From e7ce300c385c1cf5f4a5a47e12e1d2da62dc448d Mon Sep 17 00:00:00 2001 From: Mateusz Kapala Date: Wed, 19 Feb 2025 11:53:36 +0100 Subject: [PATCH 1/4] partition_manager: Fix bt_fast_pair partition for TF-M Fixed the bt_fast_pair PM partition so it can be used together with TF-M without issues. Jira: NCSDK-31901 Jira: NCSDK-31777 Signed-off-by: Mateusz Kapala --- subsys/partition_manager/pm.yml.bt_fast_pair | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/subsys/partition_manager/pm.yml.bt_fast_pair b/subsys/partition_manager/pm.yml.bt_fast_pair index 4cfeac63583c..cc033ade5456 100644 --- a/subsys/partition_manager/pm.yml.bt_fast_pair +++ b/subsys/partition_manager/pm.yml.bt_fast_pair @@ -1,5 +1,12 @@ +#include + bt_fast_pair: placement: - before: end + before: [tfm_storage, end] +#ifdef CONFIG_BUILD_WITH_TFM + align: {start: CONFIG_NRF_TRUSTZONE_FLASH_REGION_SIZE} +#else align: {start: 0x04} +#endif + inside: [nonsecure_storage] size: 0x48 From dd7e51e1db4f72c46485e0694c5a59ae88c8d110 Mon Sep 17 00:00:00 2001 From: Mateusz Kapala Date: Tue, 18 Feb 2025 15:51:38 +0100 Subject: [PATCH 2/4] samples: bluetooth: fast_pair: input_device: Change TF-M profile Changed TF-M profile from minimal to manually configured with minimal feature set needed for the proper work of the Bluetooth stack that uses PSA Crypto. Jira: NCSDK-31777 Signed-off-by: Mateusz Kapala --- .../boards/nrf5340dk_nrf5340_cpuapp_ns.conf | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 samples/bluetooth/fast_pair/input_device/boards/nrf5340dk_nrf5340_cpuapp_ns.conf diff --git a/samples/bluetooth/fast_pair/input_device/boards/nrf5340dk_nrf5340_cpuapp_ns.conf b/samples/bluetooth/fast_pair/input_device/boards/nrf5340dk_nrf5340_cpuapp_ns.conf new file mode 100644 index 000000000000..6a2fd28cfde3 --- /dev/null +++ b/samples/bluetooth/fast_pair/input_device/boards/nrf5340dk_nrf5340_cpuapp_ns.conf @@ -0,0 +1,16 @@ +# +# Copyright (c) 2025 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause +# + +# TF-M profile has to be properly configured to be able to run +# the Bluetooth stack which uses PSA crypto API. +# The following configuration is a minimal set of options required. +CONFIG_TFM_PROFILE_TYPE_NOT_SET=y + +CONFIG_TFM_PARTITION_PLATFORM=y +CONFIG_TFM_PARTITION_CRYPTO=y +CONFIG_TFM_PARTITION_INTERNAL_TRUSTED_STORAGE=y +CONFIG_TFM_PARTITION_PROTECTED_STORAGE=n +CONFIG_TFM_PARTITION_INITIAL_ATTESTATION=n From e8d8ed9450e251b99e093a05530c54cd963aa650 Mon Sep 17 00:00:00 2001 From: Mateusz Kapala Date: Wed, 19 Feb 2025 13:52:56 +0100 Subject: [PATCH 3/4] samples: bluetooth: fast_pair: locator_tag: Change TF-M profile Changed TF-M profile from minimal to manually configured with minimal feature set needed for the proper work of the Bluetooth stack that uses PSA Crypto. Changed pm_static files for nrf5340dk/nrf5340/cpuapp/ns and thingy53/nrf5340/cpuapp/ns to accomodate needed tfm_its partition and fix placement of bt_fast_pair partition. Jira: NCSDK-31777 Signed-off-by: Mateusz Kapala --- .../boards/nrf5340dk_nrf5340_cpuapp_ns.conf | 16 ++++++++++ .../nrf5340dk_nrf5340_cpuapp_ns_release.conf | 11 +++++++ .../boards/thingy53_nrf5340_cpuapp_ns.conf | 11 +++++++ .../thingy53_nrf5340_cpuapp_ns_release.conf | 11 +++++++ .../pm_static_nrf5340dk_nrf5340_cpuapp_ns.yml | 32 ++++++++++++------- .../pm_static_thingy53_nrf5340_cpuapp_ns.yml | 32 ++++++++++++------- 6 files changed, 89 insertions(+), 24 deletions(-) create mode 100644 samples/bluetooth/fast_pair/locator_tag/configuration/boards/nrf5340dk_nrf5340_cpuapp_ns.conf diff --git a/samples/bluetooth/fast_pair/locator_tag/configuration/boards/nrf5340dk_nrf5340_cpuapp_ns.conf b/samples/bluetooth/fast_pair/locator_tag/configuration/boards/nrf5340dk_nrf5340_cpuapp_ns.conf new file mode 100644 index 000000000000..6a2fd28cfde3 --- /dev/null +++ b/samples/bluetooth/fast_pair/locator_tag/configuration/boards/nrf5340dk_nrf5340_cpuapp_ns.conf @@ -0,0 +1,16 @@ +# +# Copyright (c) 2025 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause +# + +# TF-M profile has to be properly configured to be able to run +# the Bluetooth stack which uses PSA crypto API. +# The following configuration is a minimal set of options required. +CONFIG_TFM_PROFILE_TYPE_NOT_SET=y + +CONFIG_TFM_PARTITION_PLATFORM=y +CONFIG_TFM_PARTITION_CRYPTO=y +CONFIG_TFM_PARTITION_INTERNAL_TRUSTED_STORAGE=y +CONFIG_TFM_PARTITION_PROTECTED_STORAGE=n +CONFIG_TFM_PARTITION_INITIAL_ATTESTATION=n diff --git a/samples/bluetooth/fast_pair/locator_tag/configuration/boards/nrf5340dk_nrf5340_cpuapp_ns_release.conf b/samples/bluetooth/fast_pair/locator_tag/configuration/boards/nrf5340dk_nrf5340_cpuapp_ns_release.conf index dba929f0715c..cb44f9259979 100644 --- a/samples/bluetooth/fast_pair/locator_tag/configuration/boards/nrf5340dk_nrf5340_cpuapp_ns_release.conf +++ b/samples/bluetooth/fast_pair/locator_tag/configuration/boards/nrf5340dk_nrf5340_cpuapp_ns_release.conf @@ -4,5 +4,16 @@ # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause # +# TF-M profile has to be properly configured to be able to run +# the Bluetooth stack which uses PSA crypto API. +# The following configuration is a minimal set of options required. +CONFIG_TFM_PROFILE_TYPE_NOT_SET=y + +CONFIG_TFM_PARTITION_PLATFORM=y +CONFIG_TFM_PARTITION_CRYPTO=y +CONFIG_TFM_PARTITION_INTERNAL_TRUSTED_STORAGE=y +CONFIG_TFM_PARTITION_PROTECTED_STORAGE=n +CONFIG_TFM_PARTITION_INITIAL_ATTESTATION=n + # Disable TF-M logging CONFIG_TFM_LOG_LEVEL_SILENCE=y diff --git a/samples/bluetooth/fast_pair/locator_tag/configuration/boards/thingy53_nrf5340_cpuapp_ns.conf b/samples/bluetooth/fast_pair/locator_tag/configuration/boards/thingy53_nrf5340_cpuapp_ns.conf index e49d1116cd23..831fe38be800 100644 --- a/samples/bluetooth/fast_pair/locator_tag/configuration/boards/thingy53_nrf5340_cpuapp_ns.conf +++ b/samples/bluetooth/fast_pair/locator_tag/configuration/boards/thingy53_nrf5340_cpuapp_ns.conf @@ -34,3 +34,14 @@ CONFIG_DULT_BATTERY_TYPE_RECHARGEABLE=y # * thingy53/nrf5340/cpuapp(/ns) CONFIG_BT_ADV_PROV_TX_POWER_CORRECTION_VAL=-12 CONFIG_BT_FAST_PAIR_FMDN_TX_POWER_CORRECTION_VAL=-12 + +# TF-M profile has to be properly configured to be able to run +# the Bluetooth stack which uses PSA crypto API. +# The following configuration is a minimal set of options required. +CONFIG_TFM_PROFILE_TYPE_NOT_SET=y + +CONFIG_TFM_PARTITION_PLATFORM=y +CONFIG_TFM_PARTITION_CRYPTO=y +CONFIG_TFM_PARTITION_INTERNAL_TRUSTED_STORAGE=y +CONFIG_TFM_PARTITION_PROTECTED_STORAGE=n +CONFIG_TFM_PARTITION_INITIAL_ATTESTATION=n diff --git a/samples/bluetooth/fast_pair/locator_tag/configuration/boards/thingy53_nrf5340_cpuapp_ns_release.conf b/samples/bluetooth/fast_pair/locator_tag/configuration/boards/thingy53_nrf5340_cpuapp_ns_release.conf index aa0f9bb92a55..daf78734f64c 100644 --- a/samples/bluetooth/fast_pair/locator_tag/configuration/boards/thingy53_nrf5340_cpuapp_ns_release.conf +++ b/samples/bluetooth/fast_pair/locator_tag/configuration/boards/thingy53_nrf5340_cpuapp_ns_release.conf @@ -29,3 +29,14 @@ CONFIG_DULT_BATTERY_TYPE_RECHARGEABLE=y # * thingy53/nrf5340/cpuapp(/ns) CONFIG_BT_ADV_PROV_TX_POWER_CORRECTION_VAL=-12 CONFIG_BT_FAST_PAIR_FMDN_TX_POWER_CORRECTION_VAL=-12 + +# TF-M profile has to be properly configured to be able to run +# the Bluetooth stack which uses PSA crypto API. +# The following configuration is a minimal set of options required. +CONFIG_TFM_PROFILE_TYPE_NOT_SET=y + +CONFIG_TFM_PARTITION_PLATFORM=y +CONFIG_TFM_PARTITION_CRYPTO=y +CONFIG_TFM_PARTITION_INTERNAL_TRUSTED_STORAGE=y +CONFIG_TFM_PARTITION_PROTECTED_STORAGE=n +CONFIG_TFM_PARTITION_INITIAL_ATTESTATION=n diff --git a/samples/bluetooth/fast_pair/locator_tag/configuration/pm_static_nrf5340dk_nrf5340_cpuapp_ns.yml b/samples/bluetooth/fast_pair/locator_tag/configuration/pm_static_nrf5340dk_nrf5340_cpuapp_ns.yml index 93e914f30a87..29bb32ba1e57 100644 --- a/samples/bluetooth/fast_pair/locator_tag/configuration/pm_static_nrf5340dk_nrf5340_cpuapp_ns.yml +++ b/samples/bluetooth/fast_pair/locator_tag/configuration/pm_static_nrf5340dk_nrf5340_cpuapp_ns.yml @@ -10,7 +10,7 @@ mcuboot_primary: - tfm - app region: flash_primary - size: 0xef000 + size: 0xe8000 span: *id001 mcuboot_pad: address: 0xc000 @@ -19,38 +19,46 @@ mcuboot_pad: tfm: address: 0xc200 region: flash_primary - size: 0xbe00 + size: 0x17e00 tfm_secure: address: 0xc000 - size: 0xc000 + size: 0x18000 span: [mcuboot_pad, tfm] tfm_nonsecure: - address: 0x18000 - size: 0xe3000 + address: 0x24000 + size: 0xd0000 span: [app] app: - address: 0x18000 + address: 0x24000 region: flash_primary - size: 0xe3000 + size: 0xd0000 mcuboot_primary_app: address: 0xc200 orig_span: &id002 - tfm - app region: flash_primary - size: 0xeee00 + size: 0xe7e00 span: *id002 +nonsecure_storage: + address: 0xf4000 + size: 0x8000 + span: [bt_fast_pair, settings_storage] bt_fast_pair: - address: 0xfb000 + address: 0xf4000 region: flash_primary size: 0x1000 +settings_storage: + address: 0xf5000 + region: flash_primary + size: 0x7000 -nonsecure_storage: +tfm_storage: address: 0xfc000 size: 0x4000 - span: [settings_storage] -settings_storage: + span: [tfm_its] +tfm_its: address: 0xfc000 region: flash_primary size: 0x4000 diff --git a/samples/bluetooth/fast_pair/locator_tag/configuration/pm_static_thingy53_nrf5340_cpuapp_ns.yml b/samples/bluetooth/fast_pair/locator_tag/configuration/pm_static_thingy53_nrf5340_cpuapp_ns.yml index 93e914f30a87..29bb32ba1e57 100644 --- a/samples/bluetooth/fast_pair/locator_tag/configuration/pm_static_thingy53_nrf5340_cpuapp_ns.yml +++ b/samples/bluetooth/fast_pair/locator_tag/configuration/pm_static_thingy53_nrf5340_cpuapp_ns.yml @@ -10,7 +10,7 @@ mcuboot_primary: - tfm - app region: flash_primary - size: 0xef000 + size: 0xe8000 span: *id001 mcuboot_pad: address: 0xc000 @@ -19,38 +19,46 @@ mcuboot_pad: tfm: address: 0xc200 region: flash_primary - size: 0xbe00 + size: 0x17e00 tfm_secure: address: 0xc000 - size: 0xc000 + size: 0x18000 span: [mcuboot_pad, tfm] tfm_nonsecure: - address: 0x18000 - size: 0xe3000 + address: 0x24000 + size: 0xd0000 span: [app] app: - address: 0x18000 + address: 0x24000 region: flash_primary - size: 0xe3000 + size: 0xd0000 mcuboot_primary_app: address: 0xc200 orig_span: &id002 - tfm - app region: flash_primary - size: 0xeee00 + size: 0xe7e00 span: *id002 +nonsecure_storage: + address: 0xf4000 + size: 0x8000 + span: [bt_fast_pair, settings_storage] bt_fast_pair: - address: 0xfb000 + address: 0xf4000 region: flash_primary size: 0x1000 +settings_storage: + address: 0xf5000 + region: flash_primary + size: 0x7000 -nonsecure_storage: +tfm_storage: address: 0xfc000 size: 0x4000 - span: [settings_storage] -settings_storage: + span: [tfm_its] +tfm_its: address: 0xfc000 region: flash_primary size: 0x4000 From 8b6e6004647023eebeb428c6d2dcd7f8617ec242 Mon Sep 17 00:00:00 2001 From: Mateusz Kapala Date: Thu, 20 Feb 2025 15:10:20 +0100 Subject: [PATCH 4/4] doc: release: Add changelog related to FP partition and TF-M profile Added changelog related to fixing bt_fast_pair partition definition and changes in the TF-M profile configuration in FP samples. Jira: NCSDK-31901 Jira: NCSDK-31777 Signed-off-by: Mateusz Kapala --- .../releases/release-notes-changelog.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst b/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst index 6c23b90cc9fa..a8ac9ccc934c 100644 --- a/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst +++ b/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst @@ -310,10 +310,18 @@ Bluetooth Fast Pair samples --------------------------- * Added support for the ``nrf54l15dk/nrf54l05/cpuapp`` and ``nrf54l15dk/nrf54l10/cpuapp`` board targets in all Fast Pair samples. +* Updated the non-secure target (``nrf5340dk/nrf5340/cpuapp/ns`` and ``thingy53/nrf5340/cpuapp/ns``) configurations of the following samples to use configurable TF-M profile instead of the predefined minimal TF-M profile: + + * :ref:`fast_pair_locator_tag` + * :ref:`fast_pair_input_device` + + This change results from the Bluetooth subsystem transition to the PSA cryptographic standard. + The Bluetooth stack can now use the PSA crypto API in the non-secure domain as all necessary TF-M partitions are configured properly. * :ref:`fast_pair_locator_tag` sample: * Added support for the :ref:`zephyr:nrf54h20dk_nrf54h20` board target. + * Updated the partition layout for the ``nrf5340dk/nrf5340/cpuapp/ns`` and ``thingy53/nrf5340/cpuapp/ns`` board targets to accommodate the partitions needed due to change in the TF-M profile configuration. Bluetooth Mesh samples ---------------------- @@ -569,6 +577,10 @@ Binary libraries Bluetooth libraries and services -------------------------------- +* :ref:`bt_fast_pair_readme` library: + + * Updated the automatically generated ``bt_fast_pair`` partition definition (located in the :file:`subsys/partition_manager/pm.yml.bt_fast_pair`) to work correctly when building with TF-M. + * :ref:`bt_mesh` library: * Fixed an issue in the :ref:`bt_mesh_light_ctrl_srv_readme` model to automatically resume the Lightness Controller after recalling a scene (``NCSDK-30033`` known issue).