP_FIRMWARE_UPDATE_IMAGE_VERSION}

    --pad

    -s auto

    -H ${CONFIG_ROM_START_OFFSET}

    ${CONFIG_APP_FIRMWARE_UPDATE_IMAGE}

    ${UPDATE_SIGNED_HEX}

)

# Node (3) in the above graphic

add_custom_command(

  OUTPUT ${UPDATE_HEADER_BIN}

  OUTPUT ${UPDATE_BIN}

  DEPENDS ${UPDATE_SIGNED_HEX}

  COMMAND ${PYTHON_EXECUTABLE}

    ${CMAKE_CURRENT_LIST_DIR}/split-header.py

    ${UPDATE_SIGNED_HEX}

    ${UPDATE_BIN}

    ${UPDATE_HEADER_BIN}

)

# Node (4) in the above graphic

add_custom_command(

  OUTPUT ${UPDATE_HEADER_OBJ}

  DEPENDS ${UPDATE_HEADER_BIN}

  COMMAND ${CMAKE_OBJCOPY} -I binary -O elf32-littlearm -B arm

    ${UPDATE_HEADER_BIN}

    ${UPDATE_HEADER_OBJ}

)

# Node (5) in the above graphic

add_custom_command(

  OUTPUT ${UPDATE_OBJ}

  DEPENDS ${UPDATE_BIN}

  COMMAND ${CMAKE_OBJCOPY} -I binary -O elf32-littlearm -B arm

    ${UPDATE_BIN}

    ${UPDATE_OBJ}

)

# Source files in this sample

# Node (6) in the above graphic

target_sources(app PRIVATE src/main.c ${UPDATE_OBJ} ${UPDATE_HEADER_OBJ})

target_include_directories(app PRIVATE

  $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/install/interface/include

)

# Private config options for PSA firmware application

# Copyright (c) 2021 Linaro

# SPDX-License-Identifier: Apache-2.0

mainmenu "PSA firmware sample application"

menu "Application configuration"

module = APP

module-str = app

source "subsys/logging/Kconfig.template.log_config"

endmenu

config APP_FIRMWARE_UPDATE_IMAGE

	string "Firmware update image to update to"

	help

	  This required option specifies the path to an image that this

	  exapmle will update to.

	default "$(shell, dirname $(filename))/boards/hello-an547.hex" if BOARD_MPS3_AN547

config APP_FIRMWARE_UPDATE_IMAGE_VERSION

	string "Version of the new image to update to"

	default "0.0.2+0"

source "Kconfig.zephyr"

.. _tfm_psa_firmware:

TF-M PSA Firmware

#################

Overview

********

This TF-M integration example demonstrates how to use the PSA Firmware API

to retrieve information about the current firmware, or implement a custom

firmware update process.

Trusted Firmware (TF-M) Platform Security Architecture (PSA) APIs

are used for the secure processing environment, with Zephyr running in the

non-secure processing environment.

It uses **IPC Mode** for communication, where an IPC mechanism is inserted to

handle secure TF-M API calls and responses. The OS-specific code to handle

the IPC calls is in ``tfm_ipc.c``.

TF-M supports three types of firmware upgrade mechanisms:

``https://tf-m-user-guide.trustedfirmware.org/docs/technical_references/design_docs/tfm_secure_boot.html#firmware-upgrade-operation``

This example uses the overwrite firmware upgrade mechanism, in particular, it showcases

upgrading the non-secure image which can be built from any other sample in the

``zephyr/samples`` directory.

The sample prints test info to the console either as a single-thread or

multi-thread application.

Building and Running

********************

This project needs another firmware as the update payload. It must use another

example's hex file, and should be specified on the command line

as ``CONFIG_APP_FIRMWARE_UPDATE_IMAGE``.

To use the ``tfm_integration/tfm_ipc`` sample as the NS firmware update

payload, follow the instructions below:

This sample will only build on a Linux or macOS development system

(not Windows), and has been tested on the following setups:

- macOS Big Sur using QEMU 6.0.0 with gcc-arm-none-eabi-9-2020-q2-update

- Linux (NixOS) using QEMU 6.2.0 with gcc from Zephyr SDK 0.14.1

- Targets ``MPS3 AN547`` and ``NXP LPCXPRESSO55S69``

On MPS3 AN547:

===============

Build:

======

1. Build the ``tfm_ipc`` sample with the non-secure board configuration, which will

generate the firmware image we'll use in ``psa_firmware`` during the update:

.. zephyr-app-commands::

   :zephyr-app: samples/tfm_integration/tfm_ipc

   :host-os: unix

   :board: mps3_an547_ns

   :goals: build

   :build-dir: build/tfm_ipc

   :compact:

2. Build psa_firmware

.. zephyr-app-commands::

   :zephyr-app: samples/tfm_integration/psa_firmware

   :host-os: unix

   :board: mps3_an547_ns

   :goals: build

   :build-dir: build/psa_firmware

   :gen-args: -DCONFIG_APP_FIRMWARE_UPDATE_IMAGE=\"full/path/to/zephyr/build/tfm_ipc/zephyr/zephyr.hex\"

   :compact:

Note:

This sample includes a pre-built firmware image (``hello-an547.hex``) in the ``boards``

directory. If you don't pass the ``CONFIG_APP_FIRMWARE_UPDATE_IMAGE`` command

line argument during step 2 (``-- -DCONFIG_APP_FIRMWARE_UPDATE_IMAGE=...``),

this sample will automatically uses the pre-built hex file.

