samples: nrf5340: netboot: Support Approtect lock

Add a PCD command for locking the Approtect in B0n.

Approtect will be locked from TF-M, which is separate from
Zephyr OS. For this purpose, the relevant parts of PCD
library are moved to a separate header, which can be used in
both TF-M and Zephyr.

If TF-M is used, delay locking of the PCD commands memory
area to be done in TF-M.

NCSDK-17920

Signed-off-by: Markus Lassila <markus.lassila@nordicsemi.no>

Author: MarkusLassila

include/dfu/pcd.h

@@ -25,37 +25,18 @@
 
 #include <zephyr/device.h>
 #include <sys/types.h>
+#include <dfu/pcd_common.h>
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-#ifdef CONFIG_SOC_SERIES_NRF53X
-
-#ifdef CONFIG_PCD_CMD_ADDRESS
-
-#define PCD_CMD_ADDRESS CONFIG_PCD_CMD_ADDRESS
-
-#else
-
-#include <pm_config.h>
-
-#ifdef PM_PCD_SRAM_ADDRESS
-#define PCD_CMD_ADDRESS PM_PCD_SRAM_ADDRESS
-#else
-/* extra '_' since its in a different domain */
-#define PCD_CMD_ADDRESS PM__PCD_SRAM_ADDRESS
-#endif /* PM_PCD_SRAM_ADDRESS */
-
-#endif /* CONFIG_PCD_CMD_ADDRESS */
-
-#endif /* CONFIG_SOC_SERIES_NRF53X */
-
 enum pcd_status {
 	PCD_STATUS_COPY = 0,
 	PCD_STATUS_DONE = 1,
 	PCD_STATUS_FAILED = 2,
 	PCD_STATUS_READ_VERSION = 3,
+	PCD_STATUS_LOCK_DEBUG = 4,
 };
 
 /** @brief Sets up the PCD command structure with the location and size of the
@@ -87,8 +68,10 @@ int pcd_network_core_update(const void *src_addr, size_t len);
 int pcd_network_core_update_initiate(const void *src_addr, size_t len);
 
 /** @brief Lock the RAM section used for IPC with the network core bootloader.
+ *
+ * @param lock_conf Lock configuration until next SoC reset.
  */
-void pcd_lock_ram(void);
+void pcd_lock_ram(bool lock_conf);
 
 /** @brief Update the PCD CMD to indicate that the operation has completed
  *         successfully.

include/dfu/pcd_common.h

@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+/** @file pcd_common.h
+ *
+ * @ingroup pcd
+ * @{
+ * @brief Common definitions for the PCD API.
+ *
+ * Common definitions are split out from the main PCD API to allow usage
+ * from non-Zephyr code.
+ */
+
+#ifndef PCD_COMMON_H__
+#define PCD_COMMON_H__
+
+#ifndef CONFIG_SOC_SERIES_NRF53X
+#error "PCD is only supported on nRF53 series"
+#endif
+
+#ifdef CONFIG_PCD_CMD_ADDRESS
+/* PCD command block location is static. */
+#define PCD_CMD_ADDRESS CONFIG_PCD_CMD_ADDRESS
+
+#else
+/* PCD command block location is configured with Partition Manager. */
+#include <pm_config.h>
+
+#ifdef PM_PCD_SRAM_ADDRESS
+/* PCD command block is in this domain, we are compiling for application core. */
+#define PCD_CMD_ADDRESS PM_PCD_SRAM_ADDRESS
+#else
+/* PCD command block is in a different domain, we are compiling for network core.
+ * Extra '_' since its in a different domain.
+ */
+#define PCD_CMD_ADDRESS PM__PCD_SRAM_ADDRESS
+#endif /* PM_PCD_SRAM_ADDRESS */
+
+#endif /* CONFIG_PCD_CMD_ADDRESS */
+
+/** Magic value written to indicate that a copy should take place. */
+#define PCD_CMD_MAGIC_COPY 0xb5b4b3b6
+/** Magic value written to indicate that debug should be locked. */
+#define PCD_CMD_MAGIC_LOCK_DEBUG 0xb6f249ec
+/** Magic value written to indicate that a something failed. */
+#define PCD_CMD_MAGIC_FAIL 0x25bafc15
+/** Magic value written to indicate that a copy is done. */
+#define PCD_CMD_MAGIC_DONE 0xf103ce5d
+/** Magic value written to indicate that a version number read should take place. */
+#define PCD_CMD_MAGIC_READ_VERSION 0xdca345ea
+
+struct pcd_cmd {
+	uint32_t magic;         /* Magic value to identify this structure in memory */
+	const void *data;       /* Data to copy*/
+	size_t len;             /* Number of bytes to copy */
+	__INTPTR_TYPE__ offset; /* Offset to store the flash image in */
+} __aligned(4);
+
+#define PCD_CMD ((volatile struct pcd_cmd * const)(PCD_CMD_ADDRESS))
+
+static inline void pcd_write_cmd_lock_debug(void)
+{
+	*PCD_CMD = (struct pcd_cmd){
+		.magic = PCD_CMD_MAGIC_LOCK_DEBUG,
+	};
+}
+
+static inline bool pcd_read_cmd_done(void)
+{
+	return PCD_CMD->magic == PCD_CMD_MAGIC_DONE;
+}
+
+static inline bool pcd_read_cmd_lock_debug(void)
+{
+	return PCD_CMD->magic == PCD_CMD_MAGIC_LOCK_DEBUG;
+}
+
+#endif /* PCD_COMMON_H__ */
+
+/**@} */

samples/nrf5340/netboot/src/main.c

@@ -15,6 +15,9 @@
 #include <dfu/pcd.h>
 #include <zephyr/device.h>
 #include <zephyr/devicetree.h>
+#ifdef CONFIG_PCD_LOCK_NETCORE_APPROTECT
+#include <nrfx_nvmc.h>
+#endif
 
