From a47c9c4a05a48ec8cea7f59c2f9db31047be93e2 Mon Sep 17 00:00:00 2001
From: Sigvart Hovland <sigvart.hovland@nordicsemi.no>
Date: Fri, 6 Jan 2023 12:24:48 +0100
Subject: [PATCH] [nrf noup] zephyr: Clean up non-secure RAM if enabled

To ensure that MCUBoot does not leak keys or other material through
memory to non-secure side we clear the memory before jumping to the next
image.

Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no>
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
(cherry picked from commit ff95e7bef35065ba9adfd512665435395019ad7a)
(cherry picked from commit d584ea0f37b2cf1b5c5d2e459def6028853cecea)
(cherry picked from commit 2394b5b65de1cc4539816e143f906756702eb4e9)
(cherry picked from commit 3266b9917e66ab6b9827d39486ae924e935b49ce)
---
 boot/zephyr/CMakeLists.txt        |  2 +-
 boot/zephyr/include/nrf_cleanup.h |  5 +++++
 boot/zephyr/main.c                |  5 ++++-
 boot/zephyr/nrf_cleanup.c         | 13 +++++++++++++
 4 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt
index c48fa830e..b4a00c2bc 100644
--- a/boot/zephyr/CMakeLists.txt
+++ b/boot/zephyr/CMakeLists.txt
@@ -348,7 +348,7 @@ zephyr_library_sources(
 )
 endif()
 
-if(CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL)
+if(CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL OR CONFIG_MCUBOOT_CLEANUP_NONSECURE_RAM)
 zephyr_library_sources(
   ${BOOT_DIR}/zephyr/nrf_cleanup.c
 )
diff --git a/boot/zephyr/include/nrf_cleanup.h b/boot/zephyr/include/nrf_cleanup.h
index 6b04cedfe..9e87e13f5 100644
--- a/boot/zephyr/include/nrf_cleanup.h
+++ b/boot/zephyr/include/nrf_cleanup.h
@@ -16,4 +16,9 @@
  */
 void nrf_cleanup_peripheral(void);
 
+/**
+ * Perform cleanup of non-secure RAM that may have been used by MCUBoot.
+ */
+void nrf_cleanup_ns_ram(void);
+
 #endif
diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c
index 26f4ee118..cca749a45 100644
--- a/boot/zephyr/main.c
+++ b/boot/zephyr/main.c
@@ -143,7 +143,7 @@ K_SEM_DEFINE(boot_log_sem, 1, 1);
 #include <pm_config.h>
 #endif
 
-#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL
+#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL || CONFIG_MCUBOOT_NRF_CLEANUP_NONSECURE_RAM
 #include <nrf_cleanup.h>
 #endif
 
@@ -269,6 +269,9 @@ static void do_boot(struct boot_rsp *rsp)
 #if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL
     nrf_cleanup_peripheral();
 #endif
+#if CONFIG_MCUBOOT_NRF_CLEANUP_NONSECURE_RAM && defined(PM_SRAM_NONSECURE_NAME)
+    nrf_cleanup_ns_ram();
+#endif
 #if CONFIG_MCUBOOT_CLEANUP_ARM_CORE
     cleanup_arm_nvic(); /* cleanup NVIC registers */
 
diff --git a/boot/zephyr/nrf_cleanup.c b/boot/zephyr/nrf_cleanup.c
index 5bab26b24..f567b97e0 100644
--- a/boot/zephyr/nrf_cleanup.c
+++ b/boot/zephyr/nrf_cleanup.c
@@ -20,6 +20,10 @@
 
 #include <string.h>
 
+#if defined(USE_PARTITION_MANAGER)
+#include <pm_config.h>
+#endif
+
 #define NRF_UARTE_SUBSCRIBE_CONF_OFFS offsetof(NRF_UARTE_Type, SUBSCRIBE_STARTRX)
 #define NRF_UARTE_SUBSCRIBE_CONF_SIZE (offsetof(NRF_UARTE_Type, EVENTS_CTS) -\
                                        NRF_UARTE_SUBSCRIBE_CONF_OFFS)
@@ -81,3 +85,12 @@ void nrf_cleanup_peripheral(void)
 #endif
     nrf_cleanup_clock();
 }
+
+#if defined(USE_PARTITION_MANAGER) \
+	&& defined(CONFIG_ARM_TRUSTZONE_M) \
+	&& defined(PM_SRAM_NONSECURE_NAME)
+void nrf_cleanup_ns_ram(void)
+{
+	memset((void *) PM_SRAM_NONSECURE_ADDRESS, 0, PM_SRAM_NONSECURE_SIZE);
+}
+#endif