TF-M: provide option for non-secure targets to request TF-M to issue system resets

modules/trusted-firmware-m/CMakeLists.txt

@@ -181,7 +181,7 @@ function(trusted_firmware_build)
     )
 
   add_library(tfm_api
-    ${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/tf-m-tests/app/os_wrapper_cmsis_rtos_v2.c
+    ${ZEPHYR_BASE}/modules/trusted-firmware-m/src/zephyr_tfm_log.c
   )
 
   target_include_directories(tfm_api
@@ -205,6 +205,10 @@ function(trusted_firmware_build)
   add_dependencies(tfm_api tfm)
 endfunction()
 
+zephyr_library_sources_ifdef(CONFIG_BUILD_WITH_TFM  interface/interface.c)
+# Non-Secure interface to request system reboot
+zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_PLATFORM  src/reboot.c)
+
 if (CONFIG_BUILD_WITH_TFM)
   if (CONFIG_TFM_IPC)
     set(TFM_IPC_ARG IPC)

modules/trusted-firmware-m/Kconfig

@@ -172,9 +172,11 @@ config TFM_PARTITION_PLATFORM
 	  options are handled by the build system in the trusted-firmware-m
 	  repository.
 
+# Audit Log partition build fails for profile_medium, so disable
+# the combination for now.
 config TFM_PARTITION_AUDIT_LOG
-	bool "Enable secure partition 'Audit Log'"
-	default y
+	bool "Enable secure partition 'Audit Log'" if (TFM_PROFILE != "profile_medium")
+	default y if (TFM_PROFILE != "profile_medium")
 	help
 	  Setting this option will cause '-DTFM_PARTITION_AUDIT_LOG'
 	  to be passed to the TF-M build system. Look at 'config_default.cmake'

modules/trusted-firmware-m/interface/interface.c

@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2019,2020 Linaro Limited
+ * Copyright (c) 2021 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <device.h>
+#include <init.h>
+#include <kernel.h>
+
+#include <tfm_ns_interface.h>
+
+/**
+ * @file @brief Zephyr's TF-M NS interface implementation
+ *
+ */
+
+
+/* Global mutex to be used by the TF-M NS dispatcher, preventing
+ * the Non-Secure application from initiating multiple parallel
+ * TF-M secure calls.
+ */
+K_MUTEX_DEFINE(tfm_mutex);
+
+int32_t tfm_ns_interface_dispatch(veneer_fn fn,
+				  uint32_t arg0, uint32_t arg1,
+				  uint32_t arg2, uint32_t arg3)
+{
+	int32_t result;
+
+	/* TF-M request protected by NS lock */
+	if (k_mutex_lock(&tfm_mutex, K_FOREVER) != 0) {
+		return (int32_t)TFM_ERROR_GENERIC;
+	}
+
+	/*
+	 * Prevent the thread from being preempted, while executing a Secure
+	 * function. This is required to prevent system crashes that could
+	 * occur, if a thead context switch is triggered in the middle of a
+	 * Secure call.
+	 */
+	k_sched_lock();
+
+	result = fn(arg0, arg1, arg2, arg3);
+
+	/* Unlock the scheduler, to allow the thread to be preempted. */
+	k_sched_unlock();
+
+	k_mutex_unlock(&tfm_mutex);
+
+	return result;
+}
+
+enum tfm_status_e tfm_ns_interface_init(void)
+{
+	/*
+	 * The static K_MUTEX_DEFINE handles mutex initialization,
+	 * so this function may be implemented as no-op.
+	 */
+	return TFM_SUCCESS;
+}
+
+
+#if defined(TFM_PSA_API)
+#include "psa_manifest/sid.h"
+#endif /* TFM_PSA_API */
+
+static int ns_interface_init(const struct device *arg)
+{
+	ARG_UNUSED(arg);
+
+	__ASSERT(tfm_ns_interface_init() == TFM_SUCCESS,
+		"TF-M NS interface init failed");
+
+	return 0;
+}
+
+/* Initialize the TFM NS interface */
+SYS_INIT(ns_interface_init, POST_KERNEL,
+	 CONFIG_KERNEL_INIT_PRIORITY_DEFAULT);

modules/trusted-firmware-m/src/reboot.c

@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2021 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#include <zephyr.h>
+
+#include "tfm_platform_api.h"
+
+#if defined(TFM_PSA_API)
+#include "psa_manifest/sid.h"
+#endif /* TFM_PSA_API */
+
+/**
+ *
+ * @brief Reset the system
+ *
+ * This routine resets the processor.
+ *
+ * The function requests Trusted-Firmware-M to reset the processor,
+ * on behalf of the Non-Secure application. The function overrides
+ * the weak implementation of sys_arch_reboot() in scb.c.
+ *
+ * \pre The implementation requires the TFM_PARTITION_PLATFORM be defined.
+ *
+ * @return N/A
+ */
+
+#if defined(CONFIG_TFM_PARTITION_PLATFORM)
+void sys_arch_reboot(int type)
+{
+	ARG_UNUSED(type);
+
+	(void)tfm_platform_system_reset();
+}
+#endif /* CONFIG_TFM_PARTITION_PLATFORM */

modules/trusted-firmware-m/src/zephyr_tfm_log.c

@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2021 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <sys/printk.h>
+
+int tfm_log_printf(const char *fmt, ...)
+{
+	va_list ap;
+
+	va_start(ap, fmt);
+	vprintk(fmt, ap);
+	va_end(ap);
+
+	return 0;
+}

samples/tfm_integration/psa_level_1/CMakeLists.txt

@@ -14,7 +14,6 @@ target_sources(app PRIVATE src/main.c)
 target_sources(app PRIVATE src/psa_attestation.c)
 target_sources(app PRIVATE src/psa_crypto.c)
 target_sources(app PRIVATE src/shell.c)
-target_sources(app PRIVATE src/tfm_ipc.c)
 target_sources(app PRIVATE src/util_app_cfg.c)
 target_sources(app PRIVATE src/util_app_log.c)
 target_sources(app PRIVATE src/util_sformat.c)

samples/tfm_integration/tfm_ipc/src/main.c

@@ -13,33 +13,6 @@
 #include "psa_manifest/sid.h"
 #endif
 
-K_MUTEX_DEFINE(tfm_mutex);
-
-int32_t tfm_ns_interface_dispatch(veneer_fn fn,
-				  uint32_t arg0, uint32_t arg1,
-				  uint32_t arg2, uint32_t arg3)
-{
-	int32_t result;
-
-	/* TFM request protected by NS lock */
-	if (k_mutex_lock(&tfm_mutex, K_FOREVER) != 0) {
-		return (int32_t)TFM_ERROR_GENERIC;
-	}
-
-	result = fn(arg0, arg1, arg2, arg3);
-
-	k_mutex_unlock(&tfm_mutex);
-
-	return result;
-}
-
-enum tfm_status_e tfm_ns_interface_init(void)
-{
-	/* The static K_MUTEX_DEFINE handles mutex init, so just return. */
-
-	return TFM_SUCCESS;
-}
-
 /**
  * \brief Retrieve the version of the PSA Framework API.
  *