Last edited one year ago

SYSRAM internal memory

Applicable for STM32MP13x lines, STM32MP15x lines

1. Article purpose[edit source]

The purpose of this article is to briefly introduce the SYSRAM internal memory and indicate the level of security supported by this memory.

2. Peripheral overview[edit source]

The SYSRAM is an internal memory peripheral. It is physically located near the Arm® Cortex-A to optimize the core performance.

  • STM32MP13x lines More info.png SYSRAM is 128-Kbyte wide
  • STM32MP15x lines More info.png SYSRAM is 256-Kbyte wide

2.1. Features[edit source]

Refer to the STM32MP13 reference manuals or STM32MP15 reference manuals for the complete list of features, and to the software components, introduced below, to see which features are really implemented.

2.2. Security support[edit source]

The SYSRAM is a secure peripheral (under ETZPC TrustZone memory adapter (TZMA)): it can be split into a secure and a non-secure regions with a 4-Kbyte granularity.

3. Peripheral usage and associated software[edit source]

3.1. Boot time[edit source]

3.1.1. On STM32MP13x lines More info.png[edit source]

The ROM code leaves the SYSRAM secure when it jumps to the entry point of the FSBL that it just loaded into the SYSRAM.
The FSBL does not have to keep any context in SYSRAM when it jumps to the SSBL: each boot stage is independent from the other.

3.1.2. On STM32MP15x lines More info.png[edit source]

The ROM code mainly configures the SYSRAM as a secure peripheral during its execution. It uses 9 Kbytes located at the beginning of the SYSRAM to store its read and write data. Among them, it stores the boot context in the first 512 bytes of SYSRAM: this boot context contains several information (such as the selected boot device) and pointers to the ROM code exported services (used for secure boot authentication). The ROM code loads the FSBL just after the boot context, into the remaining 247 Kbytes of SYSRAM, and eventually branches the Cortex®-A7 core 0 execution to this FSBL.
The FSBL code can use the whole SYSRAM, but it must take care not to overwrite the boot context before taking it into account.

3.2. Runtime[edit source]

3.2.1. Overview[edit source]

In STMicroelectronics distribution, the SYSRAM runtime mapping is the one reached at the end of the boot, so it is fully secure.

You may decide to split the SYSRAM at runtime. In this case:

  • set the SYSRAM bottom secure, for Cortex®-A7 secure services, from OP-TEE

and

  • set the SYSRAM top non-secure, for instance for using in Linux® as reserved memory
Info white.png Information
STM32MP13 embeds an on-the-fly DDR cyphering engine, the DDRMCE internal peripheral, allowing to put secure sensitive code inside the external DDR, instead of the SYSRAM

3.2.2. Software frameworks[edit source]

3.2.2.1. On STM32MP13x lines More info.png[edit source]
Domain Peripheral Software components Comment
OP-TEE Linux
Core/RAM SYSRAM OP-TEE Linux reserved memory
3.2.2.2. On STM32MP15x lines More info.png[edit source]
Domain Peripheral Software components Comment
OP-TEE Linux STM32Cube
Core/RAM SYSRAM TF-A BL32 or OP-TEE Linux reserved memory

3.2.3. Peripheral configuration[edit source]

The configuration is applied by the firmware running in the context to which the peripheral is assigned. The configuration can be done alone via the STM32CubeMX tool for all internal peripherals, and then manually completed (particularly for external peripherals), according to the information given in the corresponding software framework article.

3.2.4. Peripheral assignment[edit source]

3.2.4.1. On STM32MP13x lines More info.png[edit source]

Click on the right to expand the legend...

STM32MP13 internal peripherals

Check boxes illustrate the possible peripheral allocations supported by STM32 MPU Embedded Software:

  • means that the peripheral can be assigned () to the given runtime context.
  • means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
  • is used for system peripherals that cannot be unchecked because they are statically connected in the device.

Refer to How to assign an internal peripheral to a runtime context for more information on how to assign peripherals manually or via STM32CubeMX.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possiblities might be described in STM32MP13 reference manuals.

Domain Peripheral Runtime allocation Comment
Instance Cortex-A7
secure
(OP-TEE)
Cortex-A7
non-secure
(Linux)
Core/RAM SYSRAM SYSRAM Shareable (multiple choices supported)
3.2.4.2. On STM32MP15x lines More info.png[edit source]

Click on the right to expand the legend...

STM32MP15 internal peripherals

Check boxes illustrate the possible peripheral allocations supported by STM32 MPU Embedded Software:

  • means that the peripheral can be assigned () to the given runtime context.
  • means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
  • is used for system peripherals that cannot be unchecked because they are statically connected in the device.

Refer to How to assign an internal peripheral to a runtime context for more information on how to assign peripherals manually or via STM32CubeMX.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possiblities might be described in STM32MP15 reference manuals.

Domain Peripheral Runtime allocation Comment
Instance Cortex-A7
secure
(OP-TEE)
Cortex-A7
non-secure
(Linux)
Cortex-M4

(STM32Cube)
Core/RAM SYSRAM SYSRAM Shareable (multiple choices supported)

4. References[edit source]