Registered User mNo edit summary |
Registered User mNo edit summary Tag: 2017 source edit |
||
| Line 82: | Line 82: | ||
Below are listed the software frameworks and drivers managing the PKA peripheral for the embedded software components listed in the above tables. | Below are listed the software frameworks and drivers managing the PKA peripheral for the embedded software components listed in the above tables. | ||
* '''OP-TEE''': [[OP-TEE_overview|PKA driver]] through the ECC framework | * '''OP-TEE''': [[STM32 MPU OP-TEE_overview|PKA driver]] through the ECC framework | ||
* '''TF-A BL2''': [[TF-A_BL2_Trusted_Board_Boot|TF-A Crypto Library]] | * '''TF-A BL2''': [[TF-A_BL2_Trusted_Board_Boot|TF-A Crypto Library]] | ||
Latest revision as of 15:11, 25 July 2024
1. Article purpose
The purpose of this article is to:
- briefly introduce the PKA peripheral and its main features,
- indicate the peripheral instances assignment at boot time and their assignment at runtime (including whether instances can be allocated to secure contexts),
- list the software frameworks and drivers managing the peripheral,
- explain how to configure the peripheral.
2. Peripheral overview
The PKA (public key accelerator) peripheral is used to ease computation of cryptographic public key primitives, specifically those related to RSA, Diffie-Hellmann or ECC (elliptic curve cryptography) over GF(p) (Galois fields).
Refer to the STM32MP13 reference manuals for the complete list of features, and to the software frameworks and drivers, introduced below, to see which features are implemented.
3. Peripheral usage
This chapter is applicable in the scope of the OpenSTLinux BSP running on the Arm® Cortex®-A processor(s), and the STM32CubeMPU Package running on the Arm® Cortex®-M processor.
3.1. Boot time assignment
3.1.1. On STM32MP13x lines 
The PKA peripheral is a boot device, it is used for signature verification on secure boot processing.
Click on 
to expand or collapse the legend...
Check boxes illustrate the possible peripheral allocations supported by STM32 MPU Embedded Software:
- ⬚ means that the peripheral can be assigned to the given boot time context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
- ☐ means that the peripheral can be assigned to the given boot time context.
- ☑ means that the peripheral is assigned by default to the given boot time context and that the peripheral is mandatory for the STM32 MPU Embedded Software distribution.
- ✓ is used for system peripherals that cannot be unchecked because they are hardware connected in the device.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32 MPU reference manuals.
| Domain | Peripheral | Boot time allocation | Comment
| |||
|---|---|---|---|---|---|---|
| Instance | Cortex-A7 secure (ROM code) |
Cortex-A7 secure (TF-A BL2) |
Cortex-A7 non-secure (U-Boot) | |||
| Security | PKA | PKA | ✓ | ☑ | ⬚ | Assignment is mandatory only for secure boot |
3.1.2. On STM32MP2 series
Click on to expand or collapse the legend...
- ⬚ means that the peripheral can be assigned to the given boot time context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
- ☐ means that the peripheral can be assigned to the given boot time context.
- ☑ means that the peripheral is assigned by default to the given boot time context and that the peripheral is mandatory for the STM32 MPU Embedded Software distribution.
- ✓ is used for system peripherals that cannot be unchecked because they are hardware connected in the device.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32MP25 reference manuals.
| Domain | Peripheral | Boot time allocation | Comment
| |||
|---|---|---|---|---|---|---|
| Instance | Cortex-A35 secure (ROM code) |
Cortex-A35 secure (TF-A BL2) |
Cortex-A35 non-secure (U-Boot) | |||
| Security | PKA | PKA | ✓ | ☑ | ⬚ | Assignment is mandatory only for secure boot |
3.2. Runtime assignment
3.2.1. On STM32MP13x lines
Click on to expand or collapse the legend...
Check boxes illustrate the possible peripheral allocations supported by STM32 MPU Embedded Software:
- ⬚ means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
- ☐ means that the peripheral can be assigned to the given runtime context.
- ☑ means that the peripheral is assigned by default to the given runtime context and that the peripheral is mandatory for the STM32 MPU Embedded Software distribution.
- ✓ is used for system peripherals that cannot be unchecked because they are hardware connected in the device.
Refer to How to assign an internal peripheral to an execution context for more information on how to assign peripherals manually or via STM32CubeMX.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32MP13 reference manuals.
| Domain | Peripheral | Runtime allocation | Comment
| ||
|---|---|---|---|---|---|
| Instance | Cortex-A7 secure (OP-TEE) |
Cortex-A7 non-secure (Linux) | |||
| Security | PKA | PKA | ☐ | ⬚ | Assignment (single choice) |
3.2.2. On STM32MP25x lines
Click on to expand or collapse the legend...
Check boxes illustrate the possible peripheral allocations supported by STM32 MPU Embedded Software:
- ⬚ means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
- ☐ means that the peripheral can be assigned to the given runtime context.
- ☑ means that the peripheral is assigned by default to the given runtime context and that the peripheral is mandatory for the STM32 MPU Embedded Software distribution.
- ✓ is used for system peripherals that cannot be unchecked because they are hardware connected in the device.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32MP25 reference manuals.
| Domain | Peripheral | Runtime allocation | Comment
| |||||
|---|---|---|---|---|---|---|---|---|
| Instance | Cortex-A35 secure (OP-TEE / TF-A BL31) |
Cortex-A35 non-secure (Linux) |
Cortex-M33 secure (TF-M) |
Cortex-M33 non-secure (STM32Cube) |
Cortex-M0+ (STM32Cube) | |||
| Security | PKA | PKA | ☐OP-TEE | ⬚ | ☐ | ⬚ | ||
4. Software frameworks and drivers
Below are listed the software frameworks and drivers managing the PKA peripheral for the embedded software components listed in the above tables.
- OP-TEE: PKA driver through the ECC framework
- TF-A BL2: TF-A Crypto Library
5. How to assign and configure the peripheral
The peripheral assignment can be done via the STM32CubeMX graphical tool (and manually completed if needed).
This tool also helps to configure the peripheral:
- partial device trees (pin control and clock tree) generation for the OpenSTLinux software components,
- HAL initialization code generation for the STM32CubeMPU Package.
The configuration is applied by the firmware running in the context in which the peripheral is assigned.