From bbb660fd00fadb2280fc557b20f9595905c6e1e9 Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Fri, 8 Mar 2024 16:01:11 +0100 Subject: [PATCH 1/5] [nrf fromtree] soc: nordic: nrf54l: Remove redundant option The option SOC_NRF54L_GLITCHDET_WORKAROUND is not needed anymore becuase the glitch detector is already disabled in the Nordic MDK in the hal_nordic repo. File path in hal_nordic: nrfx/mdk/system_nrf54l.c Signed-off-by: Georgios Vasilakis (cherry picked from commit 0bc547ea3bb3f2d254c0ecb0e06583f04be71366) --- soc/arm/nordic_nrf/nrf54l/Kconfig.soc | 6 ------ soc/arm/nordic_nrf/nrf54l/soc.c | 4 ---- 2 files changed, 10 deletions(-) diff --git a/soc/arm/nordic_nrf/nrf54l/Kconfig.soc b/soc/arm/nordic_nrf/nrf54l/Kconfig.soc index c42c8cfc9b3..915b1e4b2d2 100644 --- a/soc/arm/nordic_nrf/nrf54l/Kconfig.soc +++ b/soc/arm/nordic_nrf/nrf54l/Kconfig.soc @@ -47,12 +47,6 @@ config SOC_NRF54L_VREG_MAIN_DCDC config SOC_NRF54L_NORMAL_VOLTAGE_MODE bool "NRF54L Normal Voltage Mode." -config SOC_NRF54L_GLITCHDET_WORKAROUND - bool "Workaround that disables glitch detector" - default y - help - Temporary workaround - disabling glitch detector to limit power consumption. - if NRF_GRTC_TIMER config ELV_GRTC_LFXO_ALLOWED diff --git a/soc/arm/nordic_nrf/nrf54l/soc.c b/soc/arm/nordic_nrf/nrf54l/soc.c index a7b286fa048..6af0ff4ebcd 100644 --- a/soc/arm/nordic_nrf/nrf54l/soc.c +++ b/soc/arm/nordic_nrf/nrf54l/soc.c @@ -42,10 +42,6 @@ static int nordicsemi_nrf54l_init(void) /* Enable ICACHE */ sys_cache_instr_enable(); - if (IS_ENABLED(CONFIG_SOC_NRF54L_GLITCHDET_WORKAROUND)) { - nrf_glitchdet_enable_set(NRF_GLITCHDET, false); - } - #if DT_ENUM_HAS_VALUE(LFXO_NODE, load_capacitors, internal) uint32_t xosc32ktrim = NRF_FICR->XOSC32KTRIM; From e386fe4a310daa70a70f6b1245422fbc4f24dc77 Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Fri, 8 Mar 2024 13:26:21 +0100 Subject: [PATCH 2/5] [nrf fromlist] soc: nordic: Refactor soc_secure.h The soc_secure_* function are used by the non-secure application to access hardware resources which are mapped as secure. Using these functions for hardware resources mapped as non-secure is missleading. We have some soc_secure_* functions which read FICR values. In nRF91 and nRF53 platforms this made sense since FICR has hardware fixed mapping as secure. For nRF54 though the FICR has hardware fixed mapping as non-secure. This change refactors the soc_secure.h to exclude the functions which read FICR values from being included when FICR is mapped as non-secure. Also updates the hwinfo and ieee802154 drivers to adjust to this change. Upstream PR: https://github.com/zephyrproject-rtos/zephyr/pull/69968 Signed-off-by: Georgios Vasilakis --- drivers/hwinfo/hwinfo_nrf.c | 12 ++++- drivers/ieee802154/ieee802154_nrf5.c | 11 +++++ soc/arm/nordic_nrf/common/soc_secure.h | 64 +++++++++++++------------- 3 files changed, 54 insertions(+), 33 deletions(-) diff --git a/drivers/hwinfo/hwinfo_nrf.c b/drivers/hwinfo/hwinfo_nrf.c index 4375cf05b2f..8b644f2f60e 100644 --- a/drivers/hwinfo/hwinfo_nrf.c +++ b/drivers/hwinfo/hwinfo_nrf.c @@ -7,12 +7,17 @@ #include #include #include -#include #include #ifndef CONFIG_BOARD_QEMU_CORTEX_M0 #include #endif + +#if defined(CONFIG_TRUSTED_EXECUTION_NONSECURE) && defined(NRF_FICR_S) #include +#else +#include +#endif + struct nrf_uid { uint32_t id[2]; }; @@ -22,7 +27,12 @@ ssize_t z_impl_hwinfo_get_device_id(uint8_t *buffer, size_t length) struct nrf_uid dev_id; uint32_t deviceid[2]; +#if defined(CONFIG_TRUSTED_EXECUTION_NONSECURE) && defined(NRF_FICR_S) soc_secure_read_deviceid(deviceid); +#else + deviceid[0] = nrf_ficr_deviceid_get(NRF_FICR, 0); + deviceid[1] = nrf_ficr_deviceid_get(NRF_FICR, 1); +#endif dev_id.id[0] = sys_cpu_to_be32(deviceid[1]); dev_id.id[1] = sys_cpu_to_be32(deviceid[0]); diff --git a/drivers/ieee802154/ieee802154_nrf5.c b/drivers/ieee802154/ieee802154_nrf5.c index 67b5431e9cc..4cbdd9eb607 100644 --- a/drivers/ieee802154/ieee802154_nrf5.c +++ b/drivers/ieee802154/ieee802154_nrf5.c @@ -25,7 +25,13 @@ LOG_MODULE_REGISTER(LOG_MODULE_NAME); #include #include + +#if defined(CONFIG_TRUSTED_EXECUTION_NONSECURE) && defined(NRF_FICR_S) #include +#else +#include +#endif + #include #include #include @@ -120,7 +126,12 @@ static void nrf5_get_eui64(uint8_t *mac) mac[index++] = (IEEE802154_NRF5_VENDOR_OUI >> 8) & 0xff; mac[index++] = IEEE802154_NRF5_VENDOR_OUI & 0xff; +#if defined(CONFIG_TRUSTED_EXECUTION_NONSECURE) && defined(NRF_FICR_S) soc_secure_read_deviceid(deviceid); +#else + deviceid[0] = nrf_ficr_deviceid_get(NRF_FICR, 0); + deviceid[1] = nrf_ficr_deviceid_get(NRF_FICR, 1); +#endif factoryAddress = (uint64_t)deviceid[EUI64_ADDR_HIGH] << 32; factoryAddress |= deviceid[EUI64_ADDR_LOW]; diff --git a/soc/arm/nordic_nrf/common/soc_secure.h b/soc/arm/nordic_nrf/common/soc_secure.h index d38d66ab488..28d18e9b4bb 100644 --- a/soc/arm/nordic_nrf/common/soc_secure.h +++ b/soc/arm/nordic_nrf/common/soc_secure.h @@ -9,20 +9,44 @@ #include #if defined(CONFIG_TRUSTED_EXECUTION_NONSECURE) +int soc_secure_mem_read(void *dst, void *src, size_t len); #if NRF_GPIO_HAS_SEL void soc_secure_gpio_pin_mcu_select(uint32_t pin_number, nrf_gpio_pin_sel_t mcu); #endif -int soc_secure_mem_read(void *dst, void *src, size_t len); +#else /* defined(CONFIG_TRUSTED_EXECUTION_NONSECURE) */ +static inline int soc_secure_mem_read(void *dst, void *src, size_t len) +{ + (void)memcpy(dst, src, len); + return 0; +} +#if NRF_GPIO_HAS_SEL +static inline void soc_secure_gpio_pin_mcu_select(uint32_t pin_number, nrf_gpio_pin_sel_t mcu) +{ + nrf_gpio_pin_control_select(pin_number, mcu); +} +#endif /* NRF_GPIO_HAS_SEL */ + +#endif /* defined CONFIG_TRUSTED_EXECUTION_NONSECURE */ +/* Include these soc_secure_* functions only when the FICR is mapped as secure only */ +#if defined(NRF_FICR_S) +#if defined(CONFIG_TRUSTED_EXECUTION_NONSECURE) +static inline void soc_secure_read_deviceid(uint32_t deviceid[2]) +{ + int err; + + err = soc_secure_mem_read(deviceid, (void *)&NRF_FICR_S->INFO.DEVICEID, + 2 * sizeof(uint32_t)); + __ASSERT(err == 0, "Secure read error (%d)", err); +} #if defined(CONFIG_SOC_HFXO_CAP_INTERNAL) static inline uint32_t soc_secure_read_xosc32mtrim(void) { uint32_t xosc32mtrim; int err; - err = soc_secure_mem_read(&xosc32mtrim, - (void *)&NRF_FICR_S->XOSC32MTRIM, + err = soc_secure_mem_read(&xosc32mtrim, (void *)&NRF_FICR_S->XOSC32MTRIM, sizeof(xosc32mtrim)); __ASSERT(err == 0, "Secure read error (%d)", err); @@ -30,42 +54,18 @@ static inline uint32_t soc_secure_read_xosc32mtrim(void) } #endif /* defined(CONFIG_SOC_HFXO_CAP_INTERNAL) */ -static inline void soc_secure_read_deviceid(uint32_t deviceid[2]) -{ - int err; - - err = soc_secure_mem_read(deviceid, - (void *)&NRF_FICR_S->INFO.DEVICEID, - 2 * sizeof(uint32_t)); - __ASSERT(err == 0, "Secure read error (%d)", err); -} - #else /* defined(CONFIG_TRUSTED_EXECUTION_NONSECURE) */ - -static inline int soc_secure_mem_read(void *dst, void *src, size_t len) -{ - (void)memcpy(dst, src, len); - return 0; -} - -#if NRF_GPIO_HAS_SEL -static inline void soc_secure_gpio_pin_mcu_select(uint32_t pin_number, - nrf_gpio_pin_sel_t mcu) +static inline void soc_secure_read_deviceid(uint32_t deviceid[2]) { - nrf_gpio_pin_control_select(pin_number, mcu); + deviceid[0] = nrf_ficr_deviceid_get(NRF_FICR_S, 0); + deviceid[1] = nrf_ficr_deviceid_get(NRF_FICR_S, 1); } -#endif /* NRF_GPIO_HAS_SEL */ - #if defined(CONFIG_SOC_HFXO_CAP_INTERNAL) static inline uint32_t soc_secure_read_xosc32mtrim(void) { - return NRF_FICR->XOSC32MTRIM; + return NRF_FICR_S->XOSC32MTRIM; } #endif /* defined(CONFIG_SOC_HFXO_CAP_INTERNAL) */ -static inline void soc_secure_read_deviceid(uint32_t deviceid[2]) -{ - deviceid[0] = nrf_ficr_deviceid_get(NRF_FICR, 0); - deviceid[1] = nrf_ficr_deviceid_get(NRF_FICR, 1); -} #endif /* defined CONFIG_TRUSTED_EXECUTION_NONSECURE */ +#endif /* defined(NRF_FICR_S) */ From d65a922eee5cf286a2a69e8a5a2d8ef13b54e8a6 Mon Sep 17 00:00:00 2001 From: Magdalena Pastula Date: Tue, 12 Mar 2024 17:32:53 +0100 Subject: [PATCH 3/5] [nrf fromtree] soc: nordic: nrf54l: add two new Kconfig options Add SOC_NRF54LX_DISABLE_FICR_TRIMCNF and SOC_NRF54LX_SKIP_GLITCHDETECTOR_DISABLE config options. Signed-off-by: Magdalena Pastula (cherry picked from commit b0b4bc0517d801d2d21b7c0860d5bf4677451817) --- soc/arm/nordic_nrf/nrf54l/Kconfig.soc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/soc/arm/nordic_nrf/nrf54l/Kconfig.soc b/soc/arm/nordic_nrf/nrf54l/Kconfig.soc index 915b1e4b2d2..18c2517df92 100644 --- a/soc/arm/nordic_nrf/nrf54l/Kconfig.soc +++ b/soc/arm/nordic_nrf/nrf54l/Kconfig.soc @@ -31,6 +31,22 @@ config SOC_NRF54LX_SKIP_CLOCK_CONFIG With this option, the CPU clock frequency is not set during system initialization. The CPU runs with the default, hardware-selected frequency. +config SOC_NRF54LX_DISABLE_FICR_TRIMCNF + bool "Disable trimming of the device" + default y if TRUSTED_EXECUTION_NONSECURE + help + Disable trimming of the device. When the device is trimmed it + will copy all the trimming values from FICR into the target + addresses. When TF-M is enabled it will trim the device before + booting this image. + +config SOC_NRF54LX_SKIP_GLITCHDETECTOR_DISABLE + bool "Skip disabling glitch detector" + default n + help + With this option, the glitch detector is not disabled during system initialization. + The CPU runs with the default state