Secure Partition Manager (SPM)

The Secure Partition Manager (SPM) provides functionality for the Trusted Execution Environment of the nRF9160.

Overview

The Cortex-M33 CPU in the nRF9160 implements ARM TrustZone, which means it can run a “secure” and a “non-secure” app side by side. The SPM, being the secure app, is responsible for configuring the permissions and resources of the non-secure app and then booting it. Such configuration is required to run non-secure apps. The SPM also provides the non-secure app with access to features (Secure Services) that are normally only available to secure apps.

The SPM library is used in the nRF9160: Secure Partition Manager sample.

Configuration

The Secure Partition Manager (SPM) uses the SPU peripheral to configure security attributions for the flash, SRAM, and peripherals. Note that the SPU peripheral is the nRF version of an IDAU (Implementation-Defined Security Attribution Unit).

Use Kconfig to configure the security attributions for the peripherals. Modify the source code of the SPM subsystem to configure the security attributions of SRAM. If Partition Manager is used, the security attributions of the flash regions are deduced from the generated file pm.config. Otherwise, the security attributions of the flash regions are deduced from Device Tree information.

For SRAM and peripherals, the following security attribution configuration is applied:

SRAM (256 kB)
  • Lower 64 kB: Secure
  • Upper 192 kB: Non-Secure
Peripherals configured as Non-Secure
  • CLOCK
  • EGU1, EGU2
  • FPU
  • GPIO (and GPIO pins)
  • GPIOTE1
  • IPC
  • NVMC, VMC
  • PWM0-3
  • RTC1
  • SAADC
  • SPIM3
  • TIMER0-2
  • TWIM2
  • UARTE0, UARTE1

Secure Services

The SPM by default provides certain Secure Services to the Non-Secure Firmware. See Secure Services for more information.

API documentation

Header file: include/spm.h
Source files: subsys/spm/
group secure_partition_manager

Secure Partition Manager (SPM).

The Secure Partition Manager (SPM) provides functions for configuring the security attributes of flash, RAM, and peripherals.

Functions

void spm_jump(void)

Jump to non-secure partition.

This function extracts the VTOR_NS from DT_FLASH_AREA_IMAGE_0_NONSECURE_OFFSET_0 and configures the MSP accordingly before jumping to VTOR_NS[1].

void spm_config(void)

Configure security attributes of flash, RAM, and peripherals.

This function reads the security attribute options set for peripherals in Kconfig. The RAM and flash partitioning is configured statically.