How to start with RIF on STM32N6 MCUs

This message will disappear after all relevant tasks have been resolved.

Semantic MediaWiki

There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

Introduction

Start by reading the RIF for STM32N6 article.

This wiki article shows a basic example of how to generate a Load and run project with TrustZone^® and STM32CubeMX, and make a LED blinking from a secure and nonsecure application.

This example demonstrates how to configure RIF in STM32CubeMX.

Other examples of RIF usage are available on STM32CubeN6 in STM32Cube_FW_N6_Vx.x.x\Projects\NUCLEO-N657X0-Q\Examples\RIF

Prerequisites

Hardware
- USB Type-C^® cable
- NUCLEO-N657X0-Q Nucleo board

Required tools
- STM32CubeProgrammer_rev2.18.0 or later

1. How to start with RIF and STM32CubeMX

The configuration proposed in this example is part of a project composed of three subprojects:

One for the first stage bootloader (FSBL)
One for the secure application part (Project_s)
One for the nonsecure application part (Project_ns).

This basic example performs the following actions:

Blue LED blinks5 times from the secure application, and then
Green LED blinks in an infinite loop from the nonsecure application.

This example shows a Load and run configuration : the secure and nonsecure applications are copied from external flash to internal SRAM, and then executed in internal SRAM.

1.1. Temporal description of operations

At power-on, the boot ROM copies the FSBL binary from the external memory into the internal SRAM.
Once the boot ROM task is completed, it jumps to the FSBL project into the internal SRAM (at 0x3418'0000)
FSBL:
- Executes the clock and system setting operations.
- Configures the external memories.
- Next, it copies the secure application binary, then the nonsecure application binary from external flash to internal SRAM (Load and Run configuration)
- When done, FSBL jumps into the secure application: the program counter is set to the secure application entry point, and the secure application is executed.

The secure application:
- Configures TrustZone^® SAU (done through the "partition_stm32n657xx.h" file)
- Configures the blue LED for use by the secure part
- Configures RISAF peripherals to set FLEXRAM, SRAM1 and SRAM2 secure or nonsecure attributes.
- Configures GPIOs RIFSC to allow
  - Nonsecure firmware to toggle the green LED
  - Secure firmware to toggle the blue LED
- Blue LED (GPIO PG.08) toggles 5 times with a 200 ms period.
- Prepares for jumping to the nonsecure firmware.
- Jumps to nonsecure firmware.
The nonsecure application main tasks are:
- Forever: green LED toggles in an infinite loop with a 200 ms period.

1.2. Memory partitioning

FLEXRAM and SRAM1 are defined as fully secure
- FLEXRAM (0x3400'0000 to 0x3406'3FFF) is defined as fully secure ROM area
- SRAM1 (0x3406'4000 to 0x340F'FFFF) is defined as fully secure RAM area
SRAM2 is defined as fully nonsecure
- (0x2410'0000 to 0x2417'FFFF) is defined as nonsecure ROM area
- (0x2418'0000 to 0x241F'FFFF) is defined as nonsecure RAM area
Peripherals alias non secure
- (0x4000'0000 to 0x4FFF'FFFF) is defined nonsecure

RISAF allows further refined control over access to any memory address.

The RISAFs are configured as follows:


RISAF	Configuration	Usage
RISAF 2 (AXISRAM1)	Secure	Secure application stack
RISAF 3 (AXISRAM2)	Nonsecure	Nonsecure application code + stack
RISAF 7 (FLEXRAM)	Secure	Secure application code

1.3. Project configuration with STM32CubeMX

Go to "ACCESS TO MCU SELECTOR" and choose STM32N657X0HxQ device to start a new project:

In this example a secure application and a nonsecure application is generated:

Enter the name of the project you have chosen:

The SAU can be configured in "Pinout & Configuration" panel.

The SAU settings must be aligned with the RIF configuration:

FlexRAM and SRAM1 are secure
SRAM2 is nonsecure
GPIO PG.00 (the green LED) is defined as nonsecure

Configure the RISAFs:

If RISAFs are not configured, only accesses that are secure, privileged and with CID=1 are allowed. As such, it is important to configure the RISAFs correctly before attempting to access memories, or the RISAFs will likely filter out some accesses.

Whenever a RISAF filters an access:

The RISAF logs the access violation characteristics in its registers (transaction characteristics and address)
The RISAF raises an interrupt signal to the IAC (careful: The NVIC does not handle the RISAF interrupt directly, but the IAC can use the RISAF interrupt to raise an IRQ that the NVIC handles)
Read accesses blocked by a RISAF return zero
Write accesses blocked by a RISAF are not written to target memory

First activate the RIF:

In RIF panel configure RISAF 7 secure for FLEXRAM:

Information

0 in "privilege" tab means that applications running in all compartments can access to this region in privileged or unprivileged mode.

