Skip to content

Commit

Permalink
nrf_security: cracen_kmu: fix KMU provisioning on 54l15dk w/ TF-M
Browse files Browse the repository at this point in the history 
Temporarily disable RRAMC write buffering when provisioning a KMU slot.
It provokes issues with symptoms being that after provisioning the read
metadata of the primary KMU slot has all bits 1 while it shouldn't.

This fixes the failing CRACEN IKG seed provisioning that was observed
on TF-M startup on nrf54l15dk/nrf54l15/cpuapp/ns.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
  • Loading branch information
@tomi-font
tomi-font committed Oct 16, 2024
1 parent 64e2b4b commit 9c54b18
Showing 1 changed file with 13 additions and 5 deletions.
18 changes: 13 additions & 5 deletions subsys/nrf_security/src/drivers/cracen/cracenpsa/src/lib_kmu.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,7 @@

#include <nrf.h>

#if !defined(__NRF_TFM__)
#include <hal/nrf_rramc.h>
#include <nrfx_rramc.h>
#endif

#include <cracen/lib_kmu.h>

Expand Down Expand Up @@ -80,7 +77,15 @@ int lib_kmu_provision_slot(int slot_id, struct kmu_src_t *kmu_src)

int result = 1;

#if !defined(__NRF_TFM__)
#if defined(__NRF_TFM__)
nrf_rramc_config_t rramc_config;

nrf_rramc_config_get(NRF_RRAMC_S, &rramc_config);
const uint8_t orig_write_buf_size = rramc_config.write_buff_size;

rramc_config.write_buff_size = 0;
nrf_rramc_config_set(NRF_RRAMC_S, &rramc_config);
#else
nrfx_rramc_write_enable_set(true, 0);
#endif

Expand All @@ -90,7 +95,10 @@ int lib_kmu_provision_slot(int slot_id, struct kmu_src_t *kmu_src)
result = trigger_task_and_wait_for_event_or_error(&(NRF_KMU_S->TASKS_PROVISION),
&(NRF_KMU_S->EVENTS_PROVISIONED));

#if !defined(__NRF_TFM__)
#if defined(__NRF_TFM__)
rramc_config.write_buff_size = orig_write_buf_size;
nrf_rramc_config_set(NRF_RRAMC_S, &rramc_config);
#else
nrfx_rramc_write_enable_set(false, 0);
#endif

Expand Down

0 comments on commit 9c54b18

Please sign in to comment.