Contiki-NG TrustZone example
This example contains two different projects for the secure-world and the normal-world. Each project are compiled and linked into separate firmware images, which are then merged into a single hex filed that is used to program the IoT device.
At the moment, the only supported platform is the Nordic Semiconductor nRF5340. This platform has an application processor that runs the merged TrustZone firmware, and a network processor which handles communication. There is currently no support for the network processor in Contiki-NG when running with TrustZone enabled, however.
make to build secure and normal world firmwares, and
merge the hex files.
make clean to remove the secure and normal world builds.
To flash to the nRF5340, run
make upload. A specific serial port can
be chosen by adding
PORT=/dev/<port> as an argument on the command line.
Optionally, one can change directory into secure-world and run:
make TARGET=nrf BOARD=nrf5340/dk/application tz-merged.upload PORT=/dev/<PORT>
To login and see serial output from an IoT device on a particular serial port:
make login PORT=/dev/<PORT>
GDB setup for nRF (Linux)
Install the prerequisites for GDB if not already installed. For example, you need nRF Command Line (nrfjprog), SEGGER J-Link, GNU Arm Embedded toolchain, etc. These can be installed by following the instructions in contiki-nrf.
Install gdb-multiarch (should already be installed with the GNU Arm embedded toolchain)
sudo apt-get update -y sudo apt-get install gdb-multiarch
Compile the firmwares with debug option flags (e.g.,
-O0 -ggdb2 -g2) to create debug symbols.
Open a JLinkGDBServer to allow connections from the GDB client (In this case we target the nRF5340).
JLinkGDBServer -device nrf5340_xxaa -if swd -port 2331
-devicenrfxx_xxaa (What type of nrf device)
-ifspecifies the debug interface
-portwhich port to use
In another terminal, start gdb-multiarch:
filecould for example be .ELF or .out etc.
In GDB, connect to the GDB server:
target remote localhost:2331
It can be good to turn off the uarte_write loop, so it is possible to read other things.