1. Article purpose[edit | edit source]
The purpose of this article is to explain how to configure the ETZPC using the device tree mechanism, relying on the bindings documentation, that is the description of the required and optional device-tree properties.
The peripheral can be assigned to different contexts/software components, depending on the final product needs. Refer to How to assign an internal peripheral to an execution context article for guidelines on this configuration .
2. DT bindings documentation[edit | edit source]
The device tree binding documents are stored either in the given applicable components listed below, or in the Linux kernel repository:
- Linux, U-Boot:
- ETZPC device tree bindings : Documentation/devicetree/bindings/bus/st,sys-bus.yaml
- OP-TEE:
- ETZPC device tree bindings : documentation/devicetree/bindings/soc/stm32/st,stm32-etzpc.yaml
3. DT configuration[edit | edit source]
This hardware description is a combination of the STM32 microprocessor device tree files (.dtsi extension) and board device tree files (.dts extension). See the Device tree for an explanation of the device-tree file organization.
STM32CubeMX can be used to generate the board device tree. Refer to How to configure the DT using STM32CubeMX for more details.
3.1. DT configuration (STM32/SoC level)[edit | edit source]
The ETZPC node is located in the device tree file for the software components, supporting the peripheral and listed in the above DT bindings documentation paragraph.
It is only included on SoC supporting secure boot.
3.2. DT configuration (board level)[edit | edit source]
The objective of this chapter is to explain how to enable and configure the ETZPC DT nodes for a board.
Peripheral configuration should be done in specific board device tree files (board dts file).
The ETZPC node in the board dedicated device tree file is used to configure the status of securable peripherals. The "st,decprot" property must only contain the list of peripherals for which the user wants a different status than the one configured by default in the ETZPC. Refer to the ETZPC chapter of the reference manual [1] for more details.
To fill the "st,decprot" property, a DECPROT helper macro is provided. Its definition is in a dedicated header file:
3.3. DT configuration examples[edit | edit source]
&etzpc { st,decprot = < DECPROT(STM32MP1_ETZPC_USART1_ID, DECPROT_NS_RW, DECPROT_UNLOCK) DECPROT(STM32MP1_ETZPC_SPI6_ID, DECPROT_NS_RW, DECPROT_UNLOCK) DECPROT(STM32MP1_ETZPC_I2C4_ID, DECPROT_NS_RW, DECPROT_UNLOCK) DECPROT(STM32MP1_ETZPC_I2C6_ID, DECPROT_NS_RW, DECPROT_UNLOCK) DECPROT(STM32MP1_ETZPC_RNG1_ID, DECPROT_NS_RW, DECPROT_UNLOCK) DECPROT(STM32MP1_ETZPC_HASH1_ID, DECPROT_NS_RW, DECPROT_UNLOCK) DECPROT(STM32MP1_ETZPC_CRYP1_ID, DECPROT_NS_RW, DECPROT_UNLOCK) >; };
By default these peripherals are secure only. They can then be configured to be used by the non-secure world in read and write modes.
Below another example of peripheral assignment (here the RNG2) to the MCU. This is only available on STM32MP15x lines . By default this peripheral is assigned to the MPU non-secure world.
&etzpc { st,decprot = < DECPROT(STM32MP1_ETZPC_RNG2_ID, DECPROT_MCU_ISOLATION, DECPROT_UNLOCK) >; };
4. How to configure the DT using STM32CubeMX[edit | edit source]
The STM32CubeMX tool can be used to configure the STM32MPU device and get the corresponding platform configuration device tree files.
STM32CubeMX may not support all the properties described in DT binding files listed in the above DT bindings documentation paragraph. If so, the tool inserts user sections in the generated device tree. These sections can then be edited to add some properties, and they are preserved from one generation to another. Refer to STM32CubeMX user manual for further information.
5. References[edit | edit source]
Refer to the following links for additional information: