nrfconnect · MarkusLassila · Aug 30, 2024 · Aug 30, 2024 · Aug 30, 2024 · Sep 4, 2024
@@ -25,37 +25,18 @@
 
 #include <zephyr/device.h>
 #include <sys/types.h>
+#include <dfu/pcd_common.h>
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-#ifdef CONFIG_SOC_SERIES_NRF53X
-
-#ifdef CONFIG_PCD_CMD_ADDRESS
-
-#define PCD_CMD_ADDRESS CONFIG_PCD_CMD_ADDRESS
-
-#else
-
-#include <pm_config.h>
-
-#ifdef PM_PCD_SRAM_ADDRESS
-#define PCD_CMD_ADDRESS PM_PCD_SRAM_ADDRESS
-#else
-/* extra '_' since its in a different domain */
-#define PCD_CMD_ADDRESS PM__PCD_SRAM_ADDRESS
-#endif /* PM_PCD_SRAM_ADDRESS */
-
-#endif /* CONFIG_PCD_CMD_ADDRESS */
-
-#endif /* CONFIG_SOC_SERIES_NRF53X */
-
 enum pcd_status {
 	PCD_STATUS_COPY = 0,
 	PCD_STATUS_DONE = 1,
 	PCD_STATUS_FAILED = 2,
 	PCD_STATUS_READ_VERSION = 3,
+	PCD_STATUS_LOCK_DEBUG = 4,
 };
 
 /** @brief Sets up the PCD command structure with the location and size of the
@@ -87,8 +68,10 @@ int pcd_network_core_update(const void *src_addr, size_t len);
 int pcd_network_core_update_initiate(const void *src_addr, size_t len);
 
 /** @brief Lock the RAM section used for IPC with the network core bootloader.
+ *
+ * @param lock_conf Lock configuration until next SoC reset.
  */
-void pcd_lock_ram(void);
+void pcd_lock_ram(bool lock_conf);
 
 /** @brief Update the PCD CMD to indicate that the operation has completed
  *         successfully.

@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+/** @file pcd_common.h
+ *
+ * @ingroup pcd
+ * @{
+ * @brief Common definitions for the PCD API.
+ *
+ * Common definitions are split out from the main PCD API to allow usage
+ * from non-Zephyr code.
+ */
+
+#ifndef PCD_COMMON_H__
+#define PCD_COMMON_H__
+
+#ifdef CONFIG_SOC_SERIES_NRF53X
+
+#ifdef CONFIG_PCD_CMD_ADDRESS
+
+#define PCD_CMD_ADDRESS CONFIG_PCD_CMD_ADDRESS
+
+#else
+
+#include <pm_config.h>
+
+#ifdef PM_PCD_SRAM_ADDRESS
+#define PCD_CMD_ADDRESS PM_PCD_SRAM_ADDRESS
+#else
+/* extra '_' since its in a different domain */
+#define PCD_CMD_ADDRESS PM__PCD_SRAM_ADDRESS
+#endif /* PM_PCD_SRAM_ADDRESS */
+
+#endif /* CONFIG_PCD_CMD_ADDRESS */
+
+#endif /* CONFIG_SOC_SERIES_NRF53X */
+
+/** Magic value written to indicate that a copy should take place. */
+#define PCD_CMD_MAGIC_COPY 0xb5b4b3b6
+/** Magic value written to indicate that debug should be locked. */
+#define PCD_CMD_MAGIC_LOCK_DEBUG 0xb6f249ec
+/** Magic value written to indicate that a something failed. */
+#define PCD_CMD_MAGIC_FAIL 0x25bafc15
+/** Magic value written to indicate that a copy is done. */
+#define PCD_CMD_MAGIC_DONE 0xf103ce5d
+/** Magic value written to indicate that a version number read should take place. */
+#define PCD_CMD_MAGIC_READ_VERSION 0xdca345ea
+
+struct pcd_cmd {
+	uint32_t magic;         /* Magic value to identify this structure in memory */
+	const void *data;       /* Data to copy*/
+	size_t len;             /* Number of bytes to copy */
+	__INTPTR_TYPE__ offset; /* Offset to store the flash image in */
+} __aligned(4);
+
+#endif /* PCD_COMMON_H__ */
+
+/**@} */
@@ -15,7 +15,7 @@ config PM_PARTITION_SIZE_TFM_SRAM
 	# assigning 0x16000 of RAM to TFM will not leave enough RAM for
 	# Matter. So we use 0x13000 of RAM on 54L.
 	default 0x13000 if SOC_SERIES_NRF54LX
-	default 0x16000 if SOC_SERIES_NRF91X
+	default 0x16000 if SOC_SERIES_NRF91X || SOC_SERIES_NRF53X
 	default 0x30000
 	help
 	  Memory set aside for the TFM_SRAM partition.

