[nrf noup] secure_fw: Add option to log output on a shared UART instance.

Add an option to send the log output from the secure firmware on a
UART instance that would be shared with the non-secure application.

This option is added where the number of UART instances is limited
and the application only cares about the receiving the TF-M log
on fatal errors.

To allow this option to be enabled the log is disabled in the boot
process before the non-secure application is started.
It is enabled again when an unrecoverable exception has occurred in
the secure firmware.

Here is an abandoned upstream PR (with some of the fixes):
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25905

Note: This has removed any information about cherry-picked items
as this is not valid since it is combining efforts form multiple
commits

Ref: NCSDK-18595
Ref: NCSDK-28740

Signed-off-by: Joakim Andersson <[email protected]>
Signed-off-by: Markus Swarowsky <[email protected]>
Signed-off-by: Sebastian Bøe <[email protected]>
Signed-off-by: Frank Audun Kvamtrø <[email protected]>

Author: frkv

config/check_config.cmake

@@ -17,6 +17,8 @@ tfm_invalid_config(TFM_MULTI_CORE_TOPOLOGY AND TFM_NS_MANAGE_NSID)
 tfm_invalid_config(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM AND NOT TFM_MULTI_CORE_TOPOLOGY)
 tfm_invalid_config(TFM_ISOLATION_LEVEL EQUAL 3 AND CONFIG_TFM_STACK_WATERMARKS)
 
+tfm_invalid_config(CONFIG_TFM_LOG_SHARE_UART AND NOT SECURE_UART1)
+
 ########################## BL1 #################################################
 
 tfm_invalid_config(TFM_BL1_2_IN_OTP AND TFM_BL1_2_IN_FLASH)

config/config_base.cmake

@@ -90,6 +90,7 @@ set(CONFIG_TFM_HALT_ON_CORE_PANIC       OFF         CACHE BOOL       "On fatal e
 
 set(CONFIG_TFM_STACK_WATERMARKS         OFF         CACHE BOOL      "Whether to pre-fill partition stacks with a set value to help determine stack usage")
 
+set(CONFIG_TFM_LOG_SHARE_UART           OFF         CACHE BOOL      "Allow TF-M and the non-secure application to share the UART instance. TF-M will use it while it is booting, after which the non-secure application will use it until an eventual fatal error is handled and logged by TF-M. Logging from TF-M will therefore otherwise be suppressed")
 ############################ Platform ##########################################
 
 set(NUM_MAILBOX_QUEUE_SLOT              1           CACHE BOOL      "Number of mailbox queue slots")

platform/CMakeLists.txt

@@ -383,6 +383,7 @@ target_compile_definitions(platform_region_defs
         BL1_TRAILER_SIZE=${BL1_TRAILER_SIZE}
         $<$<BOOL:${PLATFORM_DEFAULT_BL1}>:PLATFORM_DEFAULT_BL1>
         $<$<BOOL:${SECURE_UART1}>:SECURE_UART1>
+        $<$<BOOL:${CONFIG_TFM_LOG_SHARE_UART}>:CONFIG_TFM_LOG_SHARE_UART>
         DAUTH_${DEBUG_AUTHENTICATION}
         $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
         $<$<BOOL:${MCUBOOT_BUILTIN_KEY}>:MCUBOOT_BUILTIN_KEY>

platform/ext/common/exception_info.c

@@ -9,6 +9,7 @@
 #include "tfm_spm_log.h"
 /* "exception_info.h" must be the last include because of the IAR pragma */
 #include "exception_info.h"
+#include "uart_stdout.h"
 
 static struct exception_info_t exception_info;
 
@@ -168,6 +169,10 @@ static void dump_error(const struct exception_info_t *ctx)
 {
     bool stack_error = false;
 
+#if defined(CONFIG_TFM_LOG_SHARE_UART)
+    stdio_init();
+#endif
+
     SPMLOG_ERRMSG("FATAL ERROR: ");
     switch (ctx->VECTACTIVE) {
     case EXCEPTION_TYPE_HARDFAULT:

secure_fw/spm/core/tfm_svcalls.c

@@ -204,6 +204,7 @@ static uint32_t handle_spm_svc_requests(uint32_t svc_number, uint32_t exc_return
     case TFM_SVC_SPM_INIT:
         exc_return = tfm_spm_init();
         tfm_arch_check_msp_sealing();
+
         /* The following call does not return */
         tfm_arch_free_msp_and_exc_ret(SPM_BOOT_STACK_BOTTOM, exc_return);
         break;