Introduction
Start by reading the RIF for STM32N6 article.
This wiki article shows a basic example of how to generate a project with TrustZone® and STM32CubeMX, and make a LED blinking from a secure and nonsecure application. This example demonstrates how to configure RIF in STM32CubeMX.
Other examples of RIF usage are available on STM32CubeN6 in STM32Cube_FW_N6_Vx.x.x\Projects\NUCLEO-N657X0-Q\Examples\RIF
Prerequisites
- Hardware
- USB Type-C® cable
- NUCLEO-N657X0-Q Nucleo board
- Required tools
- STM32CubeProgrammer_rev2.18.0 or later
1. How to start with RIF and STM32CubeMX
The configuration proposed in this example is part of a project composed of three subprojects:
- One for the first stage bootloader (FSBL)
- One for the secure application part (Project_s)
- One for the nonsecure application part (Project_ns).
This basic example performs the following actions:
- Blue LED blinks5 times from the secure application, and then
- Green LED blinks in an infinite loop from the nonsecure application.
1.1. Temporal description of operations
- At power-on, the boot ROM copies the FSBL binary from the external memory into the internal SRAM.
- Once the boot ROM task is completed, it jumps to the FSBL project into the internal SRAM (at 0x3418'0000)
- FSBL:
- Executes the clock and system setting operations.
- Configures the external memories.
- Next, it copies the secure application binary, then the nonsecure application binary from external flash to internal SRAM.
- When done, FSBL jumps into the secure application: the program counter is set to the secure application entry point, and the secure application is executed.
- The secure application:
- Configures TrustZone® SAU (done through the "partition_stm32n657xx.h" file)
- Configures the blue LED for use by the secure part
- Configures RISAF peripherals to set FLEXRAM, SRAM1 and SRAM2 secure or nonsecure attributes.
- Configures GPIOs RIFSC to allow
- Nonsecure firmware to toggle the green LED
- Secure firmware to toggle the blue LED
- Blue LED (GPIO PG.08) toggles 5 times with a 200 ms period.
- Prepares for jumping to the nonsecure firmware.
- Jumps to nonsecure firmware.
- The nonsecure application main tasks are:
- Forever: green LED toggles in an infinite loop with a 200 ms period.
1.2. Memory partitioning
- FLEXRAM and SRAM1 are defined as fully secure
- FLEXRAM (0x3400'0000 to 0x3406'3FFF) is defined as fully secure ROM area
- SRAM1 (0x3406'4000 to 0x340F'FFFF) is defined as fully secure RAM area
- SRAM2 is defined as fully nonsecure
- (0x2410'0000 to 0x2417'FFFF) is defined as nonsecure ROM area
- (0x2418'0000 to 0x241F'FFFF) is defined as nonsecure RAM area
- Peripherals alias non secure
- (0x4000'0000 to 0x4FFF'FFFF) is defined nonsecure
RISAF allows further refined control over access to any memory address.
The RISAFs are configured as follows:
| RISAF | Configuration | Usage |
|---|---|---|
| RISAF 2 (AXISRAM1) | Secure | Secure application stack |
| RISAF 3 (AXISRAM2) | Nonsecure | Nonsecure application code + stack |
| RISAF 7 (FLEXRAM) | Secure | Secure application code |
1.3. Project configuration with STM32CubeMX
Go to "ACCESS TO MCU SELECTOR" and choose STM32N657X0HxQ device to start a new project:
In this example a secure application and a nonsecure application is generated:
Enter the name of the project you have chosen:
The SAU can be configured in "Pinout & Configuration" panel.
The SAU settings must be aligned with the RIF configuration:
- FlexRAM and SRAM1 are secure
- SRAM2 is nonsecure
- GPIO PG.00 (the green LED) is defined as nonsecure
Configure the RISAFs:
- First activate the RIF:
- In RIF panel configure RISAF 7 secure for FLEXRAM:
- In RIF panel configure RISAF 2 secure for AXISRAM1:
- In RIF panel configure RISAF 3 nonsecure for AXISRAM2:
GPIOs configuration:
- BLUE LED is nonsecure (GPIOG Pin 8)
- GREEN LED is nonsecure (GPIOG Pin 0)
- Configure XSPI I/0 manager (XSPIM)
- Update the parameters for XSPI2:
- Configure the external memory manager to load and run mode:
- Activate PWR domains and configure the parameters:
- Configure BSEC:
The code can be generated:
1.4. Modifications in the code generated
Code to add in main.c (secure application) to make blue LED blinking:
/* USER CODE BEGIN 1 */
int i=0;
/* USER CODE END 1 */
/* USER CODE BEGIN 2 */
do
{
HAL_GPIO_TogglePin(BLUE_LED_GPIO_Port, BLUE_LED_Pin);
HAL_Delay(200);
i++;
}while(i<=10);
/* USER CODE END 2 */
in SystemIsolation_Config() function, the end address must be corrected for FLEXRAM:
/* set up base region configuration for FLEXRAM*/
/* region 1 is secure */
risaf_base_config.EndAddress = 0x63fff;
HAL_RIF_RISAF_ConfigBaseRegion(RISAF7, RISAF_REGION_1, &risaf_base_config);
Code to add in main.c (nonsecure application):
/* USER CODE BEGIN 3 */
HAL_GPIO_TogglePin(GREEN_LED_GPIO_Port, GREEN_LED_Pin);
HAL_Delay(200);
}
/* USER CODE END 3 */
Code to add in stm32_extmem_conf.h (FSBL)
/* USER CODE BEGIN EC */
#define EXTMEM_LRUN_TZ_ENABLE_NS
#define EXTMEM_LRUN_DESTINATION_ADDRESS_NS 0x34100000
#define EXTMEM_LRUN_SOURCE_ADDRESS_NS 0x180000
/* USER CODE END EC */
1.5. Execute the firmware
To execute the code:
- Set the boot mode in Dev boot mode.