@@ -16,6 +16,67 @@
 #include "nrf_provisioning.h"
 #include <identity_key.h>
 #include <tfm_spm_log.h>
+#ifdef NRF53_SERIES
+#include <dfu/pcd_common.h>
+#include <spu.h>
+#include <hal/nrf_reset.h>
+
+#define DEBUG_LOCK_TIMEOUT_MS 3000
+#define USEC_IN_MSEC 1000
+#define USEC_IN_SEC 1000000
+
+volatile static struct pcd_cmd *cmd = (struct pcd_cmd *)PCD_CMD_ADDRESS;
+
+static void pcd_write_cmd_lock_debug(void)
+{
+	*cmd = (struct pcd_cmd){
+		.magic = PCD_CMD_MAGIC_LOCK_DEBUG,
+	};
+}
+
+static bool pcd_read_cmd_done(void)
+{
+	return cmd->magic == PCD_CMD_MAGIC_DONE;
+}
+
+static bool pcd_read_cmd_lock_debug(void)
+{
+	return cmd->magic == PCD_CMD_MAGIC_LOCK_DEBUG;
+}
+
+static enum tfm_plat_err_t disable_netcore_debug(void)
+{
+	/* NRF_RESET to secure. It will be configured non-secure after the provisioning is done. */
+	spu_peripheral_config_secure(NRF_RESET_S_BASE, SPU_LOCK_CONF_UNLOCKED);
+
+	/* Ensure that the network core is stopped. */
+	nrf_reset_network_force_off(NRF_RESET, true);
+
+	/* Debug lock command will be read in b0n startup. */
+	pcd_write_cmd_lock_debug();
+
+	/* Start the network core. */
+	nrf_reset_network_force_off(NRF_RESET, false);
+
+	/* Wait 1 second for the network core to start up. */
+	NRFX_DELAY_US(USEC_IN_SEC);
+
+	/* Wait for the debug lock to complete. */
+	for (uint16_t i = 0; i < DEBUG_LOCK_TIMEOUT_MS; i++) {
+		if (!pcd_read_cmd_lock_debug()) {
+			break;
+		}
+		NRFX_DELAY_US(USEC_IN_MSEC);
+	}
+
+	if (!pcd_read_cmd_done()) {
+		SPMLOG_ERRMSG("Failed to lock debug in network core.");
+		return TFM_PLAT_ERR_SYSTEM_ERR;
+	}
+
+	return TFM_PLAT_ERR_SUCCESS;
+}
+#endif /* NRF53_SERIES */
 
 static enum tfm_plat_err_t verify_debug_disabled(void)
 {
@@ -71,10 +132,18 @@ enum tfm_plat_err_t tfm_plat_provisioning_perform(void)
 	 * that secure boot is already enabled at this stage
 	 */
 
+	/* Application debug should already be disabled */
 	if (verify_debug_disabled() != TFM_PLAT_ERR_SUCCESS) {
 		return TFM_PLAT_ERR_SYSTEM_ERR;
 	}
 
+#ifdef NRF53_SERIES
+	/* Disable network core debug in here */
+	if (disable_netcore_debug() != TFM_PLAT_ERR_SUCCESS) {
+		return TFM_PLAT_ERR_SYSTEM_ERR;
+	}
+#endif
+
 	/* Transition to the SECURED lifecycle state */
 	if (tfm_attest_update_security_lifecycle_otp(TFM_SLC_SECURED) != 0) {
 		return TFM_PLAT_ERR_SYSTEM_ERR;

@@ -151,23 +151,23 @@
 
 #ifdef PM_MCUBOOT_ADDRESS
 #define REGION_MCUBOOT_ADDRESS	   PM_MCUBOOT_ADDRESS
-#define REGION_MCUBOOT_END_ADDRESS PM_MCUBOOT_END_ADDRESS
+#define REGION_MCUBOOT_LIMIT       PM_MCUBOOT_END_ADDRESS - 1
 #endif
 #ifdef PM_B0_ADDRESS
 #define REGION_B0_ADDRESS     PM_B0_ADDRESS
-#define REGION_B0_END_ADDRESS PM_B0_END_ADDRESS
+#define REGION_B0_LIMIT       PM_B0_END_ADDRESS - 1
 #endif
 #ifdef PM_S0_ADDRESS
 #define REGION_S0_ADDRESS     PM_S0_ADDRESS
-#define REGION_S0_END_ADDRESS PM_S0_END_ADDRESS
+#define REGION_S0_LIMIT       PM_S0_END_ADDRESS - 1
 #endif
 #ifdef PM_S1_ADDRESS
 #define REGION_S1_ADDRESS     PM_S1_ADDRESS
-#define REGION_S1_END_ADDRESS PM_S1_END_ADDRESS
+#define REGION_S1_LIMIT       PM_S1_END_ADDRESS - 1
 #endif
 #ifdef PM_PCD_SRAM_ADDRESS
 #define REGION_PCD_SRAM_ADDRESS	    PM_PCD_SRAM_ADDRESS
-#define REGION_PCD_SRAM_END_ADDRESS PM_PCD_SRAM_END_ADDRESS
+#define REGION_PCD_SRAM_LIMIT       PM_PCD_SRAM_END_ADDRESS - 1
 #endif
 
 #endif /* __REGION_DEFS_H__ */
@@ -15,6 +15,9 @@
 #include <dfu/pcd.h>
 #include <zephyr/device.h>
 #include <zephyr/devicetree.h>
+#ifdef CONFIG_PCD_LOCK_NETCORE_APPROTECT
+#include <nrfx_nvmc.h>
+#endif
 
 int main(void)
 {
@@ -41,6 +44,20 @@ int main(void)
 	bool valid = false;
 	uint8_t status = pcd_fw_copy_status_get();
 
+#ifdef CONFIG_PCD_LOCK_NETCORE_DEBUG
+	if (status == PCD_STATUS_LOCK_DEBUG) {
+		nrfx_nvmc_word_write((uint32_t)&NRF_UICR_NS->APPROTECT,
+				     UICR_APPROTECT_PALL_Protected);
+
+		pcd_done();
+
+		/* Success, waiting to be rebooted */
+		while (1)
+			;
+		CODE_UNREACHABLE;
+	}
+#endif
+
 #ifdef CONFIG_PCD_READ_NETCORE_APP_VERSION
 	if (status == PCD_STATUS_READ_VERSION) {
 		err = pcd_find_fw_version();

@@ -0,0 +1,29 @@
+#
+# Copyright (c) 2024 Nordic Semiconductor
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+source "${ZEPHYR_BASE}/share/sysbuild/Kconfig"
+
+if BOARD_NRF5340DK_NRF5340_CPUAPP_NS
+
+config NRF_DEFAULT_TFM_PSA_TEMPLATE_NETCORE
+	default y
+
+config SECURE_BOOT_NETCORE
+	default y
+
+config NETCORE_APP_UPDATE
+	default y
+
+config MCUBOOT_APP_SYNC_UPDATEABLE_IMAGES
+	default y
+
+config PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY
+	default y
+
+config MCUBOOT_USE_ALL_AVAILABLE_RAM
+	default y
+
+endif