Home
last modified time | relevance | path

Searched +full:secure +full:- +full:only (Results 1 – 25 of 247) sorted by relevance

12345678910

/Zephyr-latest/boards/nxp/lpcxpresso55s28/
DKconfig.defconfig4 # SPDX-License-Identifier: Apache-2.0
20 # For the secure version of the board the firmware is linked at the beginning
21 # of the flash, or into the code-partition defined in DT if it is intended to
22 # be loaded by MCUboot. If the secure firmware is to be combined with a non-
23 # secure image (TRUSTED_EXECUTION_SECURE=y), the secure FW image shall always
25 # For the non-secure version of the board, the firmware
26 # must be linked into the code-partition (non-secure) defined in DT, regardless.
31 DT_CHOSEN_Z_CODE_PARTITION := zephyr,code-partition
39 # Board only supports MCUBoot via "upgrade only" method:
/Zephyr-latest/boards/nxp/lpcxpresso55s69/
DKconfig.defconfig2 # SPDX-License-Identifier: Apache-2.0
18 # For the secure version of the board the firmware is linked at the beginning
19 # of the flash, or into the code-partition defined in DT if it is intended to
20 # be loaded by MCUboot. If the secure firmware is to be combined with a non-
21 # secure image (TRUSTED_EXECUTION_SECURE=y), the secure FW image shall always
23 # For the non-secure version of the board, the firmware
24 # must be linked into the code-partition (non-secure) defined in DT, regardless.
29 DT_CHOSEN_Z_CODE_PARTITION := zephyr,code-partition
57 # Board only supports MCUBoot via "upgrade only" method:
/Zephyr-latest/arch/arm/core/
DKconfig4 # SPDX-License-Identifier: Apache-2.0
29 This option signifies the use of a CPU of the Cortex-M family.
44 This option signifies the use of a CPU of the Cortex-R family.
66 This option signifies the use of a CPU of the Cortex-A family.
69 # GDB for ARM expects up to 18 4-byte plus 8 12-byte
70 # registers - 336 HEX letters
76 From: http://www.arm.com/products/processors/technologies/instruction-set-architectures.php
78 Thumb-2 technology is the instruction set underlying the ARM Cortex
83 Thumb-2 technology builds on the success of Thumb, the innovative
93 For performance optimized code Thumb-2 technology uses 31 percent
[all …]
/Zephyr-latest/soc/silabs/silabs_s2/
Dsoc.c4 * SPDX-License-Identifier: Apache-2.0
63 if (SMU->IF & SMU_IF_BMPUSEC) { in smu_fault()
65 PR_EXC("SMU.BMPUFS=%d", SMU->BMPUFS); in smu_fault()
67 if (SMU->IF & SMU_IF_PPUSEC) { in smu_fault()
69 PR_EXC("SMU.PPUFS=%d", SMU->PPUFS); in smu_fault()
79 * If this is a secure app with no non-secure callable functions, it is a secure-only app. in soc_prep_hook()
80 * Configure all peripherals except the SMU and SEMAILBOX to non-secure aliases, and make in soc_prep_hook()
81 * all bus transactions from the CPU have non-secure attribution. in soc_prep_hook()
82 * This makes the secure-only app behave more like a non-secure app, allowing the use of in soc_prep_hook()
83 * libraries that only expect to use non-secure peripherals, such as the radio subsystem. in soc_prep_hook()
[all …]
/Zephyr-latest/arch/arm/core/cortex_m/
Dirq_manage.c2 * Copyright (c) 2013-2014 Wind River Systems, Inc.
4 * SPDX-License-Identifier: Apache-2.0
9 * @brief ARM Cortex-M interrupt management
49 return NVIC->ISER[REG_FROM_IRQ(irq)] & BIT(BIT_FROM_IRQ(irq)); in arch_irq_is_enabled()
77 /* Use caller supplied prio level as-is */ in z_arm_irq_priority_set()
86 * reduced set of priorities, like Cortex-M0/M0+). in z_arm_irq_priority_set()
88 __ASSERT(prio <= (BIT(NUM_IRQ_PRIO_BITS) - 1), in z_arm_irq_priority_set()
90 prio - _IRQ_PRIO_OFFSET, irq, in z_arm_irq_priority_set()
91 BIT(NUM_IRQ_PRIO_BITS) - (_IRQ_PRIO_OFFSET)); in z_arm_irq_priority_set()
123 /* Lock all interrupts. irq_lock() will on this CPU only disable those in _arch_isr_direct_pm()
[all …]
