Last edited 7 months ago

How to assign an internal peripheral to an execution context

1. Article purpose[edit | edit source]

This article explains how to configure the software that assigns a peripheral to a runtime and/or boot time context.

2. Introduction[edit | edit source]

A peripheral can be assigned to a runtime context and/or a boot time context via the configuration defined in the device tree. The device tree can be either generated by the STM32CubeMX tool or edited manually.

On STM32MP1 series devices, the assignment can be strengthened by an hardware mechanism: the ETZPC internal peripheral, which is configured by the OP-TEE secure OS. The ETZPC internal peripheral isolates the peripherals for the  Cortex-A secure  or the  Cortex-M  context. The peripherals assigned to the  Cortex-A non-secure  context are visible from any context, without any isolation.

The components running on the platform after OP-TEE execution (such as U-Boot, Linux and STM32Cube) must have a configuration that is consistent with the assignment and the isolation configurations.
The components running on the platform before OP-TEE execution (such as TF-A bootloader) are not impacted by EZPC configuration.

The following sections describe how to configure OP-TEE, U-Boot, Linux and STM32Cube accordingly.

3. STM32CubeMX generated assignment[edit | edit source]

The screenshot below shows the STM32CubeMX user interface:

  • I2C2 peripheral is selected, on the left
  • I2C2 Mode and Configuration panel, on the right, shows that this I2C instance can be assigned to the  Cortex-A7 non-secure  or the  Cortex-M4  (that is selected) runtime context
  • I2C mode is enabled in the drop down menu


The GENERATE CODE button, on the top right, produces the following:

  • The OP-TEE device tree with the ETZPC configuration that isolates the I2C2 instance (in the example) for the  Cortex-M4  context.
  • The U-Boot device tree widely inherited from the Linux one, just below
  • The Linux kernel device tree with the I2C node disabled for Linux and enabled for the coprocessor
  • The STM32Cube project with I2C2 HAL initialization code

The Manual assignment section, just below, illustrates what STM32CubeMX is generating as it follows the same example.

4. Manual assignment[edit | edit source]

This section gives step-by-step instructions, per software components, to manually perform the peripherals assignments.
It takes the same I2C2 example as the previous section, that showed how to use STM32CubeMX, in order to make the move from one approach to the other easier.

4.1. OP-TEE[edit | edit source]

The assignment follows the ETZPC device tree configuration, with below possible values:

  • DECPROT_S_RW for the  Cortex-A7 secure  (Secure OS like OP-TEE)
  • DECPROT_NS_RW for the  Cortex-A7 non-secure  (Linux)
    • As stated earlier in this article, there is no hardware isolation for the Cortex-A7 non-secure so this value allows accesses from any context
  • DECPROT_MCU_ISOLATION for the  Cortex-M4  (STM32Cube)


@etzpc: etzpc@5C007000 {
       st,decprot = <

Moreover, the OP-TEE OS may use STM32MP1 resources. OP-TEE STM32MP1 drivers register the device driver they intend to use in a secure context according to OP-TEE device tree. Only devices with device tree property "status = "okay"" are probed.

In the example, as I2C2 is assigned to Cortex-M4 context, I2C2 node should be disabled in OP-TEE device tree:

&i2c2 {
    status = "disabled";

4.2. U-Boot[edit | edit source]

Each assignable peripheral is declared in the U-Boot device tree.
If a peripheral is not assigned to Cortex-A7 non-secure context, its node should be disabled.

&i2c2 {
	status = "disabled";

4.3. Linux kernel[edit | edit source]

Each assignable peripheral is declared twice in the Linux kernel device tree for STM32MP15x lines More info.png:

In the board device tree file (*.dts), each assignable peripheral has to be enabled only for the context to which it is assigned, in line with TF-A configuration.
As a consequence, a peripheral assigned to the Cortex-A7 secure has both nodes disabled in the Linux device tree.


&i2c2 {
	status = "disabled";
&m4_i2c2 {
	status = "okay";

4.4. STM32Cube[edit | edit source]

There is no configuration to do on STM32Cube side regarding the assignment and isolation. Nevertheless, the resource manager utility, relying on ETZPC configuration, can be used to check that the corresponding peripheral is well assigned to the Cortex-M4 before using it.


int main(void)
 /* Initialize I2C2------------------------------------------------------ */
 /* Ask the resource manager for the I2C2 resource */
 ResMgr_Init(NULL, NULL);
                                    RESMGR_FLAGS_CPU1, 0, NULL) != RESMGR_OK)
 if (HAL_I2C_Init(&I2C2) != HAL_OK)