of glitch detector. + config SOC_NRF_FORCE_CONSTLAT bool "Force constant-latency mode" help From 10f3cc758527417d49789d80223567ae8acbb85f Mon Sep 17 00:00:00 2001 From: Magdalena Pastula Date: Tue, 12 Mar 2024 17:33:59 +0100 Subject: [PATCH 4/5] [nrf fromtree] modules: hal_nordic: nrfx: propagate new configs to nrfx Add support for propagating SOC_NRF54LX_DISABLE_FICR_TRIMCNF and SOC_NRF54LX_SKIP_GLITCHDETECTOR_DISABLE values to nrfx. Signed-off-by: Magdalena Pastula (cherry picked from commit 92f1b3ff96901a706bc5b144281117ddab6311a5) --- modules/hal_nordic/nrfx/CMakeLists.txt | 2 ++ soc/arm/nordic_nrf/nrf54l/Kconfig.soc | 5 ++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/hal_nordic/nrfx/CMakeLists.txt b/modules/hal_nordic/nrfx/CMakeLists.txt index 13ee18db7a6..597c91dbad9 100644 --- a/modules/hal_nordic/nrfx/CMakeLists.txt +++ b/modules/hal_nordic/nrfx/CMakeLists.txt @@ -157,6 +157,8 @@ if(CONFIG_SOC_NRF54L15) endif() zephyr_compile_definitions_ifdef(CONFIG_SOC_NRF54LX_SKIP_CLOCK_CONFIG NRF_SKIP_CLOCK_CONFIGURATION) +zephyr_compile_definitions_ifdef(CONFIG_SOC_NRF54LX_DISABLE_FICR_TRIMCNF NRF_DISABLE_FICR_TRIMCNF) +zephyr_compile_definitions_ifdef(CONFIG_SOC_NRF54LX_SKIP_GLITCHDETECTOR_DISABLE NRF_SKIP_GLITCHDETECTOR_DISABLE) if(CONFIG_SOC_SERIES_NRF54LX AND CONFIG_NRFX_DPPI) zephyr_library_sources(${HELPERS_DIR}/nrfx_gppi_dppi_ppib_lumos.c) diff --git a/soc/arm/nordic_nrf/nrf54l/Kconfig.soc b/soc/arm/nordic_nrf/nrf54l/Kconfig.soc index 18c2517df92..f8eadd1388d 100644 --- a/soc/arm/nordic_nrf/nrf54l/Kconfig.soc +++ b/soc/arm/nordic_nrf/nrf54l/Kconfig.soc @@ -37,12 +37,11 @@ config SOC_NRF54LX_DISABLE_FICR_TRIMCNF help Disable trimming of the device. When the device is trimmed it will copy all the trimming values from FICR into the target - addresses. When TF-M is enabled it will trim the device before - booting this image. + addresses. config SOC_NRF54LX_SKIP_GLITCHDETECTOR_DISABLE bool "Skip disabling glitch detector" - default n + default y if TRUSTED_EXECUTION_NONSECURE help With this option, the glitch detector is not disabled during system initialization. The CPU runs with the default state of glitch detector. From b763682964e03b8ec568815639476aa05d8b921c Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Fri, 15 Mar 2024 21:14:52 +0100 Subject: [PATCH 5/5] [nrf noup] modules: mbedtls: add PSA configurations fixup! [nrf noup] modules: mbedtls: add PSA configurations PSA_HAS_KEY_AGREEMENT needs to be selected if at least one of the two key agreement algorithms ECDH/FFDH is enabled. Ref: NCSDK-26277 Signed-off-by: Georgios Vasilakis --- modules/mbedtls/Kconfig.psa | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/mbedtls/Kconfig.psa b/modules/mbedtls/Kconfig.psa index bbd60a9e8d8..9a0be3c4063 100644 --- a/modules/mbedtls/Kconfig.psa +++ b/modules/mbedtls/Kconfig.psa @@ -517,8 +517,7 @@ menu "PSA Key agreement support" config PSA_HAS_KEY_AGREEMENT bool default y - depends on PSA_WANT_ALG_ECDH - depends on PSA_WANT_ALG_FFDH + depends on PSA_WANT_ALG_ECDH || PSA_WANT_ALG_FFDH help Promt-less configuration that states that key agreement is supported.