update to 2.2.2

CMakeLists.txt

@@ -42,6 +42,10 @@ set(CMAKE_CXX_COMPILER_FORCED true)
 
 project("Trusted Firmware M" VERSION ${TFM_VERSION} LANGUAGES C CXX ASM)
 
+if(BL2)
+    add_subdirectory(bl2)
+endif()
+
 add_subdirectory(lib/backtrace)
 add_subdirectory(lib/ext)
 add_subdirectory(lib/fih)
@@ -50,11 +54,7 @@ add_subdirectory(lib/tfm_log_unpriv)
 add_subdirectory(lib/tfm_vprintf)
 add_subdirectory(tools)
 add_subdirectory(secure_fw)
-
 add_subdirectory(interface)
-if(BL2)
-    add_subdirectory(bl2)
-endif()
 
 if(BL1 AND PLATFORM_DEFAULT_BL1)
     add_subdirectory(bl1/bl1_2)

bl1/bl1_2/lib/image.c

@@ -39,10 +39,10 @@ fih_int bl1_image_copy_to_sram(uint32_t image_id, uint8_t *out)
     flash_offset = bl1_image_get_flash_offset(image_id);
 
     fih_rc = fih_int_encode_zero_equality(
-                fih_not_eq(BL2_CODE_SIZE + BL2_HEADER_SIZE,
+                fih_not_eq(BL2_CODE_SIZE + BL1_2_HEADER_SIZE,
                            (FLASH_DEV_NAME_BL1.ReadData(flash_offset,
                                                         out,
-                                                        BL2_CODE_SIZE + BL2_HEADER_SIZE))));
+                                                        BL2_CODE_SIZE + BL1_2_HEADER_SIZE))));
 
     FIH_RET(fih_rc);
 }

bl1/bl1_2/lib/interface/image.h

@@ -19,7 +19,7 @@
 extern "C" {
 #endif
 
-#define BL2_HEADER_SIZE (offsetof(struct bl1_2_image_t, protected_values.encrypted_data.data))
+#define BL1_2_HEADER_SIZE (offsetof(struct bl1_2_image_t, protected_values.encrypted_data.data))
 
 /**
  *

bl1/bl1_2/main.c

@@ -107,9 +107,11 @@ static fih_int validate_image_signature(struct bl1_2_image_t *img,
     uint8_t rotpk[TFM_BL1_2_ROTPK_MAX_SIZE];
     uint8_t *p_rotpk = rotpk;
     size_t rotpk_size;
+#if defined(TFM_BL1_2_EMBED_ROTPK_IN_IMAGE) || defined(TFM_MEASURED_BOOT_API)
     uint8_t rotpk_hash[TFM_BL1_2_ROTPK_HASH_MAX_SIZE];
-    enum tfm_bl1_key_type_t key_type;
     enum tfm_bl1_hash_alg_t key_hash_alg;
+#endif /* TFM_BL1_2_EMBED_ROTPK_IN_IMAGE || TFM_MEASURED_BOOT_API */
+    enum tfm_bl1_key_type_t key_type;
 
 
     if (sig->sig_len > sizeof(sig->sig)) {

bl2/CMakeLists.txt

@@ -85,13 +85,15 @@ list(APPEND BL2_CRYPTO_SRC
     $<${build_sha_256}:${MBEDCRYPTO_PATH}/library/sha256.c>
     $<${build_sha_384}:${MBEDCRYPTO_PATH}/library/sha512.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/psa_crypto_ecp.c>
+    $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/psa_util.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/ecp.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/ecp_curves.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/ecdsa.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/bignum.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/bignum_core.c>
     $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/constant_time.c>
     $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/psa_crypto_rsa.c>
+    $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/psa_util.c>
     $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/rsa.c>
     $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/rsa_alt_helpers.c>
     $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/bignum.c>

docs/platform/adi/index.rst

@@ -0,0 +1,13 @@
+##############################
+Analog Devices, Inc. Platforms
+##############################
+
+.. toctree::
+    :maxdepth: 1
+    :titlesonly:
+
+    MAX32657 <max32657/README.rst>
+
+--------------
+
+*Copyright (c) 2025, Analog Devices, Inc. All rights reserved.*

