Registered User mNo edit summary |
Registered User mNo edit summary Tag: 2017 source edit |
||
| Line 82: | Line 82: | ||
* '''Linux<sup>®</sup>''': [[Crypto_API_overview|crypto framework]] | * '''Linux<sup>®</sup>''': [[Crypto_API_overview|crypto framework]] | ||
* '''OP-TEE''': [[OP-TEE_overview|SAES driver]] and {{CodeSource | OP-TEE_OS | core/include/crypto/crypto.h | Cryptographic Provider API (CP API)}} | * '''OP-TEE''': [[STM32 MPU OP-TEE_overview|SAES driver]] and {{CodeSource | OP-TEE_OS | core/include/crypto/crypto.h | Cryptographic Provider API (CP API)}} | ||
* '''TF-A BL2''': [[TF-A_overview|SAES driver]] | * '''TF-A BL2''': [[TF-A_overview|SAES driver]] | ||
Latest revision as of 16:12, 25 July 2024
1. Article purpose
The purpose of this article is to:
- briefly introduce the SAES peripheral and its main features,
- indicate the peripheral instances assignment at boot time and their assignment at runtime (including whether instances can be allocated to secure contexts),
- list the software frameworks and drivers managing the peripheral,
- explain how to configure the peripheral.
2. Peripheral overview
The SAES peripheral provides hardware acceleration to encrypt or decrypt data using the AES[1] algorithms. It supports two key sizes (128 bits and 256 bits) and different chaining modes. It incorporates protections against differential power analysis (DPA) and the related side-channel attacks.
Refer to the STM32MP13 reference manuals for the complete list of features, and to the software frameworks and drivers, introduced below, to see which features are implemented.
3. Peripheral usage
This chapter is applicable in the scope of the OpenSTLinux BSP running on the Arm® Cortex®-A processor(s), and the STM32CubeMPU Package running on the Arm® Cortex®-M processor.
3.1. Boot time assignment
3.1.1. On STM32MP13x lines 
The SAES instance is used to decrypt the firmware.
Click on 
to expand or collapse the legend...
| Domain | Peripheral | Boot time allocation | Comment
| |||
|---|---|---|---|---|---|---|
| Instance | Cortex-A7 secure (ROM code) |
Cortex-A7 secure (TF-A BL2) |
Cortex-A7 non-secure (U-Boot) | |||
| Security | SAES | SAES | ☐ | ☑ | ROM code allocation is managed with the bit 7 in OTP 9 | |
3.1.2. On STM32MP25x lines
STM32MP2 internal peripherals assignment table template
| rowspan="1" | Security | rowspan="1" | SAES | SAES | ☐ | ☑ | ⬚ | ROM code allocation is managed with the bit 8 in OTP 16 |-
|}
3.2. Runtime assignment
3.2.1. On STM32MP13x lines
Click on to expand or collapse the legend...
| Domain | Peripheral | Runtime allocation | Comment
| ||
|---|---|---|---|---|---|
| Instance | Cortex-A7 secure (OP-TEE) |
Cortex-A7 non-secure (Linux) | |||
| Security | SAES | SAES | ☐ | ⬚ | Assignment (single choice) |
3.2.2. On STM32MP25x lines
STM32MP2 internal peripherals assignment table template
| rowspan="1" | Security | rowspan="1" | SAES | SAES | ☐OP-TEE | ⬚ | ☐ | ⬚ | | |-
|}
4. Software frameworks and drivers
Below are listed the software frameworks and drivers managing the SAES peripheral for the embedded software components listed in the above tables.
- Linux®: crypto framework
- OP-TEE: SAES driver and Cryptographic Provider API (CP API)
- TF-A BL2: SAES driver
5. How to assign and configure the peripheral
The peripheral assignment can be done via the STM32CubeMX graphical tool (and manually completed if needed).
This tool also helps to configure the peripheral:
- partial device trees (pin control and clock tree) generation for the OpenSTLinux software components,
- HAL initialization code generation for the STM32CubeMPU Package.
The configuration is applied by the firmware running in the context in which the peripheral is assigned.
6. References