The STM32MP2 series can boot on its Arm® Cortex®-A35 or the Arm® Cortex®-M33 core so, one of the first questions to answer while evaluating the platform is to determine which boot flow is the most pertinent for your product, and this is the purpose of this article!
1. Boot chain and trusted domain[edit | edit source]
The boot chain is executed on the boot processor, that can be the Arm® Cortex®-A35 or the Arm® Cortex®-M33 according to boot pins or OTP programming selection.
Since the STM32MP2 series implements a secure boot, this choice also determines the core that owns the security on the platform and the management of the system resources (power, reset, clock, ...). This core is so called the Trusted Domain, or TD.
The TD security foundations are implemented via the resource isolation framework (RIF) where the boot processor is known as the TDCID.
2. Trusted Domain flavor selection helper[edit | edit source]
Below is the key questions ones should answer to decide which trusted domain flavor is the best for his product.

3. Which Trusted Domain flavor does ST support with its software ecosystem?[edit | edit source]
Distribution | A35-TD flavor ![]() |
M33-TD flavor ![]() |
---|---|---|
Yocto-based OpenSTLinux | ![]() |
![]() |
Android-based OpenSTDroid | ![]() |
|
Buildroot-based Linux | ![]() |
|
OpenWrt-based Linux | ![]() |
* Notice that M33-TD flavor is currently in Beta maturity level: see STM32 MPU ecosystem release note - v6.1.0 for the underlying restrictions.