docs/platform/adi/max32657/README.rst

@@ -0,0 +1,224 @@
+MAX32657
+========
+
+
+Introduction
+------------
+
+The MAX32657 microcontroller (MCU) is an advanced system-on-chip (SoC)
+featuring an Arm® Cortex®-M33 core with single-precision floating point unit (FPU)
+with digital signal processing (DSP) instructions, large flash and SRAM memories,
+and the latest generation Bluetooth® 5.4 Low Energy (LE) radio.
+The nano-power modes increase battery life substantially.
+
+MAX32657 1MB flash and 256KB RAM split to define section for MCUBoot,
+TF-M (S), Zephyr (NS) and storage that used for secure services and configurations.
+Default layout of MAX32657 is listed in below table.
+
++----------+------------------+---------------------------------+
+| Name     | Address[Size]    | Comment                         |
++==========+==================+=================================+
+| boot     | 0x1000000[64K]   | MCU Bootloader                  |
++----------+------------------+---------------------------------+
+| slot0    | 0x1010000[320k]  | Secure image slot0 (TF-M)       |
++----------+------------------+---------------------------------+
+| slot0_ns | 0x1060000[576k]  | Non-secure image slot0          |
++----------+------------------+---------------------------------+
+| slot1    | 0x10F0000[0k]    | Updates slot0 image             |
++----------+------------------+---------------------------------+
+| slot1_ns | 0x10F0000[0k]    | Updates slot0_ns image          |
++----------+------------------+---------------------------------+
+| storage  | 0x10f0000[64k]   | File system, persistent storage |
++----------+------------------+---------------------------------+
+
+
++----------------+------------------+-------------------+
+| RAM            | Address[Size]    | Comment           |
++================+==================+===================+
+| secure_ram     | 0x30000000[64k]  | Secure memory     |
++----------------+------------------+-------------------+
+| non_secure_ram | 0x20010000[192k] | Non-Secure memory |
++----------------+------------------+-------------------+
+
+
+Secure Boot ROM
+---------------
+
+MAX32657 has Secure Boot ROM that used to authenticate user code via ECDSA 256 public key.
+The Secure Boot ROM is disabled on default, to enable it user need to provision device first.
+
+ADI provides enable_secure_boot.py (under <CMAKE_BINARY_DIR>/lib/ext/tesa-toolkit-src/devices/max32657/scripts/bl1_provision)
+script to simply provision the device. This script reads user certificate via command line parameter
+then writes user key on the device and disables debug interface.
+
+To create pub & private key pair for MAX32657 run:
+
+.. code-block:: bash
+
+    openssl ecparam -out <MY_CERT_FILE.pem> -genkey -name prime256v1
+
+
+.. note::
+
+   Debug interface will be disabled after secure boot is enabled.
+   User must write final firmware before provisioning the device. It can
+   be written during device provision, Just add your final firmware hex file in
+   JLinkScript under <CMAKE_BINARY_DIR>/lib/ext/tesa-toolkit-src/devices/max32657/scripts/bl1_provision folder.
+
+
+After secure boot has been enabled BL2 image must be signed with user certificate
+otherwise Secure Boot ROM will not validate BL2 image and will not execute it.
+The sign process will be done automatically if BL1 be ON ``-DBL1=ON``
+The sign key can be sepecified over command line option -DTFM_BL2_SIGNING_KEY_PATH=<MY_KEY_FILE>
+or by setting the flag in <TF-M base folder>/platform/ext/target/adi/max32657/config.cmake
+Development purpose test certificate is here:
+<CMAKE_BINARY_DIR>/lib/ext/tesa-toolkit-src/devices/max32657/keys/bl1_dummy.pem
+It shall not been used for production purpose just for development purpose.
+
+.. note::
+
+   The signature generation depends on ecdsa that's have to be installed::
+
+    pip3 install ecdsa
+
+
+Building TF-M
+-------------
+
+This platform port supports TF-M regression tests (Secure and Non-secure)
+with Isolation Level 1.
+
+To build S and NS application, run the following commands:
+
+.. note::
+
+   Only GNU toolchain is supported.
+
+.. note::
+
+   Only "profile_small" predefined profile is supported.
+
+Prepare the tf-m-tests repository inside the TF-M base folder.
+
+.. code-block:: bash
+
+    cd <TF-M base folder>
+    git clone https://git.trustedfirmware.org/TF-M/tf-m-tests.git
+
+.. code:: bash
+
+    cd <TF-M base folder>/tf-m-test/tests_reg
+
+    cmake -S spe -B build_spe \
+            -G"Unix Makefiles"               \
+            -DTFM_PLATFORM=adi/max32657      \
+            -DCONFIG_TFM_SOURCE_PATH=<TF-M base folder>/trusted-firmware-m \
+            -DTFM_TOOLCHAIN_FILE=<TF-M base folder>/trusted-firmware-m/toolchain_GNUARM.cmake \
+            -DTEST_S=OFF                \
+            -DTEST_NS=ON               \
+            -DTFM_NS_REG_TEST=ON        \
+            -DTFM_BL2_LOG_LEVEL=LOG_LEVEL_INFO  \
+            -DTFM_ISOLATION_LEVEL=1
+    cmake --build build_spe -- install
+
+    cmake -S . -B build_test    \
+            -G"Unix Makefiles"  \
+            -DCONFIG_SPE_PATH=<TF-M base folder>/tf-m-tests/tests_reg/build_spe/api_ns \
+            -DTFM_TOOLCHAIN_FILE=cmake/toolchain_ns_GNUARM.cmake \
+            -DTFM_NS_REG_TEST=ON
+    cmake --build build_test
+
+
+Merge and Flash Images
+----------------------
+
+Follow the steps below to program the flash with a compiled TF-M image (i.e. S, NS or both).
+
+
+Generate Intel hex files from the output binary (bin) files as follows:
+
+.. code-block:: console
+
+    srec_cat build_spe/bin/tfm_s_signed.bin -binary --offset 0x01010000 -o build_spe/bin/tfm_s_signed.hex -intel
+    srec_cat build_test/bin/tfm_ns_signed.bin -binary --offset 0x01060000 -o build_test/bin/tfm_ns_signed.hex -intel
+
+
+Merge hex files as follows:
+
+.. code-block:: console
+
+    srec_cat build_spe/bin/bl2.hex -Intel build_spe/bin/tfm_s_signed.hex -Intel build_test/bin/tfm_ns_signed.hex -Intel -o tfm_merged.hex -Intel
+
+Alternatively, you can merge hex files with `mergehex.py <https://github.com/zephyrproject-rtos/zephyr/blob/main/scripts/build/mergehex.py>`_
+
+.. code-block:: console
+
+    python /PATH/TO/mergehex.py -o tfm_merged.hex build_spe/bin/bl2.hex build_spe/bin/tfm_s_signed.hex build_test/bin/tfm_ns_signed.hex
+
+.. note::
+
+   Use bl2_signed.hex instead bl2.hex if Secure Boot ROM is enabled.
+
+
+Flash them with JLink as follows:
+
+.. code-block:: console
+
+    JLinkExe -device MAX32657 -if swd -speed 2000 -autoconnect 1
+    J-Link>h
+    J-Link>r
+    J-Link>erase
+    J-Link>loadfile build_spe/bin/tfm_merged.hex
+
+
+BL2 and TF-M Provisioning
+-------------------------
+
+On default ``-DPLATFORM_DEFAULT_PROVISIONING=ON`` and ``-DTFM_DUMMY_PROVISIONING=ON``
+which will use default provisioning and dummpy keys, these configuration is fine
+for development purpose but for production customer specific keys shall be used
+Provisioning bundles can be generated with the ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` flag.
+The provisioning bundle binary will be generated and it's going to contain
+the provisioning code and provisioning values.
+
+If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` and ``-DTFM_DUMMY_PROVISIONING=ON`` then the keys in
+the ``tf-m/platform/ext/target/common/provisioning/provisioning_config.cmake`` and the
+default MCUBoot signing keys will be used for provisioning.
+
+If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` and ``-DTFM_DUMMY_PROVISIONING=OFF`` are set
+then unique values can be used for provisioning. The keys and seeds can be changed by
+passing the new values to the build command, or by setting the ``-DPROVISIONING_KEYS_CONFIG`` flag
+to a .cmake file that contains the keys. An example config cmake file can be seen at
+``tf-m/platform/ext/target/common/provisioning/provisioning_config.cmake``.
+Otherwise new random values are going to be generated and used. For the image signing
+the ${MCUBOOT_KEY_S} and ${MCUBOOT_KEY_NS} will be used. These variables should point to
+.pem files that contain the code signing private keys. The public keys are going to be generated
+from these private keys and will be used for provisioning. The hash of the public key is going to
+be written into the ``provisioning_data.c`` automatically.
+
+If ``-DMCUBOOT_GENERATE_SIGNING_KEYPAIR=ON`` is set then a new mcuboot signing public and private
+keypair is going to be generated and it's going to be used to sign the S and NS binaries.
+
+The new generated keypair can be found in the ``<build dir>/bin`` folder or in the
+``<install directory>/image_signing/keys`` after installation.
+The generated provisioning_data.c file can be found at
+``<build directory>/platform/target/provisioning/provisioning_data.c``
+
+.. note::
+
+   The provisioning bundle generation depends on pyelftools that's have to be installed::
+
+    pip3 install pyelftools
+
+UART Console
+************
+
+MAX32657 has one UART (UART0) peripheral which is routed for Non-Secure console output by default.
+S and NS firmware can not use UART at the same time.
+If TFM_S_REG_TEST been defined the UART console will be routed to the Secure side otherwise it will
+be on NS side.
+
+--------------
+
+*Copyright 2025 Analog Devices, Inc. All rights reserved.
+*SPDX-License-Identifier: BSD-3-Clause*

