1RP2350
2======
3
4Introduction
5------------
6
7RP2350 features a dual-core Arm Cortex-M33 processor with 520 kiB on-chip SRAM,
8support for up to 16 MB of off-chip flash and a wide range of flexible I/O option
9including I2C, SPI, and - uniquely - Programmable I/O (PIO). With its security
10features RP2350 offers significant enhancements over RP2040.
11
12This platform port supports TF-M regression tests (Secure and Non-Secure)
13with Isolation Level 1 and 2.
14
15.. note::
16
17   Only the GNU toolchain is supported.
18
19.. note::
20
21   Only the "profile_medium" predefined profile is supported.
22
23Building TF-M
24-------------
25
26Follow the generic build instructions in :doc:`Building instructions </building/tfm_build_instruction>`
27and specify the platform name by setting ``-DTFM_PLATFORM=rpi/rp2350``.
28
29.. note::
30
31   This platform port relies on the
32   `Raspberry Pi Pico SDK <https://github.com/raspberrypi/pico-sdk>`__.
33   Make sure it is either cloned locally or available to download during build.
34   SDK version used for testing: ``SDK 2.1.1 release``.
35
36   To use a different version of the SDK than the one your version of TF-M uses
37   by default, you can pass ``-DPICO_SDK_PATH=/path/to/pico-sdk`` to CMake.
38   You may also need to patch this SDK to work with the TF-M build system.
39   If required, the patch is available in the
40   ``platform/ext/target/rpi/rp2350/pico-sdk.patch`` file from a TF-M version
41   that uses the SDK version you want to use, and it can be applied with
42   ``git apply <TF-M source dir>/platform/ext/target/rpi/rp2350/pico-sdk.patch``.
43
44   For example, to use SDK version 2.1.1, you can take the ``pico-sdk.patch``
45   file from TF-M version 2.1.2 and apply it to the SDK version 2.1.1.
46
47.. note::
48
49   Building the default platform configuration requires the board to be
50   provisioned first. For this the provision bundle needs to be built and run on
51   the board with ``-DPLATFORM_DEFAULT_PROVISIONING=OFF``. The binary must be
52   placed in flash at the start address defined by ``PROVISIONING_BUNDLE_START``.
53   One way to do this is to generate a `.uf2` file containing the bundle at the
54   start address and copy it to the board. There is an example in the provided
55   `pico_uf2.sh` script and in the description below.
56
57   If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` and
58   ``-DTFM_DUMMY_PROVISIONING=ON`` then the keys in the
59   ``<TF-M source dir>/platform/ext/common/provisioning_bundle/provisioning_config.cmake``
60   and the default MCUboot signing keys will be used for provisioning.
61
62   If ``-DPLATFORM_DEFAULT_PROVISIONING=OFF`` and
63   ``-DTFM_DUMMY_PROVISIONING=OFF`` are set then unique assets can be used for
64   provisioning. The keys and seeds can be changed by passing the new values to
65   the build command, or by setting the ``-DPROVISIONING_KEYS_CONFIG`` config option
66   to point to a `.cmake` config file that contains the keys. An example config file
67   is available at
68   ``<TF-M source dir>/platform/ext/common/provisioning_bundle/provisioning_config.cmake``,
69   otherwise new random values are going to be generated and used. For the
70   image signing the ``${MCUBOOT_KEY_S}`` and ``${MCUBOOT_KEY_NS}`` will be used.
71   These variables should point to `.pem` files that contain the private keys for
72   signing the code. The respective public keys (or hashes of them) are going to
73   be written in the provisioning data, i.e. in the autogenerated
74   ``provisioning_data.c``.
75
76   If ``-DMCUBOOT_GENERATE_SIGNING_KEYPAIR=ON`` is set then a new private key is
77   going to be generated and used to sign the binaries.
