boards: st: stm32h573i_dk: Add TF-M non-secure app support

[tpambor]

Add support for building Trusted Firmware-M (TF-M) non-secure applications for the STM32H573I-DK board.

[tpambor]

Currently, fails to build with Zephyr SDK used in main due to a internal compiler error, zephyrproject-rtos/sdk-ng#558. This is fixed starting GCC 13.

[dsseng]

Thanks, could you please consider these minor documentation fixups?

[dsseng]

TrustZone is spelled without a space

Suggested change

	| stm32h573i_dk | For building Trust Zone Disabled firmware for internal flash |
	+-----------------------------------------+--------------------------------------------------------------+
	| stm32h573i_dk/stm32h573xx/ext_flash_app | For building Trust Zone Disabled firmware for external flash |
	| stm32h573i_dk | For building firmware without TrustZone for internal flash |
	+-----------------------------------------+--------------------------------------------------------------+
	| stm32h573i_dk/stm32h573xx/ext_flash_app | For building firmware without TrustZone for external flash |

[erwango]

with TrustZone disabled more accurate than without TrustZone

[dsseng]

Suggested change

	usual, non-TFM, binaries.
	usual, Secure binaries without TF-M.

[etienne-lms]

Actually, as mentioned below, TZEN Option Byte is not reset by this script hence images not embedding TF-M won't be able to run.

[etienne-lms]

Many CI build test failures (if not all) are due to a GCC 11/GCC 12 issue triggered in STM32 HAL for this SoC. It's been addressed for STM32U5 in TF-M [1] first then solve in the STM32U5 HAL. The equivalent fix for STM32WBA65 was merged in TF-M [2] and should be addressed in the next release of STM32WBA65 HAL.

I see the issue needs to be addressed in TF-M also for STM32H573. It should be adressed in that SoC next HAL release but until then (and TF-M syncs on), it would need to be addressed in TF-M too, on the model of [1] and [2]. Do you want to post a change in TF-M mainline?

[1] TrustedFirmware-M/trusted-firmware-m@578a6f4
[2] TrustedFirmware-M/trusted-firmware-m@ec61e69

[etienne-lms]

Suggested change

	.. code-block:: bash
	$ west build -b stm32h573i_dk/stm32h573xx/ns samples/tfm_integration/tfm_ipc/
	.. zephyr-app-commands::
	:zephyr-app: samples/tfm_integration/tfm_ipc
	:board: stm32h573i_dk/stm32h573xx/ns
	:goals: build

[etienne-lms]

Suggested change

	will set platform option bytes config and erase platform (among others,
	will set platform Option Bytes config and erase platform (among others,

[etienne-lms]

Suggested change

	/* MCUboot 0001_0000 - 0002_8000 (160k) */
	/* MCUboot (BL2) 0001_0000 - 0002_8000 (96k) */

Alternatively, to be synced with the partition layout below the mentions 160kB for boot_partition partition:

		* MCUBoot data (scratch area/counters)  0000_0000 - 0000_C000 ( 48k)
		* MCUboot (BL2) and related resources   0001_0000 - 0002_8000 (160k)

I would rather suggest to update the boot_partition to cover all TF-M.BL2 related resources:

		boot_partition: partition@0 {
			label = "mcuboot";
			reg = <0 DT_SIZE_K(224)>;
		};

[tpambor]

I adjusted it to 192k, as Secure storage and Internal trusted storage partitions are used by TF-M and not mcuboot/BL2.

[etienne-lms]

Prefer comments like:

		/* Keep in sync with partitions from flash_layout.h in TF-M
		 * Scratch area                          0000_0000 - 0000_C000 ( 48k)
		 * MCUboot (anti-rollback counter)       0000_C000 - 0001_0000 ( 16k)
		 * (...)
		 */

[etienne-lms]

These tags are used by twister to test boards subsystems. It's not intended to be used on the ns variant, there are already tested on the main variant, so prefer remove them from this YAML file.

Maybe adding only the trusted-firmware-m tag here could be useful for covering related tests and samples.

[etienne-lms]

Actually, as mentioned below, TZEN Option Byte is not reset by this script hence images not embedding TF-M won't be able to run.

[etienne-lms]

Suggested change

	flash: 2048
	ram: 192
	flash: 576

TF-M is assigned the last 64kB of SRAM1, leaving only 192kB to Zephyr non-secure application.
The flash partition for Zephyr is 576kB, as defined in your "ns" variant DTS file.

[tpambor]

Right, I also subtracted the 1kB for MCUboot header as in ext_flash_app.

[etienne-lms]

Could you update here the SRAMs nodes since some are assigned to the secure world:

/* Last 64kB of SRAM1 are owned by TF-M */
&sram1 {
	reg = <0x20000000 DT_SIZE_K(256 - 64)>;
};

/* SRAM2 is owned by TF-M */
&sram2 {
	status = "disabled";
};

[etienne-lms]

Removing net and socket tags in the "ns" variant board YAML file will prevent from excluding this variant from all tests and samples where it can't be used, as here.

[github-actions]

The following west manifest projects have changed revision in this Pull Request:

Name	Old Revision	New Revision	Diff
trusted-firmware-m	zephyrproject-rtos/trusted-firmware-m@c2f9edc (main)	zephyrproject-rtos/trusted-firmware-m#160	zephyrproject-rtos/trusted-firmware-m#160/files

⛔ DNM label due to: 1 project with PR revision

Note: This message is automatically posted and updated by the Manifest GitHub Action.

[dsseng]

Actually, binaries without TF-M should run in Secure, unless the SoC bootrom does something very special. @tpambor @etienne-lms please correct me if this SoC does something special and the usual binaries would start in ns by default

Suggested change

	run usual, non-secure binaries without TF-M.
	run usual binaries without TrustZone and TF-M.

[tpambor]

@dsseng Yes, you are right. I will correct this.

[dsseng]

Should the description here maybe suggest it'll be merged with the TF-M as the secure image?

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud