Secure Partition Manager (SPM)

The Secure Partition Manager (SPM) provides functionality for the Trusted Execution Environment of the nRF9160 SiP and the nRF5340 SoC. As of nRF Connect SDK v2.1.0, the Secure Partition Manager is replaced by the Trusted Firmware-M (TF-M) and deprecated. It will be removed in a future release of the nRF Connect SDK.

See Running applications with Trusted Firmware-M for more information about the TF-M.

Overview

The Cortex-M33 CPU in the nRF9160 and nRF5340 devices implements ARM TrustZone. This allows the CPU to run firmware in Secure Processing Environment (SPE) and Non-Secure Processing Environment (NSPE) side by side.

The SPM runs as an SPE firmware. It configures the permissions and resources of the NSPE firmware and then boots it. Such separation of firmware is required to run NSPE applications.

The SPM also provides NSPE firmware with access to features that are normally only available to firmware in SPE. You can find the feature list on the Secure Services page.

Note

If your application uses TF-M, SPM is not included in the build.

The SPM library is used in the Secure Partition Manager sample.

Configuration

The Secure Partition Manager (SPM) uses the System Protection Unit (SPU) peripheral to set security attributions for the flash memory, the SRAM, and other peripherals. Security attributions are boolean Kconfig options that configure security settings like, for example, defining a peripheral as secure or non-secure. The SPU peripheral is the nRF version of an Implementation-Defined Security Attribution Unit (IDAU).

To configure SPM, do the following:

  • Use Kconfig to configure the security attributions for the peripherals.

  • Modify the source code of the SPM library to configure the security attributions of the SRAM.

Partition Manager must be used with SPM. The security attributions of the flash memory regions are taken from the generated pm.config file.

For the SRAM and the peripherals, the following security attribution configuration is applied:

  • Lower 64 kB: Secure

  • Upper 192 kB: Non-Secure

In total, this makes 256 kB for the SRAM.

The following peripherals are configured as Non-Secure:

  • Common peripherals:

    • CLOCK

    • DPPI

    • EGU1, EGU2

    • FPU

    • GPIO (and GPIO pins)

    • GPIOTE1

    • IPC

    • NFCT

    • NVMC, VMC

    • PWM0-3

    • REGULATORS

    • RTC0, RTC1

    • SAADC

    • SPIM3

    • TIMER0-2

    • TWIM2

    • UARTE0, UARTE1

    • P0

  • nRF9160 SiP specific peripherals:

    • WDT

    • PDM

    • I2S

  • nRF5340 SoC specific peripherals:

    • Oscillators

    • Reset

    • SPIM4

    • WDT0-1

    • COMP

    • LPCOMP

    • PDM0

    • I2S0

    • QSPI

    • NFCT

    • MUTEX

    • QDEC0-1

    • USBD

    • USB Regulator

    • P1

Secure Services

The SPM provides by default certain Secure Services to the NSPE firmware. See Secure Services for more information.

API documentation

Header file: include/spm.h
Source files: subsys/spm/
group secure_partition_manager

Secure Partition Manager (SPM).

The Secure Partition Manager (SPM) provides functions for configuring the security attributes of flash, RAM, and peripherals.

Functions

void spm_jump(void)

Jump to non-secure partition.

This function extracts the VTOR_NS from DT_FLASH_AREA_IMAGE_0_NONSECURE_OFFSET_0 and configures the MSP accordingly before jumping to VTOR_NS[1].

void spm_config(void)

Configure security attributes of flash, RAM, and peripherals.

This function reads the security attribute options set for peripherals in Kconfig. The RAM and flash partitioning is configured statically.