/Zephyr-latest/samples/bluetooth/peripheral_sc_only/
DREADME.rst1 .. zephyr:code-sample:: ble_peripheral_sc_only
2 :name: Peripheral SC-only
3 :relevant-api: bt_conn bluetooth
5 Enable "Secure Connections Only" mode for a Bluetooth LE peripheral.
10 Similar to the :zephyr:code-sample:`ble_peripheral` sample, except that this
11 application enables the Secure Connections Only mode, i.e. will only
27 See :zephyr:code-sample-category:`bluetooth` samples for details.
Dsample.yaml2 name: Bluetooth Peripheral SC-only
3 description: Demonstrates Secure Connections Only mode
8 - qemu_cortex_m3
9 - qemu_x86
12 - qemu_cortex_m3
/Zephyr-latest/dts/bindings/reserved-memory/
Dnordic,owned-memory.yaml2 # SPDX-License-Identifier: Apache-2.0
13 reserved-memory {
15 compatible = "nordic,owned-memory";
36 compatible: "nordic,owned-memory"
38 include: [base.yaml, "zephyr,memory-common.yaml"]
47 Array of (owner-id, permission-flags) pairs, where:
49 - Owner ID represents the domain that will have access to this memory.
53 - Permissions are encoded as a 32-bit bitfield, using the flags found in
54 include/zephyr/dt-bindings/reserved-memory/nordic-owned-memory.h,
64 owner-id:
[all …]
/Zephyr-latest/arch/arc/
DKconfig4 # SPDX-License-Identifier: Apache-2.0
38 v2 ISA for the ARC-HS & ARC-EM cores
66 If y, the SoC uses an ARC EM4 DMIPS CPU with the single-precision
67 floating-point extension
73 If y, the SoC uses an ARC EM4 DMIPS CPU with single-precision
74 floating-point and double assist instructions
135 - LPcc instruction
136 - LP_COUNT core reg
137 - LP_START, LP_END aux regs
144 Interrupt priorities available will be 0 to NUM_IRQ_PRIO_LEVELS-1.
[all …]
/Zephyr-latest/subsys/secure_storage/src/its/
DCMakeLists.txt1 # SPDX-License-Identifier: Apache-2.0
15 retrieved through the HW info API. This is not necessarily secure as the device ID may be
17 This means that the data and keys stored via the PSA APIs may not be secure at rest.")
20 The PSA ITS encryption key provider in use is not secure.
21 It's only intended for functional support.
22 This means that the data and keys stored via the PSA APIs will not be secure at rest.
23 Use a secure key provider if possible.")
35 The secure storage ITS module is enabled but has no implementation.
/Zephyr-latest/boards/ezurio/bl5340_dvk/
Dbl5340_dvk_nrf5340_cpuapp_partition_conf.dtsi2 * Copyright (c) 2019-2020 Nordic Semiconductor ASA
5 * SPDX-License-Identifier: Apache-2.0
11 * Zephyr build for BL5340 with ARM TrustZone-M support
12 * implies building Secure and Non-Secure Zephyr images.
14 * Secure image will be placed, by default, in flash0
16 * Secure image will use sram0 for system memory.
18 * Non-Secure image will be placed in slot0_ns, and use
21 * Note that the Secure image only requires knowledge of
22 * the beginning of the Non-Secure image (not its size).
42 * ARM TrustZone-M support
[all …]
/Zephyr-latest/arch/arm/core/cortex_m/tz/
DCMakeLists.txt1 # SPDX-License-Identifier: Apache-2.0
3 # '-mcmse' enables the generation of code for the Secure state of the ARMv8-M
4 # Security Extensions. This option is required when building a Secure firmware.
