Registered User mNo edit summary |
Registered User mNo edit summary Tag: 2017 source edit |
||
| Line 22: | Line 22: | ||
====On {{MicroprocessorDevice | device=1}}==== | ====On {{MicroprocessorDevice | device=1}}==== | ||
The TZC is configured at boot time to setup DDR accesses. It is initially configured thanks to [[How_to_configure_TF-A_FW_CONFIG|TF-A FW Configuration]]. | The TZC is configured at boot time to setup DDR accesses. It is initially configured thanks to [[How_to_configure_TF-A_FW_CONFIG|TF-A FW Configuration]]. | ||
[[OP-TEE_overview|OP-TEE]] redefined the TZC regions based on device tree. | [[STM32 MPU OP-TEE_overview|OP-TEE]] redefined the TZC regions based on device tree. | ||
{{#lst:STM32MP1_internal_peripherals_assignment_table_template|stm32mp1_boottime}} | {{#lst:STM32MP1_internal_peripherals_assignment_table_template|stm32mp1_boottime}} | ||
<section begin=stm32mp13_boottime /><section begin=stm32mp15_boottime /> | <section begin=stm32mp13_boottime /><section begin=stm32mp15_boottime /> | ||
| Line 67: | Line 67: | ||
Below are listed the software frameworks and drivers managing the TZC peripheral for the embedded software components listed in the above tables. | Below are listed the software frameworks and drivers managing the TZC peripheral for the embedded software components listed in the above tables. | ||
* '''OP-TEE''': [[OP-TEE_overview|TZC driver]] | * '''OP-TEE''': [[STM32 MPU OP-TEE_overview|TZC driver]] | ||
* '''TF-A BL2''': [[How_to_configure_TF-A_FW_CONFIG|TF-A FW Configuration]] | * '''TF-A BL2''': [[How_to_configure_TF-A_FW_CONFIG|TF-A FW Configuration]] | ||
| Line 77: | Line 77: | ||
The configuration is applied by the firmware running in the context in which the peripheral is assigned. | The configuration is applied by the firmware running in the context in which the peripheral is assigned. | ||
See also additional information in the [[OP-TEE_overview|OP-TEE overview]] article. | See also additional information in the [[STM32 MPU OP-TEE_overview|OP-TEE overview]] article. | ||
==How to go further== | ==How to go further== | ||
Latest revision as of 14:39, 25 July 2024
1. Article purpose
The purpose of this article is to:
- briefly introduce the TZC peripheral and its main features,
- indicate the peripheral instances assignment at boot time and their assignment at runtime (including whether instances can be allocated to secure contexts),
- list the software frameworks and drivers managing the peripheral,
- explain how to configure the peripheral.
2. Peripheral overview
The TZC peripheral is used to filter read/write accesses to the DDR controller according to TrustZone access rights, and according to Non-Secure master Address ID (NSAID) on up to 9 programmable regions.
Refer to the STM32 MPU reference manuals for the complete list of features, and to the software frameworks and drivers, introduced below, to see which features are implemented.
3. Peripheral usage
This chapter is applicable in the scope of the OpenSTLinux BSP running on the Arm® Cortex®-A processor(s), and the STM32CubeMPU Package running on the Arm® Cortex®-M processor.
3.1. Boot time assignment
3.1.1. On STM32MP1 series
The TZC is configured at boot time to setup DDR accesses. It is initially configured thanks to TF-A FW Configuration. OP-TEE redefined the TZC regions based on device tree.
Click on 
to expand or collapse the legend...
| Domain | Peripheral | Boot time allocation | Comment
| |||
|---|---|---|---|---|---|---|
| Instance | Cortex-A7 secure (ROM code) |
Cortex-A7 secure (TF-A BL2) |
Cortex-A7 non-secure (U-Boot) | |||
| Security | TZC | TZC | ☑ | |||
3.2. Runtime assignment
3.2.1. On STM32MP13x lines 
Click on to expand or collapse the legend...
| Domain | Peripheral | Runtime allocation | Comment
| ||
|---|---|---|---|---|---|
| Instance | Cortex-A7 secure (OP-TEE) |
Cortex-A7 non-secure (Linux) | |||
| Security | TZC | TZC | ✓ | ||
3.2.2. On STM32MP15x lines
Click on to expand or collapse the legend...
| Domain | Peripheral | Runtime allocation | Comment
| |||
|---|---|---|---|---|---|---|
| Instance | Cortex-A7 secure (OP-TEE) |
Cortex-A7 non-secure (Linux) |
Cortex-M4 (STM32Cube) | |||
| Security | TZC | TZC | ✓ | |||
4. Software frameworks and drivers
Below are listed the software frameworks and drivers managing the TZC peripheral for the embedded software components listed in the above tables.
- OP-TEE: TZC driver
- TF-A BL2: TF-A FW Configuration
5. How to assign and configure the peripheral
The peripheral assignment can be done via the STM32CubeMX graphical tool (and manually completed if needed).
This tool also helps to configure the peripheral:
- partial device trees (pin control and clock tree) generation for the OpenSTLinux software components,
- HAL initialization code generation for the STM32CubeMPU Package.
The configuration is applied by the firmware running in the context in which the peripheral is assigned.
See also additional information in the OP-TEE overview article.
6. How to go further
The TZC is an Arm® peripheral: TZC-400 TrustZone Address Space Controller[1]
7. References