I am working on building support for the Nordic NRF91xx LTE modem in Riot.
To do this I need the build system to build two binaries, one for the secure state and one for the insecure state. My plan is to run Riot in the non secure state for compatibility with the Nordic modem binary lbraries. The secure binary will be quite simple and not use Riot.
So far I can build the non-secure state binary with with Riot and have the blinky-led stage working. To do this I build the secure-state binary outside the Riot build system
I have had a bit of a look around but cannot see an obvious way to have the riot build generate the two separate .elf binaries I need from a single make command. Is there a way to do this with the Riot build system?
Possibly I just have to use two separate application builds with a nrf9151-secure cpu and a nrf9151-nonsecure cpu?
Also there seems to be a need to add TRUSTZONE support as a feature. Once again there dosen’t seem to be any documentation of how I might got about adding such a feature. At this stage I have just defined my own macros for necessary mods to the nrf52 common code. But these should apply to any armv8 based cpu.
The main question I have is how to build the two binaries.
I have got trustzone itself working in riot at least for the nrf91xx cpu. I found the build system supported creating the non-secure binary with only a couple of minor changes to existing code.
This usecase for truszone is very simple, in particular it does not need secure non-secure callable function support. I just need to do enough to be compatible with the Nordic binary libraries. I have done this already in another OS and it is pretty straight forward.
In addition to @Einhornhool 's work around TrustZone, you might find useful stuff in this branch regarding nRF91 LTE modem.
This branch is basically a more recent rebase of my initial work from #17032
IIRC, I’ve pulled nrfxlib as a RIOT pkg to get the modem library (.a file) + required headers. I’m also using nrfx pkg to get the IPC driver.
The NRF modem OS layer is also partially populate so I guess this is a good start.
I had this modem working a few years back without Trustzone (I only tried GNSS back then). But when I retried a few months ago it didn’t work anymore. I spent quite some time trying to debug this with no luck. My guess is that TrustZone is now mandatory to have a working modem with this board.
That is my issue, the Nordic binary libraries for the nrf91xx will only execute in a non-secure trust-zone context. So what I am after is the minimal trustzone setup that I need to get this.
I am unconvinced as to whether trustzone is a help or a hindrance in general.
I am learning l lot at the moment; just started with Riot last week and am a complete novice when it comes to things github.
The package stuff looks interesting but I feel the trustzone state’s deserve their own “full” tree. This ensures full flexibility in things like linking.
Anyway I am going to have a go at a double-build approach as in
this example I have uploaded.
I am also trying to be nice regarding the developer experience. I plan to get “make flash” to work with openOCD as all my development is on a custom nrf9151 board. At the moment I can debug either binary with openOCD but it crashes when trying to load the elf to flash. This is on my short-list to fix.