IronSide Secure Enclave

The IronSide Secure Enclave (IronSide SE) is a firmware for the Secure Domain of the nRF54H20 SoC that provides security features based on the PSA Certified Security Framework.

IronSide SE provides the following features:

• Global memory configuration

• Peripheral configuration

• Boot commands

  • ERASEALL

  • DEBUGWAIT

• An alternative boot path with a secondary firmware

• CPUCONF service

• Update service

• PSA Crypto service (IronSide Secure Enclave implementation)

• PSA Internal Trusted Storage service (Configuring secure storage)

• Snapshot services

Subpages:

• Updating IronSide SE
  • Release package
  • Performing an update
  • Architecture
• Configuring global resources using UICR
  • UICR integrity checking
  • Generating the UICR image
  • Configuring the UICR image
• Protecting a device with IronSide SE
  • Protecting a production-ready device
• Configuring secure storage
  • Configuring UICR.SECURESTORAGE
  • Secure storage through PSA Crypto API
  • Secure storage through PSA ITS API
  • Security properties
  • Configuration considerations
• Using IronSide SE snapshot services
  • Overview
  • Snapshot workflow
  • Snapshot protection model
  • Snapshot region configuration
  • External memory requirements
  • Configure snapshot regions
  • Capture a snapshot
  • Handle snapshot recovery
  • Handle corruption outside snapshot regions
  • Identify snapshot support
  • Version requirements and known issues
  • Related documentation
• Managing boot flows
  • Booting local domains
  • Reset handling of local domains
  • Booting a secondary firmware
  • IronSide SE boot report
  • Register formats
  • Boot commands
  • Configuring IronSide SE SPU MRAMC feature
• IronSide SE services
  • IronSide SE CPUCONF service
  • IronSide SE update service
  • IronSide SE counter service