Secure Partition Manager on nRF9160

This blog is to introduce the secure partition manager on Nordic nRF9160.

The Secure Partition Manager sample provides a reference use of the System Protection Unit peripheral. This firmware is required to set up the nRF9160 DK so that it can run user applications in the non-secure domain.

Overview

The sample uses the SPM to configure secure attributions for the nRF9160 SiP and jump into the non-secure application.

The SPM utilizes the SPU peripheral to configure security attributions for the nRF9160 flash, SRAM, and peripherals. After the configuration setup is complete, the sample loads the application firmware that is located on the device.

Security attribution configuration

See the Secure Partition Manager (SPM) subsystem for information about the security attribution configuration that is applied.

If your application requires a different security attribution configuration, you must update the SPM sample code to reflect this.

Secure Services

The SPM can provide access to secure services to the application firmware. See the Secure Partition Manager (SPM) library for information about the available services. See the nRF9160: Secure Services Sample for example code for using the secure services.

Secure vs. nonsecure

The new TrustZone technology that comes with the Arm Cortex-M33 processor makes it possible to create two environments that can run simultaneously using the same CPU; a secure environment and a non-secure environment. This makes the application more protected from attackers, with the drawback of increased complexity. This section will try to give you a better understanding of this new feature, and how it affects the development process.

A firmware image can be built as Secure or Non-Secure. If a firmware image is built as Secure it will run in the Secure domain and has access to resources (peripherals, memory areas, etc..) configured as Secure. Conversely, a Non-Secure firmware can only access Non-Secure resources.

The System protection unit (SPU) peripheral in nRF9160 makes it possible to manage the CPU access to peripherals and memory regions. It does so by configuring the permissions of specific RAM and flash regions and setting the security attributes of peripherals. If a RAM or Flash region’s permission is set as secure, only Secure firmware has access. If a peripheral is configured as Non-Secure, it is mapped to the Non-Secure peripheral address space (0x4xxx_xxxx), and a Secure configuration maps the peripheral to the Secure address space (0x5xxx_xxxx). At reset, all the peripherals are set to Secure.

In order to run a non-secure application, one has to use the SPU to configure the resources as Non-Secure. Luckily, there is already a library with functions that simplifies this process, the Secure Partition Manager (SPM) library. The library is located in <sourcecode_root>/ncs/nrf/subsys/spm. Its API consists of two functions: spm_config() and spm_jump().The function spm_config() will set the security attribute of the peripherals depending on the default configurations in its associated Kconfig file. It will set the flash regions after the SPM location, as Non-Secure, while the RAM regions after the first 64 kB are set as Non-Secure. The function spm_jump() will make the application jump to a Non-Secure partition (e.g. the non-secure user application). The Secure Partition Manager sample uses this library and runs the mentioned functions. Its location is <sourcecode_root>ncs/nrf/samples/nrf9160/spm. By building and flashing this sample in addition to the main application, the main application will run in the non-secure domain.

How to configure the application running either secure region or non-secure region.

To build an application in the non-secure area, you select ‘nrf9160_pca10090ns’ as the board when building the application.

(It is not actually necessary to add the ‘CONFIG_TRUSTED_EXECUTION_NONSECURE=y’ (it was before) in the application prj.conf, since this is set as default when you build the application with the ‘ns’ board.) 

Note: When you build an application as non-secure it will automatically merge the SPM with that application.

When you build your application as ‘ns’ – Non-secure, ‘west’ will also automatically build the SPM sample (secure) and merge that with your application. You do not need to configure anything to make this happen also described in the documentation.
So when you are building an application it uses these default configurations described in detailed here on how it works.

Configuration on the SPM region Memory Layout

Those are default set here.

It is possible to change this in the device tree option in segger:

If you have further comment, welcome to put here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.