Reg Secure Service Access from Non Secure World in TF-M Appli in B-U585-IOT2A

PJose.4 · ‎2023-11-15

Hi @STea
Greetings

With Respect to my previous post of RSASSA-PS i had added another query again posting as a separate thread
Query - In the TF-M Appli folder(from the ST provided package of TFM Example with TFM SBSFU) - how can i access a secure service from the non secure area because it does not have a non-secure callable function(nsc.c)(in a normal program with TZEN enabled there will be a nsc.c file in the secure code which can be accessed from the non secure code using entry functions - my understanding here is the basic concepts.). With respect to the above understanding can you please suggest a look out of how can i implement an adc(in the secure zone of the TF-M Appli) and call the voltage value from the channel in the non secure code of the appli.

Please suggest how can i implement this requirement. awaiting your guidance in this regard
Thanks and Regards
Philip

STea · ‎2023-11-16

Hello @PJose.4 ,

thank you for your continuous contribution in our community.

regarding your request about accessing a secure service form a non secure area the TFM solution ensures the unique entry via the TFM app rot calls . so if you want to do so you need to follow the same flow implemented by the TFM to implement a new service and call it via this API this process is explained in details in the TFM documentation.

i suggest before you try and implement your own services you test it by forcing the existing example to allocate and use and ADC for secure area by putting you code in the test function with test number 25 and calling it form non secure main to test it's functionalities this is explained in the attached main.c and app_rot_test.c (PS : main.c is in non secure and app_rot_test.c is in secure project ).

Hope this answers you request .

BR

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

PJose.4 · ‎2023-11-17

Hi @STea
greetings
Thanks for your continued support.
I will look into this input that you have provided in more detail. Thanks again for the support. I will come back with the queries asap. I have got a basic idea, now need to look into more details.
Thanks again
Best Regards
Philip Jose

PJose.4 · ‎2024-01-11

Hello @STea
Greetings

apologies for the delay, was stuck in some other activities.
I was testing this as per the shared code and testing the package, the chip is resetting again and again, probably the access is wrong. Made changes as per the above comment but the access to secure area from the non secure area was not working properly and the TFM example is reset right from the bootloader and the action is repetitively happening. Please suggest the possible solution for this approach.

Thanks and Regards
Pyt

STea · ‎2024-01-11

Hello @PJose.4 ,

I have tested this code on my side and it is working flawlessly i'don't have the same issue of reset like you have mentioned but this could be due to some files not generating correctly or other modifications that you did make sure you follow the flow to build the project described in the readme file of the example . Some more details about the steps you made to integrate the changes in the project could help to further investigate on your issue .

BR

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

PJose.4 · ‎2024-01-11

Hello @STea
Greetings
Thanks for your quick response

I have tried multiple steps that are described in different approaches as described below:

1. in the cube u5 firmware package v1.2 executed the same files as it is only compared and added the new changes that were mentioned in the new main.c(non secure) area and app_rot_test.c(secure) in the existing files(main.c and app_rot_test.c).

2. completely replaced the existing main.c file and app_rot_test.c with the files that are shared in this thread. One query is like there is a file testprotection.c in the non secure area with more or less same contents as app_rot_test.c. Could you please throw some light into the usage of testprotection.c and app_rot_test.c. There is one function in the file that was shared from your end:

void set_rcc(void);

this function doesnt have a definition in the file and the function was used in the below snippet: but this snippet is commented:

 { (uint32_t) &set_rcc, "RCC SEC Clock recovery fun call", TEST_PRIV_EXECUTE,  NOT_APPLICABLE, ALLOWED},

when commenting these statements and executing the package the reset error is not visible but the secure function is not being called.

The following is the output when commenting the function set_rcc() and commenting the above snippet.

One more query - is initialisation of RTC required for testing these steps.
Both these approach are giving same errors. going into reset. If i am commenting the new test that has been added and executing the TFM Example, the example runs fine without any issues.

Following are the configurations that are made:
1. Tamper protection disabled
2. Image encryption disabled
3. Slot Mode - Primary and Secondary Slot
4. Image Update Method - Overwrite method

Hope the steps are cleared.
Please assist me further in this issue
Highly appreciate your continued support

Best Regards
Philip Samuel Jose

PJose.4 · ‎2024-01-16

Hi @STea
Greetings

Just another observation from some of the experiments done:
The same set of functions are implemented in the test_protection.c(Non Secure) file just as in app_rot_test.c(Secure).

When i am adding the following lines in the test_protection.c file

const TestProtection_t aProtectTests[] =
{
......
......
{ (uint32_t) &set_ADC, "ADC Test", TEST_EXECUTE,  NOT_APPLICABLE, ALLOWED},
....
.....
}

i am able to view the set adc function in the terminal console. But this snippet is in the non secure code. whatever changes i add in the app_rot_test.c file none of them shows an output.
Hope this provides some insight
Thanks for your support

Best Regards
Philip

STea · ‎2024-01-17

Hello @PJose.4 ,

Both files are duplicated from the secure and non secure sides because the tests will run twice one iteration of the test from secure and one iteration from non secure calling a secure service which is the one we want to execute. As i already told you this modifications have been tested and they are working and i'm able to see the non secure service call. if you want to implement the test from both sides you can do it just for info you can uncomment the run _app() loop from main and see the execution of the all the test and distinguish your test with a printf inside it for example .

BR

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

PJose.4 · ‎2024-01-17

Hi @STea
Greetings
Thanks for your reply

1. I tried the test by using the app_main() function and using the automatic test. it iterates through the non-secure test(TEST_NS) and secure tests(TEST_S) and from my understanding all the tests are executed from the test_protections.c file in the TFM_Appl_NonSecure Project(because im able to add my print statement in one of the test and print the same on the console but the same function kept on the app_rot_test.c(secure TFM_Appli project) is not getting called). Am i missing any steps here. I tried even by adding the same set of main.c and app_rot_test.c provided in the previous thread. Sorry if my question is very basic
2. I would like to know if i can use the functions CMSE_NS_ENTRY and CMSE_NS_CALL(used during test programs with TF_M created using CubeMX configuration and sample programs) for accessing a secure service from the non secure environment in the TFM Application Package.

Thanks for your continued support
Best Regards
Philip