78
79   The new generated key can be found in the ``<build dir>/bin`` directory or
80   in the ``<install dir>/image_signing/keys`` after installation. The
81   generated ``provisioning_data.c`` file can be found at
82   ``<build dir>/platform/target/provisioning/provisioning_data.c``
83
84.. note::
85
86   The provisioning bundle generation depends on ``pyelftools`` that has to be
87   installed before running the commands described above::
88
89     pip3 install pyelftools
90
91Example of build instructions for regression tests with dummy keys:
92^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
93
94Building Secure side with provisioning bundle:
95
96.. note::
97
98   Add optionally:
99
100   - ``-DTFM_MULTI_CORE_TOPOLOGY=ON`` for multicore support
101   - ``-DPICO_SDK_PATH=<abs-path-to-pico-sdk-dir>`` for a pre-fetched Pico SDK
102
103.. code-block:: bash
104
105     cmake -S <TF-M-tests source dir>/tests_reg/spe \
106     -B <TF-M-tests source dir>/tests_reg/spe/build_rpi_single \
107     -DTFM_PLATFORM=rpi/rp2350 \
108     -DTFM_TOOLCHAIN_FILE=<TF-M source dir>/toolchain_GNUARM.cmake \
109     -DCONFIG_TFM_SOURCE_PATH=<TF-M source dir> \
110     -DTFM_PROFILE=profile_medium \
111     -DPLATFORM_DEFAULT_PROVISIONING=OFF \
112     -DTEST_S=ON \
113     -DTEST_NS=ON
114
115.. code-block:: bash
116
117     cmake --build <TF-M-tests source dir>/tests_reg/spe/build_rpi_single -- -j8 install
118
119
120Building Non-Secure side:
121
122.. code-block:: bash
123
124     cmake -S <TF-M-tests source dir>/tests_reg \
125     -B <TF-M-tests source dir>/tests_reg/build_rpi_single \
126     -DCONFIG_SPE_PATH=<TF-M-tests source dir>/tests_reg/spe/build_rpi_single/api_ns \
127     -DTFM_TOOLCHAIN_FILE=<TF-M-tests source dir>/tests_reg/spe/build_rpi_single/api_ns/cmake/toolchain_ns_GNUARM.cmake
128
129.. code-block:: bash
130
131     cmake --build <TF-M-tests source dir>/tests_reg/build_rpi_single -- -j8
132
133Binaries need to be converted with a small script ``pico_uf2.sh``.
134It uses
135`uf2conv.py <https://github.com/microsoft/uf2/blob/master/utils/uf2conv.py>`__
136and it depends on
137`uf2families.json <https://github.com/microsoft/uf2/blob/master/utils/uf2families.json>`__:
138both those files need to be copied into the same place where ``pico_uf2.sh``
139runs. Also, you may need to give executable permissions to both ``pico_uf2.sh`` and
140``uf2conv.py``. The tool takes the combined and signed S and NS images in `.bin` format,
141and outputs `.uf2`. It also generates the `.uf2` for the bootloader (`bl2.uf2`)
142and the provisioning bundle.
143
144.. code-block:: bash
145
146     pico_uf2.sh <TF-M-tests source dir> build_rpi_single
147
148Then just copy the `bl2.uf2` and `tfm_s_ns_signed.uf2` files to the board, one
149at a time. It will run the BL2, S and NS tests and print the results to the UART
150(Baud rate must be set to 115200).
151If the board needs to be provisioned, the `.uf2` file containing the provisioning
152bundle needs to be copied before `tfm_s_ns_signed.uf2`. It only needs to be
153done once.
154
155.. note::
156
157   If a different application was copied to the board before, erasing the flash
158   might be necessary.
159
160Erasing the flash
161-----------------
162
163Generating flash sized image of zeros can be done with the truncate command,
164then it can be converted to the ```uf2`` format with the ``uf2conv.py`` utility. The
165resulting ``uf2`` file then needs to be copied to the board. Current platform flash
166size is 2 MB, please adjust size based on your board specs, i.e. ``PICO_FLASH_SIZE_BYTES``:
167
168.. code-block:: bash
169
170   truncate -s 2M nullbytes2M.bin
171   uf2conv.py nullbytes2M.bin --base 0x10000000 --convert --output nullbytes2M.uf2 --family 0xe48bff59
172
173-------------
174
175 *SPDX-License-Identifier: BSD-3-Clause*
176
177 *SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors*
178