docs/platform/index.rst

@@ -7,6 +7,7 @@ TF-M Platforms
 .. toctree::
     :maxdepth: 2
 
+    Analog Devices, Inc. <adi/index>
     Arm <arm/index>
     ArmChina <armchina/index>
     Cypress <cypress/index>

docs/platform/platform_introduction.rst

@@ -47,6 +47,8 @@ Supported Platforms
           <https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF5340-DK>`_
         - `BL5340 DVK (lairdconnectivity/bl5340_dvk_cpuapp).
           <https://www.lairdconnect.com/wireless-modules/bluetooth-modules/bluetooth-5-modules/bl5340-series-multi-core-bluetooth-52-802154-nfc-modules>`_
+        - `MAX32657 (adi/max32657).
+          <https://www.analog.com/en/products/max32657.html>`_
 
     - Cortex-M23 system:
 

docs/platform/stm/b_u585i_iot02a/readme.rst

@@ -1,3 +1,38 @@
+-------
+STM32U5
+-------
+
+TF-M is supported on STM32U5 family
+
+https://www.st.com/en/microcontrollers-microprocessors/stm32u5-series.html
+
+
+Directory content
+^^^^^^^^^^^^^^^^^
+
+- stm/common/stm32u5xx/stm32u5xx_hal:
+   Content from https://github.com/STMicroelectronics/stm32u5xx_hal_driver.git
+
+- stm/common/stm32u5xx/Device:
+   Content from https://github.com/STMicroelectronics/cmsis_device_u5.git
+
+- stm/common/stm32u5xx/bl2:
+   stm32l5xx bl2 code specific from https://github.com/STMicroelectronics/STM32CubeU5.git (Projects/B-U585I-IOT02A/Applications/TFM)
+
+- stm/common/stm32u5xx/secure:
+   stm32l5xx Secure porting adaptation from https://github.com/STMicroelectronics/STM32CubeU5.git (Projects/B-U585I-IOT02A/Applications/TFM)
+
+- stm/common/stm32u5xx/boards:
+   Adaptation for stm32 board using stm32l5xx soc from https://github.com/STMicroelectronics/STM32CubeU5.git (Projects/B-U585I-IOT02A/Applications/TFM)
+
+
+Specific Software Requirements
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+STM32_Programmer_CLI is required.(see https://www.st.com/en/development-tools/stm32cubeprog.html)
+
+
+
 B_U585I_IOT02A
 ^^^^^^^^^^^^^^^
 
@@ -75,6 +110,25 @@ the attestation service in Isolation Level 1 on Linux.
     ninja -C . -j 8
 
 
+Write software on target
+^^^^^^^^^^^^^^^^^^^^^^^^
+In secure build folder directory api_ns:
+
+  - ``postbuild.sh``: Updates regression.sh and TFM_UPDATE.sh scripts according to flash_layout.h
+  - ``regression.sh``: Sets platform option bytes config and erase platform
+  - ``TFM_UPDATE.sh``: Writes bl2, secure, and non secure image in target
+
+
+Connect board to USB and Execute the 3 scripts in following order to update platform:
+postbuild.sh, regression.sh, TFM_UPDATE.sh
+
+The virtual com port from STLINK is used for TFM log and serial port configuration should be:
+
+  - Baud rate    = 115200
+  - Data         = 8 bits
+  - Parity       = none
+  - Stop         = 1 bit
+  - Flow control = none
 
 -------------