Secure Partition Manager (SPM)

The Secure Partition Manager (SPM) uses the SPU peripheral to configure security attributions for the flash, SRAM, and peripherals. Note that the SPU peripheral is the nRF version of an IDAU (Implementation-Defined Security Attribution Unit).

It is used in the nRF9160: Secure Partition Manager sample.

Configuration

Use Kconfig to configure the security attributions for the peripherals. Modify the source code of the SPM subsystem to configure the security attributions of SRAM. If Partition Manager is used, the security attributions of the flash regions are deduced from the generated file pm.config. Otherwise, the security attributions of the flash regions are deduced from Device Tree information.

For SRAM and peripherals, the following security attribution configuration is applied:

SRAM (256 kB)
  • Lower 64 kB: Secure
  • Upper 192 kB: Non-Secure
Peripherals configured as Non-Secure
  • CLOCK
  • EGU1, EGU2
  • FPU
  • GPIO (and GPIO pins)
  • GPIOTE1
  • IPC
  • NVMC, VMC
  • RTC1
  • SAADC
  • SPIM3
  • TIMER0-2
  • TWIM2
  • UARTE0, UARTE1

API documentation

group secure_partition_manager

Secure Partition Manager (SPM).

The Secure Partition Manager (SPM) provides functions for configuring the security attributes of flash, RAM, and peripherals.

Functions

void spm_jump(void)

Jump to non-secure partition.

This function extracts the VTOR_NS from DT_FLASH_AREA_IMAGE_0_NONSECURE_OFFSET_0 and configures the MSP accordingly before jumping to VTOR_NS[1].

void spm_config(void)

Configure security attributes of flash, RAM, and peripherals.

This function reads the security attribute options set for peripherals in Kconfig. The RAM and flash partitioning is configured statically.