Run in real target:

===================

1. Copy application binary files (mcuboot.bin and tfm_sign.bin) to

   ``<MPS3 device name>/SOFTWARE/``.

2. Edit (e.g., with vim) the ``<MPS3 device name>/MB/HBI0263C/AN547/images.txt``

   file, and update it as shown below:

   .. code-block:: bash

      TITLE: Versatile Express Images Configuration File

      [IMAGES]

      TOTALIMAGES: 2 ;Number of Images (Max: 32)

      IMAGE0ADDRESS: 0x10000000

      IMAGE0FILE: \SOFTWARE\mcuboot.bin  ; BL2 bootloader

      IMAGE1ADDRESS: 0x10080000

      IMAGE1FILE: \SOFTWARE\tfm_sign.bin ; TF-M with application binary blob

3. Save the file, exit the editor, and reset the MPS3 board.

Run in QEMU:

============

.. zephyr-app-commands::

   :zephyr-app: samples/tfm_integration/psa_firmware

   :host-os: unix

   :board: mps3_an547_ns

   :goals: run

   :build-dir: build/psa_firmware

   :gen-args: -DCONFIG_APP_FIRMWARE_UPDATE_IMAGE=\"full/path/to/zephyr/build/tfm_ipc/zephyr/zephyr.hex\"

   :compact:

On LPCxpresso55S69:

===================

1. Build the ``tfm_ipc`` sample with the non-secure board configuration, which will

generate the firmware image we'll use in ``psa_firmware`` during the update:

.. zephyr-app-commands::

   :zephyr-app: samples/tfm_integration/tfm_ipc

   :host-os: unix

   :board: lpcxpresso55s69_ns

   :goals: build

   :build-dir: build/tfm_ipc

   :compact:

2. Build psa_firmware:

.. zephyr-app-commands::

   :zephyr-app: samples/tfm_integration/psa_firmware

   :host-os: unix

   :board: lpcxpresso55s69_ns

   :goals: build

   :build-dir: build/psa_firmware

   :gen-args: -DCONFIG_APP_FIRMWARE_UPDATE_IMAGE=\"full/path/to/zephyr/build/tfm_ipc/zephyr/zephyr.hex\"

   :compact:

Make sure your board is set up with :ref:`lpclink2-jlink-onboard-debug-probe`,

since this isn't the debug interface boards ship with from the factory;

Next we need to manually flash the resulting image (``tfm_merged.bin``) with a

J-Link as follows:

   .. code-block:: console

      JLinkExe -device lpc55s69 -if swd -speed 2000 -autoconnect 1

      J-Link>r

      J-Link>erase

      J-Link>loadfile build/tfm_merged.bin

Resetting the board and erasing it will unlock the board, this is useful in case

it's in an unknown state and can't be flashed.

We need to reset the board manually after flashing the image to run this code.

Sample Output

=============

   .. code-block:: console

      [INF] Beginning TF-M provisioning

      [WRN] TFM_DUMMY_PROVISIONING is not suitable for production! This device is NOT SECURE

      [Sec Thread] Secure image initializing!

      Booting TF-M v1.6.0+8cffe127

      Creating an empty ITS flash layout.

      Creating an empty PS flash layout.

      *** Booting Zephyr OS build zephyr-v3.1.0-3851-g2bef8051b2fc  ***

      PSA Firmware API test

      Active S image version: 0.0.3-0

      Active NS image version: 0.0.1-0

      Starting FWU; Writing Firmware from 21000000 size 17802 bytes

      Wrote Firmware; Writing Header from 2100458a size    16 bytes

      Wrote Header; Installing Image

      Installed New Firmware; Reboot Needed; Rebooting

      [WRN] This device was provisioned with dummy keys. This device is NOT SECURE

      [Sec Thread] Secure image initializing!

      Booting TF-M v1.6.0+8cffe127

      *** Booting Zephyr OS build zephyr-v3.1.0-3851-g2bef8051b2fc  ***

      The version of the PSA Framework API is 257.

      The minor version is 1.

      Connect success!

      TF-M IPC on mps3_an547

Common Problems

***************

Compilation fails with ``Error: Header padding was not requested...``

=====================================================================

This error occurs when passing a signed image to ``CONFIG_APP_FIRMWARE_UPDATE_IMAGE``

on the command line, ex: ``zephyr_ns_signed.hex``.

Make sure you pass an unsigned, non-secure image (ex. ``zephyr.hex``) to ``CONFIG_APP_FIRMWARE_UPDATE_IMAGE``.

CONFIG_LOG=y

CONFIG_LOG_RUNTIME_FILTERING=y

CONFIG_LOG_BUFFER_SIZE=2048

CONFIG_LOG_PROCESS_TRIGGER_THRESHOLD=0

CONFIG_LOG_DEFAULT_LEVEL=4

CONFIG_BUILD_WITH_TFM=y

CONFIG_TFM_PROFILE_TYPE_NOT_SET=y

CONFIG_TFM_BL2=y

CONFIG_TFM_IPC=y

CONFIG_TFM_PARTITION_FIRMWARE_UPDATE=y

CONFIG_TFM_IMAGE_VERSION_S="0.0.3"

CONFIG_TFM_IMAGE_VERSION_NS="0.0.1"

# The Zephyr CMSIS emulation assumes that ticks are ms, currently

CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000

CONFIG_MAIN_STACK_SIZE=4096

CONFIG_HEAP_MEM_POOL_SIZE=4096