This blog is to introduce the secure partition manager on Nordic nRF9160.
The Secure Partition Manager sample provides a reference use of the System Protection Unit peripheral. This firmware is required to set up the nRF9160 DK so that it can run user applications in the non-secure domain.
The sample uses the SPM to configure secure attributions for the nRF9160 SiP and jump into the non-secure application.
The SPM utilizes the SPU peripheral to configure security attributions for the nRF9160 flash, SRAM, and peripherals. After the configuration setup is complete, the sample loads the application firmware that is located on the device.
Security attribution configuration
See the Secure Partition Manager (SPM) subsystem for information about the security attribution configuration that is applied.
If your application requires a different security attribution configuration, you must update the SPM sample code to reflect this.
The SPM can provide access to secure services to the application firmware. See the Secure Partition Manager (SPM) library for information about the available services. See the nRF9160: Secure Services Sample for example code for using the secure services.
Secure vs. nonsecure
The new TrustZone technology that comes with the Arm Cortex-M33 processor makes it possible to create two environments that can run simultaneously using the same CPU; a secure environment and a non-secure environment. This makes the application more protected from attackers, with the drawback of increased complexity. This section will try to give you a better understanding of this new feature, and how it affects the development process.
A firmware image can be built as Secure or Non-Secure. If a firmware image is built as Secure it will run in the Secure domain and has access to resources (peripherals, memory areas, etc..) configured as Secure. Conversely, a Non-Secure firmware can only access Non-Secure resources.
The System protection unit (SPU) peripheral in nRF9160 makes it possible to manage the CPU access to peripherals and memory regions. It does so by configuring the permissions of specific RAM and flash regions and setting the security attributes of peripherals. If a RAM or Flash region’s permission is set as secure, only Secure firmware has access. If a peripheral is configured as Non-Secure, it is mapped to the Non-Secure peripheral address space (0x4xxx_xxxx), and a Secure configuration maps the peripheral to the Secure address space (0x5xxx_xxxx). At reset, all the peripherals are set to Secure.
In order to run a non-secure application, one has to use the SPU to configure the resources as Non-Secure. Luckily, there is already a library with functions that simplifies this process, the Secure Partition Manager (SPM) library. The library is located in <sourcecode_root>/ncs/nrf/subsys/spm. Its API consists of two functions:
spm_config() will set the security attribute of the peripherals depending on the default configurations in its associated Kconfig file. It will set the flash regions after the SPM location, as Non-Secure, while the RAM regions after the first 64 kB are set as Non-Secure. The function
spm_jump() will make the application jump to a Non-Secure partition (e.g. the non-secure user application). The Secure Partition Manager sample uses this library and runs the mentioned functions. Its location is <sourcecode_root>ncs/nrf/samples/nrf9160/spm. By building and flashing this sample in addition to the main application, the main application will run in the non-secure domain.
How to configure the application running either secure region or non-secure region.
To build an application in the non-secure area, you select ‘nrf9160_pca10090ns’ as the board when building the application.
(It is not actually necessary to add the ‘CONFIG_TRUSTED_EXECUTION_NONSECURE=y’ (it was before) in the application prj.conf, since this is set as default when you build the application with the ‘ns’ board.)
Note: When you build an application as non-secure it will automatically merge the SPM with that application.
When you build your application as ‘ns’ – Non-secure, ‘west’ will also automatically build the SPM sample (secure) and merge that with your application. You do not need to configure anything to make this happen also described in the documentation.
So when you are building an application it uses these default configurations described in detailed here on how it works.
Configuration on the SPM region Memory Layout
Those are default set here.
It is possible to change this in the device tree option in segger:
If you have further comment, welcome to put here.