1RP2350
2======
3
4Introduction
5------------
6
7RP2350 features a dual-core Arm Cortex-M33 processor with 520 kiB on-chip SRAM,
8support for up to 16MB of off-chip flash and a wide range of flexible I/O option
9including I2C, SPI, and - uniquely - Programmable I/O (PIO). With its security
10features RP2350 offers significant enhancements over RP2040.
11
12This platform port supports TF-M regression tests (Secure and Non-secure)
13with Isolation Level 1 and 2.
14
15.. note::
16
17   Only GNU toolchain is supported.
18
19.. note::
20
21   Only "profile_medium" predefined profile is supported.
22
23Building TF-M
24-------------
25
26Follow the instructions in :doc:`Building instructions </building/tfm_build_instruction>`.
27^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
28
29Build instructions with platform name: rpi/rp2350
30^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
31``-DTFM_PLATFORM=rpi/rp2350``
32
33.. note::
34
35   This platform port relies on
36   `Raspberry Pi Pico SDK <https://github.com/raspberrypi/pico-sdk>`__.
37   Make sure it is either cloned locally or available to download during build.
38   SDK version used for testing: SDK 2.0.0 release.
39
40.. note::
41
42   Building the default platform configuration requires the board to be
43   provisioned. For this the provision bundle needs to be built and run on the
44   board with ``-DPLATFORM_DEFAULT_PROVISIONING=OFF``. The binary must be
45   placed in flash at the address defined by ``PROVISIONING_BUNDLE_START``. One
46   way to do this is to generate a .uf2 file containing the bundle at the start
47   address and copy it to the board. There is an example in the provided
48   pico_uf2.sh script and in the description below.
49
50   If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` and
51   ``-DTFM_DUMMY_PROVISIONING=ON`` then the keys in the
52   ``<TF-M source dir>/platform/ext/common/provisioning_bundle/provisioning_config.cmake``
53   and the default MCUBoot signing keys will be used for provisioning.
54
55   If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` and
56   ``-DTFM_DUMMY_PROVISIONING=OFF`` are set then unique values can be used for
57   provisioning. The keys and seeds can be changed by passing the new values to
58   the build command, or by setting the ``-DPROVISIONING_KEYS_CONFIG`` flag to a
59   .cmake file that contains the keys. An example config cmake file can be seen
60   at
61   ``<TF-M source dir>/platform/ext/common/provisioning_bundle/provisioning_config.cmake``.
62   Otherwise new random values are going to be generated and used. For the image
63   signing the ${MCUBOOT_KEY_S} and ${MCUBOOT_KEY_NS} will be used. These
64   variables should point to .pem files that contain the code signing private
65   keys. The public keys are going to be generated from these private keys and
66   will be used for provisioning. The hash of the public key is going to be
67   written into the ``provisioning_data.c`` automatically.
68
69   If ``-DMCUBOOT_GENERATE_SIGNING_KEYPAIR=ON`` is set then a new mcuboot
70   signing public and private keypair is going to be generated and it's going to
71   be used to sign the S and NS binaries.
72
73   The new generated keypair can be found in the ``<build dir>/bin`` folder or
74   in the ``<install directory>/image_signing/keys`` after installation.
75   The generated provisioning_data.c file can be found at
76   ``<build dir>/platform/target/provisioning/provisioning_data.c``
77
78.. note::
79
80   The provisioning bundle generation depends on pyelftools that needs to be
81   installed via::
82
83    pip3 install pyelftools
84
85Example of build instructions for regression tests with dummy keys:
86^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
87Building Secure side with provisioning bundle:
88
89.. note::
90
91   Add optionally:
92
93   - -DTFM_MULTI_CORE_TOPOLOGY=ON for multicore support
94   - -DPICO_SDK_PATH=<abs-path-to-pico-sdk> for a pre-fetched Pico SDK
95
96.. code-block:: bash
97
98     cmake -S <TF-M-tests source dir>/tests_reg/spe \
99     -B <TF-M-tests source dir>/tests_reg/spe/build_rpi_single \
100     -DTFM_PLATFORM=rpi/rp2350 \
101     -DTFM_TOOLCHAIN_FILE=<TF-M source dir>/toolchain_GNUARM.cmake \
102     -DCONFIG_TFM_SOURCE_PATH=<TF-M source dir> \
103     -DTFM_PROFILE=profile_medium \
104     -DPLATFORM_DEFAULT_PROVISIONING=OFF \
105     -DTEST_S=ON \
106     -DTEST_NS=ON
107
108.. code-block:: bash
109
110     cmake --build <TF-M-tests source dir>/tests_reg/spe/build_rpi_single \
111     -- -j8 install
112
113
114Building Non-Secure side:
115
116.. code-block:: bash
117
118     cmake -S <TF-M-tests source dir>/tests_reg \
119     -B <TF-M-tests source dir>/tests_reg/build_rpi_single \
120     -DCONFIG_SPE_PATH=<TF-M tests source dir>/tests_reg/spe/build_rpi_single/api_ns \
121     -DTFM_TOOLCHAIN_FILE=<TF-M-tests source dir>/tests_reg/spe/build_rpi_single/api_ns/cmake/toolchain_ns_GNUARM.cmake
122
123.. code-block:: bash
124
125     cmake --build <TF-M-tests source dir>/tests_reg/build_rpi_single -- -j8
126
127Binaries need to be converted with a small script pico_uf2.sh.
128It requires uf2conv.py from here:
129https://github.com/microsoft/uf2/blob/master/utils/uf2conv.py.
130It depends on:
131https://github.com/microsoft/uf2/blob/master/utils/uf2families.json.
132Both the above files need to be copied into the same place where pico_uf2.sh
133runs.
134Also, you may need to give executable permissions to both pico_uf2.sh and
135uf2conv.py.
136The tool takes the combined and signed S and NS images in .bin format, and
137generates the corresponding .uf2 file. It also generates the .uf2 for the
138bootloader (bl2.uf2) and the provisioning bundle one.
139
140.. code-block:: bash
141
142     pico_uf2.sh <TF-M-tests source dir> build_rpi_single
143
144Then just copy (drag-and-drop) the bl2.uf2 and tfm_s_ns_signed.uf2 files into
145the board, one at time. It will run the BL2, S and NS tests and print the
146results to the UART (Baudrate 115200).
147If the board needs provisioning, the .uf2 file containing the provisioning
148bundle needs to be copied before tfm_s_ns_signed.uf2. It only needs to be
149done once.
150
151.. note::
152
153   If a different application was copied to the board before, erasing the flash
154   might be necessary.
155
156Erasing the flash:
157
158Generating flash sized image of zeros can be done with the truncate command,
159then it can be converted to the uf2 format with the uf2conv.py utility. The
160resulting uf2 file then needs to be copied to the board. Current platform flash
161size is 2MB, please adjust size based on your board specs
162( ``PICO_FLASH_SIZE_BYTES`` ):
163
164.. code-block:: bash
165
166   truncate -s 2M nullbytes2M.bin
167   uf2conv.py nullbytes2M.bin --base 0x10000000 --convert --output nullbytes2M.uf2 --family 0xe48bff59
168
169-------------
170
171 *SPDX-License-Identifier: BSD-3-Clause*
172 *SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors*
173