Home
last modified time | relevance | path

Searched full:secure (Results 1 – 25 of 578) sorted by relevance

12345678910>>...24

/Zephyr-latest/arch/arm/core/cortex_m/tz/
DKconfig18 comment "Secure firmware"
21 comment "Non-secure firmware"
25 bool "BusFault, HardFault, and NMI target Secure state"
29 exceptions as Secure exceptions.
32 bool "Secure Firmware has Secure Entry functions"
35 Option indicates that ARM Secure Firmware contains
36 Secure Entry functions that may be called from
37 Non-Secure state. Secure Entry functions must be
38 located in Non-Secure Callable memory regions.
41 hex "ARM Non-Secure Callable Region base address"
[all …]
/Zephyr-latest/samples/tfm_integration/tfm_regression_test/
DREADME.rst9 Run both the Secure and Non-secure TF-M Regression tests using the Zephyr build system.
11 The build system will replace the Zephyr application with the Non-Secure TF-M test application,
12 while the Secure tests will be included in the TF-M build itself.
22 Tests for both the secure and non-secure domain are enabled by default, controlled via the CONFIG_T…
44 Non-Secure system starting...
46 #### Execute test suites for the Secure area ####
63 *** Secure test suites summary ***
69 Test suite 'Crypto secure interface tests (TFM_CRYPTO_TEST_5XXX)' has PASSED
70 … Test suite 'Initial Attestation Service secure interface tests(TFM_ATTEST_TEST_1XXX)' has PASSED
71 Test suite 'Platform Service Secure interface tests(TFM_PLATFORM_TEST_1XXX)' has PASSED
[all …]
/Zephyr-latest/boards/raytac/mdbt53_db_40/
DKconfig.defconfig10 # For the secure version of the board the firmware is linked at the beginning
12 # be loaded by MCUboot. If the secure firmware is to be combined with a non-
13 # secure image (TRUSTED_EXECUTION_SECURE=y), the secure FW image shall always
16 # For the non-secure version of the board, the firmware
17 # must be linked into the code-partition (non-secure) defined in DT, regardless.
23 # If the secure firmware is to be combined with a non-secure image
24 # (TRUSTED_EXECUTION_SECURE=y), the secure FW image SRAM shall always
25 # be restricted to the secure image SRAM partition (sram-secure-partition).
29 # For the non-secure version of the board, the firmware image SRAM is
30 # always restricted to the allocated non-secure SRAM partition.
[all …]
/Zephyr-latest/boards/raytac/mdbt53v_db_40/
DKconfig.defconfig10 # For the secure version of the board the firmware is linked at the beginning
12 # be loaded by MCUboot. If the secure firmware is to be combined with a non-
13 # secure image (TRUSTED_EXECUTION_SECURE=y), the secure FW image shall always
16 # For the non-secure version of the board, the firmware
17 # must be linked into the code-partition (non-secure) defined in DT, regardless.
23 # If the secure firmware is to be combined with a non-secure image
24 # (TRUSTED_EXECUTION_SECURE=y), the secure FW image SRAM shall always
25 # be restricted to the secure image SRAM partition (sram-secure-partition).
29 # For the non-secure version of the board, the firmware image SRAM is
30 # always restricted to the allocated non-secure SRAM partition.
[all …]
/Zephyr-latest/boards/nordic/nrf5340dk/
DKconfig.defconfig10 # For the secure version of the board the firmware is linked at the beginning
12 # be loaded by MCUboot. If the secure firmware is to be combined with a non-
13 # secure image (TRUSTED_EXECUTION_SECURE=y), the secure FW image shall always
16 # For the non-secure version of the board, the firmware
17 # must be linked into the code-partition (non-secure) defined in DT, regardless.
23 # If the secure firmware is to be combined with a non-secure image
24 # (TRUSTED_EXECUTION_SECURE=y), the secure FW image SRAM shall always
25 # be restricted to the secure image SRAM partition (sram-secure-partition).
29 # For the non-secure version of the board, the firmware image SRAM is
30 # always restricted to the allocated non-secure SRAM partition.
