nrf_security: cracen: kmu: Support KMU reserved area through DTS

[Vge0rge]

When execution in place (CONFIG_XIP) is not enabled, which in practice
means that when Zephyr is built for a RAM loaded image, the Zephyr
linker script always places the RAM loaded image in the top address
of the RAM and then loads the linker scripts defined with the Zephyr
SECTION_PROLOGUE macros.

SECTION_PROLOGUE Zephyr macros was used to set the address of the
kmu_push_area making it incompatible with RAM loaded images.

The Zephyr reserved-memory devicetree methodology works for both use
cases but it requires heavy updates of multiple device tree files and
overlays. In order to support the RAM loaded images use cases faster
initial support for reserving the memory of nrf_kmu_reserved_push_area
though devicetree is limited to RAM loaded images.

Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>

[NordicBuilder]

The following west manifest projects have changed revision in this Pull Request:

Name	Old Revision	New Revision	Diff
zephyr	nrfconnect/sdk-zephyr@16dc0c6	nrfconnect/sdk-zephyr@b91aa4f (main)	nrfconnect/sdk-zephyr@16dc0c6c..b91aa4fe

✅ All manifest checks OK

Note: This message is automatically posted and updated by the Manifest GitHub Action.

[NordicBuilder]

CI Information

^{To view the history of this post, clich the 'edited' button above}
Build number: 9

Inputs:

Sources:

sdk-nrf: PR head: 255ea661a8c3bec7bbdf837e1e492676952c370e
zephyr: PR head: b91aa4fec5484f6cd076c9333bb474a7f5c002c1

more details

sdk-nrf:

PR head: 255ea661a8c3bec7bbdf837e1e492676952c370e
merge base: 48cf897cd03b680773fc92d1174fec6f3e59790b
target head (main): 2ad79c602d973ecfd471103e14d5f7e3e2a993a2
Diff

zephyr:

PR head: b91aa4fec5484f6cd076c9333bb474a7f5c002c1
merge base: 16dc0c6c01401abcb069ec35139f490c2b13d907
Diff

Github labels

Enabled	Name	Description
	ci-disabled	Disable the ci execution
	ci-all-test	Run all of ci, no test spec filtering will be done
	ci-force-downstream	Force execution of downstream even if twister fails
	ci-run-twister	Force run twister
	ci-run-zephyr-twister	Force run zephyr twister

List of changed files detected by CI (3)

subsys
│  ├── nrf_security
│  │  ├── src
│  │  │  ├── drivers
│  │  │  │  ├── cracen
│  │  │  │  │  ├── cracenpsa
│  │  │  │  │  │  ├── src
│  │  │  │  │  │  │  │ kmu.c
west.yml
zephyr
│  ├── soc
│  │  ├── nordic
│  │  │  ├── nrf54l
│  │  │  │  │ CMakeLists.txt

Outputs:

Toolchain

Version: aedb4c0245
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:aedb4c0245_bece0367df

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

• ◻️ Toolchain - Skipped: existing toolchain is used
• ✅ Build twister - Skipped: Skipping Build & Test as it succeeded in a previous run: 8
• ✅ Integration tests
  • ✅ test-sdk-audio - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-chip - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nfc - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_cloud - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf_crypto - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-rs - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-fem - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-tfm - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-thread - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-sdk-find-my - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-sdk-sidewalk
  • ✅ test-sdk-dfu

Disabled integration tests

• • desktop52_verification
  • doc-internal
  • test_ble_nrf_config
  • test-fw-nrfconnect-apps
  • test-fw-nrfconnect-ble_mesh
  • test-fw-nrfconnect-ble_samples
  • test-fw-nrfconnect-boot
  • test-fw-nrfconnect-nrf-iot_libmodem-nrf
  • test-fw-nrfconnect-nrf-iot_lwm2m
  • test-fw-nrfconnect-nrf-iot_mosh
  • test-fw-nrfconnect-nrf-iot_positioning
  • test-fw-nrfconnect-nrf-iot_samples
  • test-fw-nrfconnect-nrf-iot_serial_lte_modem
  • test-fw-nrfconnect-nrf-iot_thingy91
  • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
  • test-fw-nrfconnect-proprietary_esb
  • test-fw-nrfconnect-ps
  • test-fw-nrfconnect-rpc
  • test-fw-nrfconnect-zigbee
  • test-low-level
  • test-sdk-mcuboot
  • test-sdk-pmic-samples
  • test-sdk-wifi
  • test-secdom-samples-public

Note: This message is automatically posted and updated by the CI

[NordicBuilder]

You can find the documentation preview for this PR at this link.

Note: This comment is automatically posted by the Documentation Publish GitHub Action.

[evenl]

Tested in a use-case where nrfutil uses a small ram application to provision key for nrf54l15 using PSA Crypto, and it seems to work. I used this PR + an overlay file for my application to move the cpuapp_ram node 0x800 bytes out in ram and to create a push_area node at 0x20000000.

[tomi-font]

s/RAM loaded/RAM-loaded/

[github-actions]

After documentation is built, you will find the preview for this PR here.

[Vge0rge]

@nrfconnect/ncs-code-owners please review