5 zephyr_compile_options_ifdef(CONFIG_ARM_SECURE_FIRMWARE -mcmse)
9 # --out-implib and --cmse-implib instruct the linker to produce
11 # only a symbol table with the entry veneers. The library may be used
12 # when building a Non-Secure image which shall have access to Secure
15 ${LINKERFLAGPREFIX},--out-implib=${CMAKE_BINARY_DIR}/${CONFIG_ARM_ENTRY_VENEERS_LIB_NAME}
19 ${LINKERFLAGPREFIX},--cmse-implib
32 # Link the entry veneers library file with the Non-Secure Firmware that needs it.
/Zephyr-latest/subsys/random/
DKconfig4 # SPDX-License-Identifier: Apache-2.0
9 bool "Allow non-random number generator"
11 This option signifies that a non-random number generator is allowed to
16 number generator is not available. The non-random number generator
19 This option is intended to be selected only by application-level
22 truly random. Board-level configurations must not select this option
26 Note that this option does not imply that a non-random number generator
27 is selected -- that is indicated by RNG_GENERATOR_CHOICE. An entropy
28 device-backed random number generator, if available, will be selected by
45 Platform dependent non-cryptographically secure random number support.
[all …]
/Zephyr-latest/doc/services/tfm/
Doverview.rst1 Trusted Firmware-M Overview
4 `Trusted Firmware-M (TF-M) <https://tf-m-user-guide.trustedfirmware.org/>`__
6 `IoT Security Framework <https://www.psacertified.org/what-is-psa-certified/>`__.
10 Zephyr RTOS has been PSA Certified since Zephyr 2.0.0 with TF-M 1.0, and
11 is currently integrated with TF-M 2.1.0.
13 What Does TF-M Offer?
16 Through a set of secure services and by design, TF-M provides:
18 * Isolation of secure and non-secure resources
19 * Embedded-appropriate crypto
22 * Protected off-chip data storage and retrieval
[all …]
Dbuild.rst3 TF-M Build System
6 When building a valid ``_ns`` board target, TF-M will be built in the
7 background, and linked with the Zephyr non-secure application. No knowledge
8 of TF-M's build system is required in most cases, and the following will
9 build a TF-M and Zephyr image pair, and run it in qemu with no additional
12 .. code-block:: bash
14 … $ west build -p auto -b mps2/an521/cpu0/ns samples/tfm_integration/psa_protected_storage/ -t run
18 deal with signing the secure and non-secure images before deploying them.
20 Images Created by the TF-M Build
23 The TF-M build system creates the following executable files:
[all …]
/Zephyr-latest/drivers/tee/optee/
Doptee_rpc_cmd.h1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * Copyright (c) 2016-2021, Linaro Limited
12 * Only the commands handled by the kernel driver are defined here.
14 * RPC communication with tee-supplicant is reversed compared to normal
23 * 1970-01-01 00:00:00 +0000 (UTC).
31 * Notification from/to secure world.
33 * If secure world needs to wait for something, for instance a mutex, it
34 * does a notification wait request instead of spinning in secure world.
35 * Conversely can a synchronous notification can be sent when a secure
39 * which instead is sent via a non-secure interrupt.
[all …]
Doptee_smc.h1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * Copyright (c) 2015-2021, Linaro Limited
11 * This file is exported by OP-TEE and is in kept in sync between secure
70 * Normal cached memory (write-back), shareable for SMP systems and not
78 * 32-bit registers.
86 * 384fb3e0-e7f8-11e3-af63-0002a5d5c51b.
110 * Used by non-secure world to figure out which Trusted OS is installed.
113 * Returns UUID in a0-4 in the same way as OPTEE_SMC_CALLS_UID
123 * Used by non-secure world to figure out which version of the Trusted OS
127 * Returns revision in a0-1 in the same way as OPTEE_SMC_CALLS_REVISION
[all …]
/Zephyr-latest/arch/arm/include/cortex_m/
Dcmse.h4 * SPDX-License-Identifier: Apache-2.0
11 * CMSE API for Cortex-M23/M33 CPUs.
40 * Return the non-negative MPU region that the address maps to,
41 * or -EINVAL to indicate that an invalid MPU region was retrieved.