[all …]
/Zephyr-latest/boards/nordic/nrf5340_audio_dk/
DKconfig.defconfig10 # For the secure version of the board the firmware is linked at the beginning
12 # be loaded by MCUboot. If the secure firmware is to be combined with a non-
13 # secure image (TRUSTED_EXECUTION_SECURE=y), the secure FW image shall always
16 # For the non-secure version of the board, the firmware
17 # must be linked into the code-partition (non-secure) defined in DT, regardless.
23 # If the secure firmware is to be combined with a non-secure image
24 # (TRUSTED_EXECUTION_SECURE=y), the secure FW image SRAM shall always
25 # be restricted to the secure image SRAM partition (sram-secure-partition).
29 # For the non-secure version of the board, the firmware image SRAM is
30 # always restricted to the allocated non-secure SRAM partition.
[all …]
/Zephyr-latest/samples/boards/arc_secure_services/
DREADME.rst5 ARC Secure Service
11 This sample implements a simple secure service based on ARC SecureShield to
12 demonstrate how a secure zephyr application runs together with a normal
17 * Secure application will be in the secure memory space defined in
18 ``arc_mpu_regions.c``. Half of RAM and ROM is allocated to secure world,
21 * Memory not allocated to the secure application is allocated to
25 the peripherals are shared between normal mode and secure mode. If some
26 peripherals are required by secure world, it can be done by adding static
32 * Secure interrupts priority > secure threads priority > normal interrupts
43 * secure application: em_starterkit_em7d_secure
[all …]
Dsample.yaml2 description: Sample application to verify the secure monitor for Designware ARC
4 name: Designware ARC Secure monitor
14 tags: secure
20 - "I am the main thread in secure world: 0"
22 - "I am the main thread in secure world: 1"
23 - "I am the main thread in secure world: 2"
24 - "I am the main thread in secure world: 3"
/Zephyr-latest/samples/tfm_integration/tfm_secure_partition/
DREADME.rst2 :name: TF-M Secure Partition
4 Create a secure partition that exposes secure services.
9 A Secure Partition is an isolated module that resides in TF-M. It exposes a number of functions or
10 "secure services" to other partitions and/or to the non-secure firmware. TF-M already contains
14 This sample creates a dummy secure partition and secure service for TF-M and instructs the TF-M
15 build system to build it into the secure firmware. The dummy secure service is then called in the
16 main file (in the non-secure firmware).
18 This dummy partition has a single secure service, which can index one of 5 dummy secrets inside the
25 For more information on how to add custom secure partitions refer to TF-M's guide:
30 both the secure and non-secure CMakeLists.txt file and make relevant changes, as well as the yaml
/Zephyr-latest/boards/nordic/thingy53/
DKconfig.defconfig10 # For the secure version of the board the firmware is linked at the beginning
12 # be loaded by MCUboot. If the secure firmware is to be combined with a non-
13 # secure image (TRUSTED_EXECUTION_SECURE=y), the secure FW image shall always
16 # For the non-secure version of the board, the firmware
17 # must be linked into the code-partition (non-secure) defined in DT, regardless.
23 # If the secure firmware is to be combined with a non-secure image
24 # (TRUSTED_EXECUTION_SECURE=y), the secure FW image SRAM shall always
25 # be restricted to the secure image SRAM partition (sram-secure-partition).
29 # For the non-secure version of the board, the firmware image SRAM is
30 # always restricted to the allocated non-secure SRAM partition.
[all …]
/Zephyr-latest/arch/arc/core/secureshield/
Dsecure_sys_services.c16 * @brief read secure auxiliary regs on behalf of normal mode
20 * Some aux regs require secure privilege, this function implements
21 * an secure service to access secure aux regs. Check should be done
30 * @brief write secure auxiliary regs on behalf of normal mode
35 * Some aux regs require secure privilege, this function implements
36 * an secure service to access secure aux regs. Check should be done
42 /* 0 -> CONFIG_NUM_IRQ_PRIO_LEVELS allocated to secure world in arc_s_aux_write()
61 * By default, most interrupts are configured to be secure in initialization.
62 * If normal world wants to use an interrupt, through this secure service to
74 * \todo, to access MPU from normal mode, secure mpu service should be
[all …]
/Zephyr-latest/doc/services/tfm/
Doverview.rst16 Through a set of secure services and by design, TF-M provides:
18 * Isolation of secure and non-secure resources
35 * The secure processing environment (secure boot and TF-M) starts first
36 * Resource allocation for Zephyr relies on choices made in the secure image.
43 order (secure boot > secure image > ns image).
45 While the secure bootloader is optional, it is enabled by default, and secure
46 boot is an important part of providing a secure solution:
51 | Secure Processing Environment (SPE) | | NSPE |
56 | | Secure || Trusted Firmware-M | | APIs | | Zephyr | |
57 | | Boot || (Secure Image) | | | |(NS Image)| |
[all …]
Dintegration.rst7 use of its secure run-time services in Zephyr applications.
12 TF-M will be built for the secure processing environment along with Zephyr if
20 configuration that takes into account the initialisation process in the secure
24 target to build for the secure processing environment.
30 a secure Zephyr binary.
34 non-secure image, linked with TF-M as an external project, and optionally the
35 secure bootloader:
43 the required space for TF-M and the secure bootloader:
67 This reserves 1 MB of code memory and 1 MB of RAM for secure boot and TF-M,
68 such that our non-secure Zephyr application code will start at 0x10000, with
[all …]
/Zephyr-latest/boards/ezurio/bl5340_dvk/
DKconfig.defconfig14 # For the secure version of the board the firmware is linked at the beginning
16 # be loaded by MCUboot. If the secure firmware is to be combined with a non-
17 # secure image (TRUSTED_EXECUTION_SECURE=y), the secure FW image shall always
20 # For the non-secure version of the board, the firmware
21 # must be linked into the code-partition (non-secure) defined in DT, regardless.
27 # If the secure firmware is to be combined with a non-secure image
28 # (TRUSTED_EXECUTION_SECURE=y), the secure FW image SRAM shall always
29 # be restricted to the secure image SRAM partition (sram-secure-partition).
33 # For the non-secure version of the board, the firmware image SRAM is
34 # always restricted to the allocated non-secure SRAM partition.
[all …]
Dbl5340_dvk_nrf5340_cpuapp_partition_conf.dtsi12 * implies building Secure and Non-Secure Zephyr images.
14 * Secure image will be placed, by default, in flash0
16 * Secure image will use sram0 for system memory.
18 * Non-Secure image will be placed in slot0_ns, and use
21 * Note that the Secure image only requires knowledge of
22 * the beginning of the Non-Secure image (not its size).
43 * - Lowest 256 kB SRAM allocated to Secure image (sram0_s)
44 * - Middle 192 kB allocated to Non-Secure image (sram0_ns)
/Zephyr-latest/modules/trusted-firmware-m/
DKconfig.tfm33 bool "Build with TF-M as the Secure Execution Environment"
44 additionally generate a TF-M image for the Secure Execution
46 itself is to be executed in the Non-Secure Processing Environment.
48 ensures that the Zephyr image is built as a Non-Secure image. Both
57 while performing a secure function call.
195 string "Version of the Secure Image"
199 Version of the secure image. This version is also used for merged
200 secure + non-secure builds (TFM_MCUBOOT_IMAGE_NUMBER == 1).
203 string "Version of the Non-Secure Image"
207 Version of the non-secure image.
[all …]
/Zephyr-latest/arch/arm/include/cortex_m/
Dcmse.h220 * @brief Get the MPU (Non-Secure) region number of an address
222 * Return the non-negative MPU (Non-Secure) region that the address maps to,
227 * - the function is called from Secure state
240 * Return the non-negative SAU (Non-Secure) region that the address maps to,
245 * - the function is called from Secure state
247 * - the given address is not exempt from the secure memory attribution
258 * Return the non-negative IDAU (Non-Secure) region that the address maps to,
263 * - the function is called from Secure state
265 * - the given address is not exempt from the secure memory attribution
276 * Evaluates whether a specified memory location belongs to a Secure region.
[all …]
/Zephyr-latest/dts/common/nordic/
Dnrf5340_cpuapp_partition.dtsi16 * 0x0001_0000 Secure image primary (256 KB)
17 * 0x0005_0000 Non-secure image primary (192 KB)
19 * 0x0008_0000 Secure image secondary (256 KB)
20 * 0x000c_0000 Non-secure image secondary (192 KB)
24 * 0x000f_8000 Non-secure storage, used when built with NRF_NS_STORAGE=ON,
73 * - Lowest 256 kB SRAM allocated to Secure image (sram0_s)
74 * - Upper 256 kB allocated to Non-Secure image (sram0_ns)
75 * Of the memory allocated to the Non-Secure image
76 * - 192 kB SRAM allocated to the Non-Secure application (sram0_ns_app).
