On M2351, some spaces like SYS/CLK are hard-wired to secure and cannot change.
To access these spaces from non-secure world, we must provide platform-specific NSC
functions. With TFM introduced, we must synchronize NSC calls into TFM to keep TFM
in sync instead of straight NSC calls. To achieve this goal, we go with the following
approach:
1. Like PSA APIs, enforce locked entry through tfm_ns_lock_dispatch().
2. Run platform-specific secure functions in default secure partition, in which SYS/CLK
spaces have been configured to be accessible.
On IAR, configure heap to 1KiB at a minimum and expandable, dependent on available SRAM. This requires IAR 8.x.
Support targets:
- NUMAKER_PFM_NUC472 w/ and w/o XRAM
- NUMAKER_PFM_M453
- NUMAKER_PFM_M487/NUMAKER_IOT_M487
- NUMAKER_IOT_M263A
- NUMAKER_M252KG
At IAR linking, the default method of 'initialize by copy' is 'auto', which will estimate
different packing algorithms, including complex 'lz77', for smallest memory footprint. But
the algorithm itself can consume some SRAM and cause OOM at linking time for NANO130, which
just has 16KiB SRAM. To avoid this error, always choose 'none' packing algorithm.
These targets below just support PRNG, not real TRNG. They cannot annouce TRNG.
- NUMAKER_PFM_NUC472
- NUMAKER_PFM_M487
- NUMAKER_IOT_M487
On targets without TRNG, to run mbedtls applications which require entropy source,
there are two alternatives to TRNG:
- Custom entropy source:
Define MBEDTLS_ENTROPY_HARDWARE_ALT and provide custom mbedtls_hardware_poll(...)
- NV seed:
1. Define MBEDTLS_ENTROPY_NV_SEED
2. Define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO/MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and provide custom mbedtls_nv_seed_read(...)/mbedtls_nv_seed_write(...).
3. Don't define MBEDTLS_PSA_INJECT_ENTROPY. Meet mbedtls_psa_inject_entropy(...) undefined and then provide custom one, which must be compatible with mbedtls_nv_seed_read(...)/mbedtls_nv_seed_write(...) above.
4. For development, simulating partial provision process, inject entropy seed via mbedtls_psa_inject_entropy(...) pre-main.
In this new memory partition, secure program is most simplified and non-secure program can make most use of memory for its large application like Pelion:
- Flash (512KiB in total): 64KiB for secure and 448KiB for nonsecure.
- SRAM (96KiB in total): 8KiB for secure and 88KiB for nonsecure.
Besides, to make secure program fit into 8KiB:
- Decrease boot stack size to 0x600 bytes
- Remove serial support
Reasons to remove TRNG support:
1. M252 just has 32KiB SRAM and cannot afford mbedtls application.
2. Implementing TRNG HAL with PRNG H/W has security concern.
Without free-up of peripheral pins, peripheral pins of the same peripheral may
share by multiple ports after port iteration, and this peripheral may fail with
pin interference.
In Nuvoton, only new-design chips support GPIO input pull-high/pull-low modes.
Targets not supporting this feature are listed below:
- NUMAKER_PFM_NANO130
- NUMAKER_PFM_NUC472
- NUMAKER_PFM_M453
Martin Kojtal
cyliangtw
Chun-Chieh Li
int_szyk