Trusted Firmware-M in the nRF Connect SDK

Nordic Semiconductor recommends following Platform Security Architecture (PSA) for product development to ensure appropriate security implementation in IoT devices.

Trusted Firmware-M (TF-M) is the reference implementation of PSA, which follows PSA Certified IoT Security Framework for securing connected devices. For more information about the framework, see the PSA Certified Security Framework overview page.

TF-M provides a reference design of a Trusted Execution Environment (TEE) for Arm M-profile architectures. Using a highly configurable set of software components, it creates the Secure Processing Environment (SPE), which relies on security by separation to protect sensitive assets and code. TF-M also provides a set of secure runtime services to the application, such as Protected Storage, Cryptography, and Attestation. Additionally, secure boot through MCUboot in TF-M ensures integrity of runtime software and supports firmware upgrade.

ARM TrustZone technology included in Nordic Semiconductor’s SoCs that implement the Armv8-M architecture (such as nRF5340, most of the nRF54L Series or the nRF91 Series) provides hardware-enforced separation of the Secure and Non-secure Processing Environments (SPE and NSPE, respectively) into Trusted and Non-Trusted worlds.

The TF-M implementation in the nRF Connect SDK is demonstrated in the following samples:

• All Trusted Firmware-M (TF-M) samples in this SDK

• All cryptography samples in this SDK

• A series of TF-M Integration samples available in Zephyr (these include Supported TF-M services from the nRF Connect SDK when they are built from the nRF Connect SDK context)

Starting from the nRF Connect SDK v2.0.0, TF-M is the only way to use security by separation with ARM TrustZone. In addition, the TF-M implementation is enabled by default for all samples and applications in the nRF Connect SDK when you build for the */ns variant of the boards.

The pages in this section describe the architecture and configuration of TF-M in the nRF Connect SDK. For more information about TF-M, see the Trusted Firmware-M documentation, which is oriented towards TF-M implementation developers.

Subpages:

• TF-M support and limitations in the nRF Connect SDK
  • TF-M version in the nRF Connect SDK
  • Supported TF-M profiles
  • Supported TF-M services
  • Isolation Level support
  • Differences between TF-M in the nRF Connect SDK and upstream Zephyr
  • Limitations of TF-M in the nRF Connect SDK
• Trusted Firmware-M architecture
  • Secure and Non-Secure Processing environments
  • Immutable RoT and Updatable RoT
  • Immutable Bootloader and Second Stage Bootloader
  • Application and Platform Root of Trust Services
  • PSA Certified API
  • TF-M Core
  • Isolation Levels
• Security by separation and processing environments
  • Case study of secure and non-secure images
  • Processing environments in the nRF Connect SDK
• Building and configuring TF-M
  • Board targets supported by TF-M
  • Enabling secure services
  • Minimal build
  • Configurable build
  • TF-M partition alignment requirements
  • Analyzing tfm_secure partition size
• TF-M Services
  • Platform service
  • Internal Trusted Storage service
  • Crypto service
  • Protected Storage service
  • Initial Attestation service
• TF-M provisioning
• TF-M logging
  • Configuring logging to the same UART as the application
  • Disabling logging
  • Logging on nRF5340 DK devices