0xFF in "Read" tab means that applications running in all compartments can read in this region

0xFF in "Write" tab means that applications running in all compartments can write in this region

Secure : only secure requests can access this region

Filtering : Region enabled. Otherwise access control is secure privileged and trusted domain CID=1

In RIF panel configure RISAF 2 secure for AXISRAM1:

In RIF panel configure RISAF 3 nonsecure for AXISRAM2:

GPIOs configuration:

BLUE LED is nonsecure (GPIOG Pin 8)

GREEN LED is nonsecure (GPIOG Pin 0)

Configure XSPI I/0 manager (XSPIM)

Update the parameters for XSPI2:

Configure the external memory manager to load and run mode:

Activate PWR domains and configure the parameters:

Configure BSEC:

The code can be generated:

1.4. Modifications in the code generated

Code to add in main.c (secure application) to make blue LED blinking:

  /* USER CODE BEGIN 1 */
int i=0;
  /* USER CODE END 1 */

/* USER CODE BEGIN 2 */

  do
  {
     HAL_GPIO_TogglePin(BLUE_LED_GPIO_Port, BLUE_LED_Pin);
     HAL_Delay(200);
     i++;
  }while(i<=10);
  
  /* USER CODE END 2 */

Code to add in main.c (nonsecure application):

 /* USER CODE BEGIN 3 */
     HAL_GPIO_TogglePin(GREEN_LED_GPIO_Port, GREEN_LED_Pin);
     HAL_Delay(200);

  }
  /* USER CODE END 3 */

Code to add in stm32_extmem_conf.h (FSBL)

/* USER CODE BEGIN EC */
#define EXTMEM_LRUN_TZ_ENABLE_NS
#define EXTMEM_LRUN_DESTINATION_ADDRESS_NS 0x34100000
#define EXTMEM_LRUN_SOURCE_ADDRESS_NS 0x180000
/* USER CODE END EC */

1.5. Execute the firmware

To execute the code:

Set the boot mode in Dev boot mode.

Boot modes configuration with switches:

Open the Project.eww file (double click) located in the EWARM folder previously generated with STM32CubeMX.

Select first the FSBL workspace
Rebuild all files from subproject FSBL (if no modification is done on FSBL project, this step can be done only once)
Select the Project_s workspace
Rebuild all files from subproject Project_s
Select the Project_ns workspace
Rebuild all files from subproject Project_ns

Create a new file called "sign_load.bat" in the EWARM folder, and copy paste this code in this new file:

@echo off
call "C:\STM32Cube_FW_N6_V1.1.0\Projects\NUCLEO-N657X0-Q\ROT_Provisioning"/env.bat

:: Enable delayed expansion
setlocal EnableDelayedExpansion

:: Keys folder
set projectdir=%~dp0
pushd "..\"
for /f "tokens=*" %%i in ("%cd%") do set projectname=%%~ni
popd
set trusted_binary_dir=%projectdir%
set Sbinary_binary_dir=%projectdir%\..\Secure_nsclib
set FSBLbinary_binary_dir=%projectdir%\FSBL\%projectname%_FSBL\Exe
set NSbinary_binary_dir=%projectdir%\AppliNonSecure\%projectname%_AppliNonSecure\Exe

set Sbinary_file=%Sbinary_binary_dir%\%projectname%_AppliSecure.bin
set NSbinary_file=%NSbinary_binary_dir%\%projectname%_AppliNonSecure.bin
set FSBLbinary_file=%FSBLbinary_binary_dir%\%projectname%_FSBL.bin
set FSBL_trusted_file=%trusted_binary_dir%\FSBL_wh.bin
set AppliS_trusted_file=%trusted_binary_dir%\AppliS_wh.bin
set AppliNS_trusted_file=%trusted_binary_dir%\AppliNS_wh.bin


set connect_no_reset=-c port=SWD ap=1 speed=fast

:: Sign the firmware to install
set command="%stm32signingtoolcli%" -bin "%FSBLbinary_file%" -nk -of 0x80000000 -t fsbl -o "%FSBL_trusted_file%" -hv 2.3 -dump "%FSBL_trusted_file%" -s
!command!
IF !errorlevel! NEQ 0 goto :error

:: Sign the firmware to install
set command="%stm32signingtoolcli%" -bin "%Sbinary_file%" -nk -of 0x80000000 -t fsbl -o "%AppliS_trusted_file%" -hv 2.3 -dump "%AppliS_trusted_file%" -s
!command!
IF !errorlevel! NEQ 0 goto :error

:: Sign the firmware to install
set command="%stm32signingtoolcli%" -bin "%NSbinary_file%" -nk -of 0x80000000 -t fsbl -o "%AppliNS_trusted_file%" -hv 2.3 -dump "%AppliNS_trusted_file%" -s
!command!
IF !errorlevel! NEQ 0 goto :error



::load trusted firmware
set command="%stm32programmercli%" %connect_no_reset% -w "%FSBL_trusted_file%" 0x70000000 -el "%stm32ExtLoaderFlash%" -w "%AppliS_trusted_file%" 0x70100000 -el "%stm32ExtLoaderFlash%" -w "%AppliNS_trusted_file%" 0x70180000 -el "%stm32ExtLoaderFlash%"
!command!
IF !errorlevel! NEQ 0 goto :error


cmd /k
exit 0

:error
echo Failed 
echo "%command% failed"
cmd /k
exit 1

This code will add headers to binary files generated.

It also flashes the trusted files generated in external memory.

Save this file and launch it (double-clicking).

Set the boot mode in flash boot mode

Boot modes configuration with switches:

Press reset: the blue LED must blink 5 times, and then the green LED must blink in an infinite loop.

1.6. Illegal access control

IAC can be initialized to signal user that an illegal access occurred in a memory or peripheral domain.

Usage of IAC with memory and peripheral is described in the Rif example of STM32CubeN6 in STM32Cube_FW_N6_Vx.x.x\Projects\NUCLEO-N657X0-Q\Examples\RIF.