 int main(void)
 {
@@ -39,10 +42,26 @@ int main(void)
 
 	uint32_t s0_addr = s0_address_read();
 	bool valid = false;
-	uint8_t status = pcd_fw_copy_status_get();
+
+	switch (pcd_fw_copy_status_get()) {
+#ifdef CONFIG_PCD_LOCK_NETCORE_DEBUG
+	case PCD_STATUS_LOCK_DEBUG:
+		nrfx_nvmc_word_write((uint32_t)&NRF_UICR_NS->APPROTECT,
+				     UICR_APPROTECT_PALL_Protected);
+		while (!nrfx_nvmc_write_done_check())
+			;
+
+		pcd_done();
+
+		/* Success, waiting to be rebooted */
+		while (1)
+			;
+		CODE_UNREACHABLE;
+	break;
+#endif
 
 #ifdef CONFIG_PCD_READ_NETCORE_APP_VERSION
-	if (status == PCD_STATUS_READ_VERSION) {
+	case PCD_STATUS_READ_VERSION:
 		err = pcd_find_fw_version();
 		if (err < 0) {
 			printk("Unable to find valid firmware version %d\n\r", err);
@@ -54,10 +73,10 @@ int main(void)
 		while (1)
 			;
 		CODE_UNREACHABLE;
-	}
+	break;
 #endif
 
-	if (status == PCD_STATUS_COPY) {
+	case PCD_STATUS_COPY:
 		/* First we validate the data where the PCD CMD tells
 		 * us that we can find it.
 		 */
@@ -94,6 +113,10 @@ int main(void)
 		while (1)
 			;
 		CODE_UNREACHABLE;
+	break;
+
+	default:
+		break;
 	}
 
 	err = fprotect_area(PM_APP_ADDRESS, PM_APP_SIZE);

subsys/pcd/Kconfig

@@ -38,6 +38,7 @@ config PCD_READ_NETCORE_APP_VERSION
 
 config PCD_USE_CONSTANTS
 	bool "Use KConfig constants rather than pm_config.h"
+	depends on !PCD_LOCK_NETCORE_DEBUG
 
 config PCD_CMD_ADDRESS
 	hex "PCD Command Address in RAM"
@@ -62,6 +63,10 @@ config PCD_BUF_SIZE
 	help
 	  Must be <= the page size of the flash device.
 
+config PCD_LOCK_NETCORE_DEBUG
+	bool "Include PCD command to lock network core debug"
+	default n
+
 endif # PCD_NET
 
 endmenu

subsys/pcd/src/pcd.c

@@ -18,15 +18,6 @@
 
 LOG_MODULE_REGISTER(pcd, CONFIG_PCD_LOG_LEVEL);
 
-/** Magic value written to indicate that a copy should take place. */
-#define PCD_CMD_MAGIC_COPY 0xb5b4b3b6
-/** Magic value written to indicate that a something failed. */
-#define PCD_CMD_MAGIC_FAIL 0x25bafc15
-/** Magic value written to indicate that a copy is done. */
-#define PCD_CMD_MAGIC_DONE 0xf103ce5d
-/** Magic value written to indicate that a version number read should take place. */
-#define PCD_CMD_MAGIC_READ_VERSION 0xdca345ea
-
 #ifdef CONFIG_PCD_APP
 
 #include <hal/nrf_reset.h>
@@ -49,13 +40,6 @@ K_TIMER_DEFINE(network_core_finished_check_timer,
 
 #endif /* CONFIG_PCD_APP */
 
-struct pcd_cmd {
-	uint32_t magic; /* Magic value to identify this structure in memory */
-	const void *data;     /* Data to copy*/
-	size_t len;           /* Number of bytes to copy */
-	off_t offset;         /* Offset to store the flash image in */
-} __aligned(4);
-
 static struct pcd_cmd *cmd = (struct pcd_cmd *)PCD_CMD_ADDRESS;
 
 void pcd_fw_copy_invalidate(void)
@@ -71,6 +55,8 @@ enum pcd_status pcd_fw_copy_status_get(void)
 		return PCD_STATUS_READ_VERSION;
 	} else if (cmd->magic == PCD_CMD_MAGIC_DONE) {
 		return PCD_STATUS_DONE;
+	} else if (cmd->magic == PCD_CMD_MAGIC_LOCK_DEBUG) {
+		return PCD_STATUS_LOCK_DEBUG;
 	}
 
 	return PCD_STATUS_FAILED;
@@ -278,12 +264,11 @@ int pcd_network_core_update(const void *src_addr, size_t len)
 	return network_core_update(src_addr, len, true);
 }
 
-void pcd_lock_ram(void)
+void pcd_lock_ram(bool lock_conf)
 {
 	uint32_t region = PCD_CMD_ADDRESS/CONFIG_NRF_SPU_RAM_REGION_SIZE;
 
-	nrf_spu_ramregion_set(NRF_SPU, region, false, NRF_SPU_MEM_PERM_READ,
-			true);
+	nrf_spu_ramregion_set(NRF_SPU, region, false, NRF_SPU_MEM_PERM_READ, lock_conf);
 }
 
 #endif /* CONFIG_PCD_APP */

west.yml

@@ -132,7 +132,7 @@ manifest:
           compare-by-default: true
     - name: mcuboot
       repo-path: sdk-mcuboot
-      revision: 720fa02787366f9f787b847194f6814921147770
+      revision: 68b96b802cdeef77ce4200e776afa46f6d3cfb66
       path: bootloader/mcuboot
     - name: qcbor
       url: https://github.com/laurencelundblade/QCBOR