boards: arm: Add support for TF-M in nRF9160 DK

  zephyr_library()

  zephyr_library_sources(nrf52840_reset.c)

endif()

if (CONFIG_BUILD_WITH_TFM)

	# Set default image versions if not defined elsewhere

	if (NOT DEFINED TFM_IMAGE_VERSION_S)

		set(TFM_IMAGE_VERSION_S 0.0.0+0)

	endif()

	if (NOT DEFINED TFM_IMAGE_VERSION_NS)

		set(TFM_IMAGE_VERSION_NS 0.0.0+0)

	endif()

	set(PREPROCESSED_FILE_S "${CMAKE_BINARY_DIR}/tfm/bl2/ext/mcuboot/CMakeFiles/signing_layout_s.dir/signing_layout_s.o")

	set(PREPROCESSED_FILE_NS "${CMAKE_BINARY_DIR}/tfm/bl2/ext/mcuboot/CMakeFiles/signing_layout_ns.dir/signing_layout_ns.o")

	set(TFM_MCUBOOT_DIR "${ZEPHYR_TFM_MODULE_DIR}/trusted-firmware-m/bl2/ext/mcuboot")

	# Configure which format (full or hash) to include the public key in

	# the image manifest

	if(NOT DEFINED TFM_PUBLIC_KEY_FORMAT)

		set(TFM_PUBLIC_KEY_FORMAT "full")

	endif()

	# Set srec_cat binary name

	find_program(SREC_CAT srec_cat)

	if(${SREC_CAT} STREQUAL SREC_CAT-NOTFOUND)

	    message(FATAL_ERROR "'srec_cat' not found. Please install it, or add it to $PATH.")

	endif()

	#Create and sign for concatenated binary image, should align with the TF-M BL2

	set_property(GLOBAL APPEND PROPERTY extra_post_build_commands

		#Sign secure binary image with public key

		COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/wrapper/wrapper.py

			 --layout ${PREPROCESSED_FILE_S}

			 -k ${CONFIG_TFM_KEY_FILE_S}

			 --public-key-format ${TFM_PUBLIC_KEY_FORMAT}

			 --align 1

			 -v ${TFM_IMAGE_VERSION_S}

			 --pad

			 --pad-header

			 ${ADD_NS_IMAGE_MIN_VER}

			 -s auto

			 -H 0x400

			 ${CMAKE_BINARY_DIR}/tfm/install/outputs/NORDIC_NRF/NRF9160DK_NRF9160/tfm_s.bin

			 ${CMAKE_BINARY_DIR}/tfm_s_signed.bin

		#Sign non-secure binary image with public key

		COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/wrapper/wrapper.py

			 --layout ${PREPROCESSED_FILE_NS}

			 -k ${CONFIG_TFM_KEY_FILE_NS}

			 --public-key-format ${TFM_PUBLIC_KEY_FORMAT}

			 --align 1

			 -v ${TFM_IMAGE_VERSION_NS}

			 -s auto

			 ${ADD_S_IMAGE_MIN_VER}

			 -H 0x400

			 ${CMAKE_BINARY_DIR}/zephyr/${KERNEL_BIN_NAME}

			 ${CMAKE_BINARY_DIR}/zephyr_ns_signed.bin

		#Create concatenated binary image from the two independently signed binary files

		COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/assemble.py

		     --layout ${PREPROCESSED_FILE_S}

			 -s ${CMAKE_BINARY_DIR}/tfm_s_signed.bin

			 -n ${CMAKE_BINARY_DIR}/zephyr_ns_signed.bin

			 -o ${CMAKE_BINARY_DIR}/tfm_sign.bin

		#Copy mcuboot.bin

		COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_BINARY_DIR}/tfm/bin/bl2.bin ${CMAKE_BINARY_DIR}/mcuboot.bin

		# Generate an intel hex file from the signed output binary

		COMMAND srec_cat ${CMAKE_BINARY_DIR}/tfm_sign.bin

		-binary

		-offset 0x10000

		-o ${CMAKE_BINARY_DIR}/tfm_sign.hex

		-intel

		# Copy tfm_sign.hex to zephyr

		COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_BINARY_DIR}/tfm_sign.hex ${CMAKE_BINARY_DIR}/zephyr/${KERNEL_HEX_NAME}

	)

endif()

# SPDX-License-Identifier: Apache-2.0

# Set the corresponding TF-M target platform when building for the Non-Secure

# version of the board (Application MCU).

if(CONFIG_BOARD_NRF9160DK_NRF9160NS)

  set(TFM_TARGET_PLATFORM "nordic_nrf/nrf9160dk_nrf9160")

  set(TFM_PUBLIC_KEY_FORMAT "full")

endif()

board_runner_args(nrfjprog "--nrf-family=NRF91")

board_runner_args(jlink "--device=cortex-m33" "--speed=4000")

include(${ZEPHYR_BASE}/boards/common/nrfjprog.board.cmake)

/*

 * Copyright (c) 2020 Nordic Semiconductor ASA.

 *

 * SPDX-License-Identifier: Apache-2.0

 */

/* Modify the SRAM partitioning to accommodate the requirements

 * for the Secure (TF-M) firmware for the configuration that is

 * used in this sample.

 */

/* Increase the size of the Secure Firmware (TF-M).

 * This modification is not required at the moment,

 * since TF-M region definitions are configured

 * statically in the TF-M project.

 */

&sram0_s {

	reg = <0x20000000 DT_SIZE_K(88)>;

};

/* Decrease the size of the Non-Secure Firmware (Zephyr),

 * and move its starting address to the offset expected by

 * TF-M.

 */

/delete-node/ &sram0_ns;

/ {

	reserved-memory {

		sram0_ns: image_ns@20016000 {

			reg = <0x20016000 DT_SIZE_K(168)>;

		};

	};

};

/* Disable UART1, because it is used by default in TF-M */

&uart1 {

	status = "disabled";

};

    sample.tfm_ipc:

        tags: introduction

        platform_allow: mps2_an521_nonsecure lpcxpresso55s69_ns nrf5340pdk_nrf5340_cpuappns

          nrf9160dk_nrf9160ns

        harness: console

        harness_config:

          type: multi_line

/*

 * Copyright (c) 2020 Nordic Semiconductor ASA.

 *

 * SPDX-License-Identifier: Apache-2.0

 */

/* Modify the SRAM partitioning to accommodate the requirements

 * for the Secure (TF-M) firmware for the configuration that is

 * used in this sample.

 */

/* Increase the size of the Secure Firmware (TF-M).

 * This modification is not required at the moment,

 * since TF-M region definitions are configured

 * statically in the TF-M project.

 */

&sram0_s {

	reg = <0x20000000 DT_SIZE_K(88)>;

};

/* Decrease the size of the Non-Secure Firmware (Zephyr),

 * and move its starting address to the offset expected by

 * TF-M.

 */

/delete-node/ &sram0_ns;

/ {

	reserved-memory {

		sram0_ns: image_ns@20016000 {

			reg = <0x20016000 DT_SIZE_K(168)>;

		};

	};

};

/* Disable UART1, because it is used by default in TF-M */

&uart1 {

	status = "disabled";

};