91 /* Secure image memory */
[all …]
Dnrf91xx_partition.dtsi16 * 0x0001_0000 Secure image primary (256 KB)
17 * 0x0005_0000 Non-secure image primary (192 KB)
19 * 0x0008_0000 Secure image secondary (256 KB)
20 * 0x000c_0000 Non-secure image secondary (192 KB)
24 * 0x000f_8000 Non-secure storage, used when built with NRF_NS_STORAGE=ON,
75 * - Lowest 88 kB SRAM allocated to Secure image (sram0_s).
76 * - Upper 168 kB SRAM allocated to Non-Secure image (sram0_ns).
77 * Of the memory allocated to the Non-Secure image
87 /* Secure image memory */
92 /* Non-Secure image memory */
[all …]
/Zephyr-latest/soc/nordic/
DKconfig26 The functions are always available when not in non-secure.
27 For non-secure the functions must redirect to secure services exposed
28 by the secure firmware.
33 By default, if we build for a Non-Secure version of the board,
34 enable building with TF-M as the Secure Execution Environment.
42 flash the combined TF-M (Secure) & Zephyr (Non Secure) image
47 Disable TF-M secure output if the uart1 node has not assigned GPIO
51 bool "TF-M non-secure storage partition"
143 bool "Secure APPROTECT handling"
148 Specifies how the SystemInit() function should handle the secure
[all …]
/Zephyr-latest/doc/services/
Dsecure_storage.rst3 Secure storage
6 | The secure storage subsystem provides an implementation of the functions defined in the
7 …`Platform Security Architecture (PSA) Secure Storage API <https://arm-software.github.io/psa-api/s…
14 The secure storage subsystem makes the PSA Secure Storage API available on all board targets with
23 may secure the data stored via the PSA Secure Storage API at rest.
24 | Keep in mind, however, that it's preferable to use a secure processing environment like TF-M when
30 The secure storage subsystem's implementation of the PSA Secure Storage API:
37 * does not guarantee that the data it stores will be secure at rest in all cases.
60 However, this does not guarantee that the data stored will be secure at rest in all cases,
62 It requires a random entropy source and especially a secure encryption key provider
[all …]
/Zephyr-latest/boards/norik/octopus_io_board/
DKconfig.defconfig6 # For the secure version of the board the firmware is linked at the beginning
8 # be loaded by MCUboot. If the secure firmware is to be combined with a non-
9 # secure image (TRUSTED_EXECUTION_SECURE=y), the secure FW image shall always
11 # For the non-secure version of the board, the firmware
12 # must be linked into the code-partition (non-secure) defined in DT, regardless.
/Zephyr-latest/boards/norik/octopus_som/
DKconfig.defconfig6 # For the secure version of the board the firmware is linked at the beginning
8 # be loaded by MCUboot. If the secure firmware is to be combined with a non-
9 # secure image (TRUSTED_EXECUTION_SECURE=y), the secure FW image shall always
11 # For the non-secure version of the board, the firmware
12 # must be linked into the code-partition (non-secure) defined in DT, regardless.
/Zephyr-latest/subsys/secure_storage/src/its/
DCMakeLists.txt15 retrieved through the HW info API. This is not necessarily secure as the device ID may be
17 This means that the data and keys stored via the PSA APIs may not be secure at rest.")
20 The PSA ITS encryption key provider in use is not secure.
22 This means that the data and keys stored via the PSA APIs will not be secure at rest.
23 Use a secure key provider if possible.")
35 The secure storage ITS module is enabled but has no implementation.
/Zephyr-latest/boards/sparkfun/thing_plus/
DKconfig.defconfig9 # For the secure version of the board the firmware is linked at the beginning
11 # be loaded by MCUboot. If the secure firmware is to be combined with a non-
12 # secure image (TRUSTED_EXECUTION_SECURE=y), the secure FW image shall always
14 # For the non-secure version of the board, the firmware
15 # must be linked into the code-partition (non-secure) defined in DT, regardless.

12345678910>>...24