How to develop an OP-TEE Trusted Application with STM32CubeIDE

This message will disappear after all relevant tasks have been resolved.

Semantic MediaWiki

There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

This article is a guideline to OP-TEE trusted application support, which is fully integrated from release 1.7.1.21_MP13-A1 of STM32CubeIDE.

It proposes to create an OP-TEE trusted application project implementing:

user space executable hello world which makes a call to OP-TEE trusted application
OP-TEE trusted application itself, with universally unique identifier (a.k.a. UUID) support

1. Prerequisites[edit source]

Minimum hardware

STM32MP135F-DK-based board
Linux console
Ethernet (or Ethernet over USB) for connection to Linux^® Cortex^®-A

Minimum software

STM32CubeIDE v1.7.1.21_MP13-A1 installed and
- STM32MP15 project created
- Yocto SDK installed thanks to "Setup OpenSTLinux", root project contextual menu
- Linux project imported thanks to "Import an OpenSTLinux project", root project contextual menu

Yocto SDK is required to built trusted application example and Linux project is used here only to deploy trusted application on the STM32MP13 target.

2. Create a Trusted Application project[edit source]

In the root project context, named "myMp135fDk" here, right-click and select Create an OP-TEE Trusted Application Project.

Trusted application project creation shortcut

Project name is given, note that the trusted application project uses by default the SDK version associated to the STM32MP13 project (OpenSTLinux 3.0.0 in this STM32CubeIDE 1.7 version).

STM32MP13 project enriched with OP-TEE Trusted Application projects

Trusted Application type project is created under root project. It contains two repositories for sources:

"host/", which targets user space executable sources
and "ta/" corresponding to trusted application sources

STM32MP13 project enriched with OP-TEE Trusted Application project

3. Build[edit source]

Select your trusted application project, right-click and then Build Project.

Trusted application project build

This build generates two objects:

the executable, "myTrustedApp" here under "Binaries/" Eclipse artifact
the trusted application, "37cc9755-b605-4b7a-8c9d-257ee26aaa21.ta" under "ta/" repository.

4. Preparing debug[edit source]

In order to debug user space application, your target must be Linux^® booted and network connected.

You can check boot messages via Linux^® console opened with butterfly icon, but remember this console cannot be shared outside STM32CubeIDE (minicom,...).

In order to check network connection, start the Target Status widget in the bottom right corner of the window.

Target Status - green

Check also How to set up proxy and P2P Ethernet connection with STM32CubeIDE if you are in that case.

5. Linux^® deployment configuration[edit source]

To run or debug the executable "myTrustedApp", it is required to download the trusted application (.ta) to the STM32MP13 device. Select the Linux project, right-click Run as... > Run Configurations, then select STM32 Cortex-A Linux Deployment'.

Linux deployment

Trusted application deployment configuration