Secure Services

Secure Services are functions implemented in the Secure Firmware (nRF9160: Secure Partition Manager), but made available to be called from the Non-Secure Firmware.

Calling functions in this API requires that the service is enabled in the nRF9160: Secure Partition Manager. See CONFIG_SPM_SECURE_SERVICES in the nRF9160: Secure Partition Manager’s menuconfig. Some services are enabled by default.

By default CONFIG_SPM_BLOCK_NON_SECURE_RESET is disabled. This is to make sure that your debugger will be able to issue a system reset during the development stage and that devices which do not have pin-reset routed can do a re-flashing routine correctly. This option should be turned off when you are putting a product into production to increase the security of your device.

API documentation

Header file: include/secure_services.h
Source file: subsys/spm/secure_services.c (compiled into the nRF9160: Secure Partition Manager)
group secure_services

Secure services available to the Non-Secure Firmware.

The Secure Services provide access to functionality controlled by the Secure Firmware.


void spm_request_system_reboot(void)

Request a system reboot from the Secure Firmware.

Rebooting is not available from the Non-Secure Firmware.

int spm_request_random_number(u8_t *output, size_t len, size_t *olen)

Request a random number from the Secure Firmware.

This provides a True Random Number from the on-board random number generator.


Currently, the RNG hardware is run each time this is called. This spends significant time and power.

  • [out] output: The random number. Must be at least len long.

  • [in] len: The length of the output array. Currently, len must be 144.

  • [out] olen: The length of the random number provided.

Return Value
  • 0: If successful.

  • -EINVAL: If len is invalid. Currently, len must be 144.

int spm_request_read(void *destination, u32_t addr, size_t len)

Request a read operation to be executed from Secure Firmware.

  • [out] destination: Pointer to destination array where the content is to be copied.

  • [in] addr: Address to be copied from.

  • [in] len: Number of bytes to copy.

Return Value
  • 0: If successful.

  • -EINVAL: If destination is NULL, or if len is <= 0.

  • -EPERM: If source is outside of allowed ranges.

int spm_firmware_info(u32_t fw_address, struct fw_info *info)

Search for the fw_info structure in firmware image located at address.

  • [in] fw_address: Address where firmware image is stored.

  • [out] info: Pointer to where found info is stored.

Return Value
  • 0: If successful.

  • -EINVAL: If info is NULL.

  • -EFAULT: If no info is found.

int spm_prevalidate_b1_upgrade(u32_t dst_addr, u32_t src_addr)

Prevalidate a B1 update

This is performed by the B0 bootloader.

  • [in] dst_addr: Target location for the upgrade. This will typically be the start address of either S0 or S1.

  • [in] src_addr: Current location of the upgrade.

Return Value
  • 1: If the upgrade is valid.

  • 0: If the upgrade is invalid.

  • -ENOTSUP: If the functionality is unavailable.