44 * Obtained region is valid only if:
45 * - the function is called from privileged mode
46 * - the MPU is implemented and enabled
47 * - the given address matches a single, enabled MPU region
51 * @return a valid MPU region number or -EINVAL
62 * - if executed from an unprivileged mode,
[all …]
/Zephyr-latest/tests/arch/arm/arm_irq_advanced_features/src/
Darm_irq_target_state.c4 * SPDX-License-Identifier: Apache-2.0
25 for (i = CONFIG_NUM_IRQS - 1; i >= 0; i--) { in ZTEST()
28 * In-use interrupts are automatically enabled by in ZTEST()
47 * un-pended, it is guaranteed that it in ZTEST()
58 "No available IRQ line to configure as zero-latency\n"); in ZTEST()
62 /* Set the available IRQ line to Secure and check the result. */ in ZTEST()
67 "Target state not set to Secure\n"); in ZTEST()
70 "Target state not set to Secure\n"); in ZTEST()
72 /* Set the available IRQ line to Secure and check the result. */ in ZTEST()
77 "Target state not set to Secure\n"); in ZTEST()
[all …]
/Zephyr-latest/boards/st/nucleo_l552ze_q/
Dnucleo_l552ze_q_stm32l552xx_ns.dts4 * SPDX-License-Identifier: Apache-2.0
7 /dts-v1/;
8 #include "nucleo_l552ze_q-common.dtsi"
11 model = "STMicroelectronics STM32L552ZE-NUCLEO-Q board";
12 compatible = "st,stm32l552ze-nucleo-q";
14 #address-cells = <1>;
15 #size-cells = <1>;
19 zephyr,shell-uart = &lpuart1;
22 zephyr,code-partition = &slot0_ns_partition;
34 compatible = "fixed-partitions";
[all …]
/Zephyr-latest/subsys/net/lib/tls_credentials/
DKconfig2 # SPDX-License-Identifier: Apache-2.0
12 module-str = tls_credentials
52 The secure files will have been previously provisioned to the
53 device's secure file system; eg, via a vendor tool or
55 This option is currently only available for secure
/Zephyr-latest/doc/security/
Dsecure-coding.rst3 Secure Coding
6 Traditionally, microcontroller-based systems have not placed much
33 We begin with an overview of secure design as it relates to
35 a section on `Secure development knowledge`_, which
38 documents, and full details of how to write secure software are beyond
46 documentation about how security-sensitive issues are handled by the
52 Secure Coding
55 Designing an open software system such as Zephyr to be secure requires
60 - **Open design** as a design guideline incorporates the maxim that
62 widespread use. Instead of relying on secret, custom-tailored
[all …]
/Zephyr-latest/soc/nordic/common/
Dsoc_secure.h4 * SPDX-License-Identifier: Apache-2.0
34 /* Include these soc_secure_* functions only when the FICR is mapped as secure only */
45 (void *)&NRF_FICR_S->XOSC32MTRIM, in soc_secure_read_xosc32mtrim()
47 __ASSERT(err == 0, "Secure read error (%d)", err); in soc_secure_read_xosc32mtrim()
58 (void *)&NRF_FICR_S->INFO.DEVICEID, in soc_secure_read_deviceid()
60 __ASSERT(err == 0, "Secure read error (%d)", err); in soc_secure_read_deviceid()
68 return NRF_FICR_S->XOSC32MTRIM; in soc_secure_read_xosc32mtrim()
/Zephyr-latest/boards/qemu/arc/
Darc_mpu_regions.c4 * SPDX-License-Identifier: Apache-2.0
10 #include <zephyr/linker/linker-defs.h>
13 * for secure firmware, MPU entries are only set up for secure world.
14 * All regions not listed here are shared by secure world and normal world.
62 * Region peripheral is shared by secure world and normal world by default,
63 * no need a static mpu entry. If some peripherals belong to secure world,
/Zephyr-latest/boards/innblue/innblue21/doc/
Dindex.rst7 is based on the nRF9160 SiP, and features NB-IoT and LTE-M connectivity.
26 +-----------+------------+----------------------+
28 +-----------+------------+----------------------+
29 | CLOCK | on-chip | clock_control |
30 +-----------+------------+----------------------+
31 | FLASH | on-chip | flash |
32 +-----------+------------+----------------------+
33 | GPIO | on-chip | gpio |
34 +-----------+------------+----------------------+
35 | I2C(M) | on-chip | i2c |
[all …]

12345678910