1. Article purpose[edit | edit source]
The purpose of this article is to:
- briefly introduce the ETZPC peripheral and its main features,
- indicate the peripheral instances assignment at boot time and their assignment at runtime (including whether instances can be allocated to secure contexts),
- list the software frameworks and drivers managing the peripheral,
- explain how to configure the peripheral.
2. Peripheral overview[edit | edit source]
The ETZPC peripheral is used to configure TrustZone security in a STM32 MPU device. That STM32 MPU device has bus masters and slaves with programmable-security attributes (securable resources) such as:
- On-chip RAM/ROM with programmable secure region size,
- AHB and APB peripherals to be made secure,
- AHB masters to be granted secure rights.
Refer to the STM32 MPU reference manuals for the complete list of features, and to the software frameworks and drivers, introduced below, to see which features are implemented. Securable peripherals list varies from one platform to another.
2.1. On STM32MP15x lines [edit | edit source]
The ETZPC peripheral also allows peripheral isolation. With MCU isolation, some peripherals can be assigned to Cortex-M4 context execution only. Those peripherals will not be accessible for Cortex-A7 contexts (secure and nonsecure).
3. Peripheral usage[edit | edit source]
This chapter is applicable in the scope of the OpenSTLinux BSP running on the Arm® Cortex®-A processor(s), and the STM32CubeMPU Package running on the Arm® Cortex®-M processor.
ETZPC peripheral is write-secure only. TF-A configures it at boot time but its final boot configuration is set by OP-TEE during its initialization and managed by OP-TEE at runtime. Linux kernel and U-Boot supports the ETZPC as a firewall bus. This firewall bus is responsible for checking the ETZPC configuration to determine which hardware resources can be used or not.
3.1. Boot time assignment[edit | edit source]
3.1.1. On STM32MP1 series[edit | edit source]
Click on to expand or collapse the legend...
Check boxes illustrate the possible peripheral allocations supported by STM32 MPU Embedded Software:
- ☐ means that the peripheral can be assigned to the given boot time context.
- ☑ means that the peripheral is assigned by default to the given boot time context and that the peripheral is mandatory for the STM32 MPU Embedded Software distribution.
- ⬚ means that the peripheral can be assigned to the given boot time context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
- ✓ is used for system peripherals that cannot be unchecked because they are hardware connected in the device.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32 MPU reference manuals.
Domain | Peripheral | Boot time allocation | Comment | |||
---|---|---|---|---|---|---|
Instance | Cortex-A7 secure (ROM code) |
Cortex-A7 secure (TF-A BL2) |
Cortex-A7 non-secure (U-Boot) | |||
Security | ETZPC | Any instance | ✓ | ✓ | ✓ | ETZPC configuration is set by OP-TEE |
3.2. Runtime assignment[edit | edit source]
3.2.1. On STM32MP13x lines [edit | edit source]
Click on to expand or collapse the legend...
Check boxes illustrate the possible peripheral allocations supported by STM32 MPU Embedded Software:
- ☐ means that the peripheral can be assigned to the given runtime context.
- ☑ means that the peripheral is assigned by default to the given runtime context and that the peripheral is mandatory for the STM32 MPU Embedded Software distribution.
- ⬚ means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
- ✓ is used for system peripherals that cannot be unchecked because they are hardware connected in the device.
Refer to How to assign an internal peripheral to an execution context for more information on how to assign peripherals manually or via STM32CubeMX.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32MP13 reference manuals.
Domain | Peripheral | Runtime allocation | Comment | ||
---|---|---|---|---|---|
Instance | Cortex-A7 secure (OP-TEE) |
Cortex-A7 non-secure (Linux) | |||
Security | ETZPC | ETZPC | ✓ | ✓ |
3.2.2. On STM32MP15x lines [edit | edit source]
Click on to expand or collapse the legend...
Check boxes illustrate the possible peripheral allocations supported by STM32 MPU Embedded Software:
- ☐ means that the peripheral can be assigned to the given runtime context.
- ☑ means that the peripheral is assigned by default to the given runtime context and that the peripheral is mandatory for the STM32 MPU Embedded Software distribution.
- ⬚ means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
- ✓ is used for system peripherals that cannot be unchecked because they are hardware connected in the device.
Refer to How to assign an internal peripheral to an execution context for more information on how to assign peripherals manually or via STM32CubeMX.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possiblities might be described in STM32MP15 reference manuals.
Domain | Peripheral | Runtime allocation | Comment | |||
---|---|---|---|---|---|---|
Instance | Cortex-A7 secure (OP-TEE) |
Cortex-A7 non-secure (Linux) |
Cortex-M4 (STM32Cube) | |||
Security | ETZPC | ETZPC | ✓ | ✓ | ⬚ |
4. Software frameworks and drivers[edit | edit source]
Below are listed the software frameworks and drivers managing the ETZPC peripheral for the embedded software components listed in the above tables.
- OP-TEE: read/write access; ETZPC driver and header file of ETZPC OP-TEE driver
- STM32Cube: read only access; Resource manager utility
- U-Boot: read only access; ETZPC driver
- Linux Kernel: read only access; ETZPC driver
5. How to assign and configure the peripheral[edit | edit source]
The peripheral assignment can be done via the STM32CubeMX graphical tool (and manually completed if needed).
This tool also helps to configure the peripheral:
- Partial device trees (pin control and clock tree) generation for the OpenSTLinux software components,
- HAL initialization code generation for the STM32CubeMPU Package.
The configuration is applied by the firmware running in the context in which the peripheral is assigned.
This configuration is done in OP-TEE, through device tree.
Refer to ETZPC device tree configuration.
6. How to go further[edit | edit source]
The ETZPC is an STMicroelectronics extension of the Arm® peripheral: TrustZone Protection Controller[1]
7. References[edit | edit source]