Boot modes configuration with switches:
- Open the Project.eww file (double click) located in the EWARM folder previously generated with STM32CubeMX.
- Select first the FSBL workspace
- Rebuild all files from subproject FSBL (if no modification is done on FSBL project, this step can be done only once)
- Select the Project_s workspace
- Rebuild all files from subproject Project_s
- Select the Project_ns workspace
- Rebuild all files from subproject Project_ns
Create a new file called "sign_load.bat" in the EWARM folder, and copy paste this code in this new file:
@echo off
call "C:\STM32Cube_FW_N6_V1.1.0\Projects\NUCLEO-N657X0-Q\ROT_Provisioning"/env.bat
:: Enable delayed expansion
setlocal EnableDelayedExpansion
:: Keys folder
set projectdir=%~dp0
pushd "..\"
for /f "tokens=*" %%i in ("%cd%") do set projectname=%%~ni
popd
set trusted_binary_dir=%projectdir%
set Sbinary_binary_dir=%projectdir%\..\Secure_nsclib
set FSBLbinary_binary_dir=%projectdir%\FSBL\%projectname%_FSBL\Exe
set NSbinary_binary_dir=%projectdir%\AppliNonSecure\%projectname%_AppliNonSecure\Exe
set Sbinary_file=%Sbinary_binary_dir%\%projectname%_AppliSecure.bin
set NSbinary_file=%NSbinary_binary_dir%\%projectname%_AppliNonSecure.bin
set FSBLbinary_file=%FSBLbinary_binary_dir%\%projectname%_FSBL.bin
set FSBL_trusted_file=%trusted_binary_dir%\FSBL_wh.bin
set AppliS_trusted_file=%trusted_binary_dir%\AppliS_wh.bin
set AppliNS_trusted_file=%trusted_binary_dir%\AppliNS_wh.bin
set connect_no_reset=-c port=SWD ap=1 speed=fast
:: Sign the firmware to install
set command="%stm32signingtoolcli%" -bin "%FSBLbinary_file%" -nk -of 0x80000000 -t fsbl -o "%FSBL_trusted_file%" -hv 2.3 -dump "%FSBL_trusted_file%" -s
!command!
IF !errorlevel! NEQ 0 goto :error
:: Sign the firmware to install
set command="%stm32signingtoolcli%" -bin "%Sbinary_file%" -nk -of 0x80000000 -t fsbl -o "%AppliS_trusted_file%" -hv 2.3 -dump "%AppliS_trusted_file%" -s
!command!
IF !errorlevel! NEQ 0 goto :error
:: Sign the firmware to install
set command="%stm32signingtoolcli%" -bin "%NSbinary_file%" -nk -of 0x80000000 -t fsbl -o "%AppliNS_trusted_file%" -hv 2.3 -dump "%AppliNS_trusted_file%" -s
!command!
IF !errorlevel! NEQ 0 goto :error
::load trusted firmware
set command="%stm32programmercli%" %connect_no_reset% -w "%FSBL_trusted_file%" 0x70000000 -el "%stm32ExtLoaderFlash%" -w "%AppliS_trusted_file%" 0x70100000 -el "%stm32ExtLoaderFlash%" -w "%AppliNS_trusted_file%" 0x70180000 -el "%stm32ExtLoaderFlash%"
!command!
IF !errorlevel! NEQ 0 goto :error
cmd /k
exit 0
:error
echo Failed
echo "%command% failed"
cmd /k
exit 1
This code will add headers to binary files generated.
It also flashes the trusted files generated in external memory.
Save this file and launch it (double-clicking).
Set the boot mode in flash boot mode
Boot modes configuration with switches:
Press reset: the blue LED must blink 5 times, and then the green LED must blink in an infinite loop.