How to use an RTOS with Secure Manager on STM32H5

Revision as of 17:31, 24 October 2023 by Registered User (→‎Implementation example)
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

1. Introduction

In the context of the Secure Manager, an RTOS can be used. In this article, we will explore how an RTOS can be use with the Secure Manager, focused on the mechanism provided to ensure thread safe secure call. We will now use FreeRTOS to show how the implementation is done.

2. Implementation example

We will use FreeRTOS to make our secure manager project thread-safe and avoid concurrent access. To do this, we will implement mutexes to synchronize access to the library. Mutexes protect shared resources by preventing concurrent access to these resources in our case PSA API interface. To ensure project thread-safe and prevent concurrent access to shared resources in our secure manager project, we will be using FreeRTOS as an example. This will be achieved by implementing a mutex to protect against concurrent access to the PSA API interface.

2.1. PSA API interface thread safe


Implementing a mutex that is used to prevent multiple threads from accessing shared resources simultaneously. In our case, the mutex is used to prevent concurrent access to a specific PSA API secure manager.

the implementation, a function is needed that will initialize the mutex. The use of the mutex to protect access will be done in the functions that will need to be redefined (in ns_ipc_seq_begin and ns_ipc_seq_end functions defined as __weak in the middleware tfm_ns_interface.c).



Declare a mutex and initializes it to 0 :

static SemaphoreHandle_t nsIpcMutex = { 0 };

Create a function which is calls the xSemaphoreCreateMutex(), function to create the mutex and assigns it to the nsIpcMutex variable. If the mutex creation fails, an error is logged: 

void tfm_ns_interface_init( void )
{
  nsIpcMutex = xSemaphoreCreateMutex();
  if(nsIpcMutex == NULL)
  {
   // Logging Error
  }
}

Finally, implement the acquisition and release of the mutex in the ns_ipc_seq_begin and ns_ipc_seq_end functions, respectively. This will allow us to lock access when a thread calls the API, ensuring that shared resources are not accessed simultaneously. 

void ns_ipc_seq_begin(const ns_ipc_seq_info_t* info)
{
  /* Lock mutex */
  if(nsIpcMutex != NULL)
  {
    xSemaphoreTake(nsIpcMutex, portMAX_DELAY );
  }
  ….
}

void ns_ipc_seq_end(const ns_ipc_seq_info_t* info)
{
  /* Unlock mutex */
  if(nsIpcMutex != NULL)
  {
    xSemaphoreGive(nsIpcMutex);
  }
  ….
}



For more concrete examples, you can find real implementations in X-Cube-AWS & X-Cube-Azure using the security manager with a real-time operating system.

2.2. Memory Management

It is possible to configure SRAM 3 with heap RTOS configuration. The heap_5 implementation of FreeRTOS dynamic memory allocator is selected to use non-contiguous memory regions in SRAM1 and SRAM3. They need to set prvInitializeHeap() during the initialization.

Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:How_to_use_an_RTOS_with_Secure_Manager_on_STM32H5&oldid=43164"
No categories assignedEdit