2024-06-13 06:30 AM - edited 2024-06-13 06:31 AM
Hi @Jocelyn RICARD
Greetings
we are trying to run TFM example (with secure and non secure project) taken from GPIO_Toggle_TZEN Example and adding SPI communication in the non secure project on our custom board mounted with STM32U585aii6q controller SPI is getting stuck at timeout error(in the transmit function/receive function. Init function is working fine).
we tried the same on B-U585-IOT2A controller and the communication is working perfectly.
to verify our hardware we tried the SPI communication on the same board without TFM and its working perfectly.
we wanted to know if there is any other additional dependency while using TFM to add peripherals like SPI. with TFM configuration GPIO is working fine without any issues.
Awaiting your valuable suggestions so that we can understand and resolve the issue.
Thanks and Regards
Philip
2024-06-13 06:48 AM
Hello @PJose.4 ,
form your description I understand that:
SPI is working on both boards without TFM
SPI is working on B-U585-IOT2A with TFM
SPI is not working on your board with exact same chip as B-U585-IOT2A with same TFM
What differences in the configurations between the 2 boards?
Do you have different clocking, different power ?
Can you see any signal on MOSI when launching transmit ?
Best regards
Jocelyn
2024-06-19 12:56 AM
Hi @Jocelyn RICARD
Sorry for the late reply
the understanding is correct
the code wise everthing is same except for the pin numbers used in spi1 for the custom board.
EVM board using PE13, PE14, PE15 for SPI and SPI CS PE12
Custom Board Using PI1, PI2, PI3 and PI12 as SPI CS(changed pin out was updated in the code accordingly.)
Our query is : is there any special configuration with respect to GTZC or clock or any other with respect to TFM peripheral initialization and configuration(specially in the TFM Application from ST official Package)
to initialise any peripheral like SPI, I2C, in the TFM_Appli_NonSecure Code, do we have to make any configuration in the TFM_Appli_Secure or TFM_SBSFU_Boot.
Thanks for your continued support
Regards
Philip
2024-06-19 05:27 AM
Hello @PJose.4 ,
The TFM porting source code is available, there is no hidden configuration :)
Regarding your issue, it looks like it is related to GPIO configuration.
After reset GPIO are all secure. In TFM code, you can find function pinmux_init_cfg() that sets all GPIO accessible to non secure ... except GPIOI
I guess this is because the porting was originally made on STM32L5 that does not have this GPIO port.
So to fix your issue, you just need to add the initialization of GPIOI in this pinmux_init_cfg() function.
Best regards
Jocelyn
2024-06-20 08:09 AM
Hi @Jocelyn RICARD
Thanks for your support
the SPI issue in port I got solved. Thanks again
but couple of queries here
1, we are facing issues when configuring adc to read a pin value (PC0 - TFM Non Secure Application + Eval Board) - its getting HAL_TIMEOUT error. the pinmux function as you mentioned in the above post has included port c. is there any configuration required to do in GTZC or other areas.
2. We also want to write some data into the SRAM2(available portion) and backupram from the TFM Appli Non Secure.could you please suggest the method to do(apart from the test shown in app_rot.c) example can i connect to the app_rot partition and use the TFM_APP_ROT_IOCTL_SIGNAL to write and read data from the SRAM2 and backupRAM?
Thanks for your continued support
Regards
Philip
2024-06-20 09:44 AM
Hello @PJose.4 ,
1, we are facing issues when configuring adc to read a pin value (PC0 - TFM Non Secure Application + Eval Board) - its getting HAL_TIMEOUT error. the pinmux function as you mentioned in the above post has included port c. is there any configuration required to do in GTZC or other areas.
Nothing should be needed here. You may first check your implementation in a non secure environment to validate the behaviour.
2. We also want to write some data into the SRAM2(available portion) and backupram from the TFM Appli Non Secure.could you please suggest the method to do(apart from the test shown in app_rot.c) example can i connect to the app_rot partition and use the TFM_APP_ROT_IOCTL_SIGNAL to write and read data from the SRAM2 and backupRAM?
SRAM2 is fully allocated to TFM. Backup SRAM should be accessible to non secure (to be checked).
To access secure part you must create a service in TFM. You have TFM documentation for that.
Best regards
Jocelyn
2024-06-21 11:55 PM - edited 2024-06-22 04:09 AM
Hi @Jocelyn RICARD
Thanks again
The adc was tested to be working in the non secure TFM Application as there was a clock needed to be enabled in the application code.
my requirement is to configure the adc in the TFM_Appli_secure and access it from the TFM_Appli_NonSecure. the method im following is
in TFM_Appli_Secure-> tfm_app_rot.c - adding the adc read function and adding the signal handler to the function using TFM_APP_ROT_IOCTL_SIGNAL
in TFM_Appli_nonSecure-> main.c populated in invector and outvector and called the function
ret = tfm_app_rot_ioctl((tfm_app_rot_ioctl_req_t)IOCTL_TEST_PROTECTION_RUN_TEST,
in_vec, &out_vec);
This method is working when calling a sample function and using turning on LED as well, but when adding ADC its causing a fault and board resets. is it due to the condition that we need to set the adc1 into secure again before calling the function? or any other configuration required?
Awaiting your support
Thanks and Regards
Philip
Thanks for your support
Regards
Philip
2024-06-24 09:44 AM
Hello @PJose.4 ,
When using a peripheral in secure (with TFM or not) you need to tell this to the global trust zone controller (GTZC).
Also, if you need to use an interrupt, you will have to set this interrupt to secure and also declare it in TFM so that it is handled properly in your user partition main loop.
In general, if you want to be able to develop on TFM side, it is good practice to have a working debug environment. This will help you finding issues.
Best regards
Jocelyn
2024-06-25 07:04 AM - edited 2024-06-25 07:04 AM
Hi @Jocelyn RICARD
Greetings
i tried adding the adc attribute to the gtzc and telling it has to be in the secure zone in the non previlaged area and tested the calling adc function but still no difference, i have not used the interrupts. From the TFM secure application im not able to debug the secure area. the debugger stops at the psa connect function and doesnt go any further, even adding breakpoint in the function and jump to the breakpoint doesnt work.
I'm trying to add a secure partition referring to the documentation of tfm, in the last step while building the tfm while adding the build configuration the cmake file doesnt recognise the platform as shown in the screenshot
the tfm(base folder)->platform->ext->target->stm contains only 2 folders for nucleol552 and stm32l562 as shown below:
i even tried to add the platform name for the above 2 controllers. but still getting the same error. could you suggest some inputs here
Thanks for your continued support
Regards
Philip
2024-06-25 07:56 AM
Hello @PJose.4 ,
it looks like you are trying to build the STM32CubeU5 TFM delivery through Cmake. I guess it is normal it does not work because the purpose of this delivery was to provide an easy way to build the TFM through commonly used IDEs on STM32. This delivery provides an old TFM version that was not supporting STM32U5 yet in the upstream. Reason why you don't see the STM32U5 target.
So, if you want to add a new partition you should do it by creating yaml files in the TFM project.
Another way is to switch to the upstream configuration where you can get latest version of TFM (2.1 today) but you will need to build everything through cmake and ninja.
Best regards
Jocelyn