Hi William, 

The requirement on the storage is for it to be isolated, either physically or cryptographically, as you can read from the PSA security model [1].

TF-M initially supported only the isolated model in ITS (i.e. for internal flashes) but more recently it was added support for encrypted ITS, which I believe it can be used on one of the Nordic platforms already. 

Hope this helps. 

Thanks, Antonio 

[1] Platform Security Model - PSA Certified https://www.psacertified.org/app/uploads/2021/12/JSADEN014_PSA_Certified_SM_V1.1_BET0.pdf

Sent from Outlook for Android
From: Lee, William via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Friday, December 29, 2023 5:53:50 AM
To: tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>
Subject: [TF-M] Are MCUs without internal flash not supported by TF-M?
 

Hello everyone,

 

Happy New Year!

 

Are MCUs without internal flash not supported by TF-M?

From TF-M’s documents, I saw ITS(Internal Trusted Storage) is a PSA-ROT secure service and requires store data in internal flash.

Does that mean TF-M not support hardware platforms that do not have internal flash? For example, RT500 does not have internal flash: https://www.nxp.com/products/processors-and-microcontrollers/arm-microcontrollers/i-mx-rt-crossover-mcus/i-mx-rt500-crossover-mcu-with-arm-cortex-m33-dsp-and-gpu-cores:i.MX-RT500

 

Thank you!

 

Best regards

William Lee