Categories
IoT Zephyr

Zephyr Weekly Update – Trusted Firmware-M 2.0 integration

Happy Friday, and welcome back for another Zephyr Weekly Update. One of the main highlights this week is certainly the recent upgrade to Trusted Firmware-M 2.0.

On the topic of security, I really encourage everyone to watch our latest Zephyr Tech Talk, if you missed the opportunity to watch it live. Kasia Zalewska did an outstanding job of explaining some of the typical security vulnerabilities in embedded software, and what are some of the tools that can help mitigate them. I really loved the live demo part where she demonstrated a buffer overflow attack, as this really made it easier for me to understand how they can be conducted by an attacker, and how software can be hardened to detect/avoid them.

Update to TF-M 2.0

Trusted Firmware provides a reference implementation of secure software for Cortex-A (TF-A) and Cortex-M (TF-M). You can think of it as a toolbox that provides you with all the libraries and code you need to align with Arm’s latest recommendations and specifications regarding security. To quote the trustedfirmware.org website, “this forms the foundations of a Trusted Execution Environment (TEE) on application processors, or the Secure Processing Environment (SPE) of microcontrollers”.

Trusted Firmware-M v2.0.0 was released at the end of last year and one of the main highlights is its smaller memory footprint, in particular thanks to an update to mbedTLS 3.5.0.

As of this week, Zephyr supports TF-M 2.0.0! (PR #66288)

Socket service API

A new socket service has been introduced. It is somewhat similar to Linux’s inetd in that it allows to have only one thread that listens on a set of blocking sockets, and therefore save memory. When there is activity on one of the sockets, the service calls the appropriate callback (servlet? :)) to do the actual work.

A good starting point to learn more is to look at the newly introduced service-based echo server code sample. And of course, more details can also be found in the pull request, PR #66758.

Boards & SoCs

  • The FK7B0M1-VBT6 board by FANKE Technology features an STM32H7B0VBT6 (Cortex-M7) running at up to 280 MHz, 128 KB of Flash (plus 2×8 MB external Flash), and 1.4 MB of SRAM. It can be sourced for about $30 on AliExpress, and is now supported in Zephyr! (PR #65441)
M5Stack AtomS3 Lite
  • I am always really excited to see new hardware from M5Stack supported in Zephyr. This week, it’s the M5Stack AtomS3 Lite 🙂 It’s a device based on an ESP32S3 that’s about the size of a quarter, and that includes just about enough for simple prototyping: a push button, a few pins exposed through an expansion header, and even a mounting hole. (PR #67084)
  • It’s great to see new options for using Bluetooth in Zephyr, this time with the X-NUCLEO-BNRG2A1 shield for STM32 boards. The shield uses a BlueNRG-M2SP application processor module based on the ST BlueNRG-2 System-on-Chip. (PR #67381)

SoC driver updates

  • Voltage control support has been added to the Renesas PFC (pin fonction controller) driver. (PR #66881)
  • New i.MX RGPIO (Rapid GPIO) driver. If you are using the NXP i.MX93 EVK board, it’s already been updated to use this new driver. (PR #62622)

General drivers

  • The NXP DMIC (digital microphone) is a PDM-to-PCM converter intended for use with MEMS microphones. It supports up to 8 channels (or 4 L/R channel pairs) and now has a proper DMIC driver in Zephyr (nxp,dmic compatible). (PR #66448)
  • The existing driver for the PCF8574 8-channel I/O expander has been reworked to now support PCF8575 as well, which is the 16-channel variant (new binding is nxp,pcf857x). (PR #67054)
  • New UART shim for Nordic’s UARTE (UART with EasyDMA) driver. (PR #65155)
  • When using cellular modems, handling of the AT+CESQ AT command for retrieving extending signal quality information has been implemented for U-blox SARA-R5 modem. (PR #67025)

Miscellaneous

  • New DT_IRQ_INTC() and DT_IRQ_INTC_BY_NAME() macros allow to retrieve the interrupt controller associated to a given interrupt specifier Devicetree node. (PR #66707)
  • New kernel APIs added to start and resume a CPU when running in an SMP environment: k_smp_cpu_start() and k_smp_cpu_resume(). (PR #64755)
  • A new net_hostname_set() API allows to set the device hostname at runtime. (PR #67439)
  • It is now possible to do runtime filtering of log messages (it used to be compile-time only) for a log frontend. (PR #67107)
  • New net_buf_data_match() helper function to compare data with the contents of a network buffer. (PR #66757)
  • Added support for SO_DOMAIN socket option. (#67618)
  • New available POSIX APIs:
    • sched_getparam()
    • sched_getscheduler()

A big thank you to the 9 individuals who had their first pull request accepted this week, 💙 🙌: @gzzi, @toonst, @laurin, @VitekST, @amrithvenkat, @shenyi97, @MirkoCovizzi, @mschappa, and @lopsided98.

As always, I very much welcome your thoughts and feedback in the comments below!

If you enjoyed this article, don’t forget to subscribe to this blog to be notified of upcoming publications! And of course, you can also always find me on Twitter and Mastodon.

Catch up on all previous issues of the Zephyr Weekly Update: