HASH internal peripheral: Difference between revisions

Latest revision as of 11:18, 7 November 2024↑

Applicable for

STM32MP13x lines, STM32MP15x lines, Unknown MPU, Unknown MPU, Unknown MPU

1. Peripheral overview[edit | edit source]↑

The HASH peripheral is used to compute a message digest.
The HASH peripheral is also able to give the HMAC^[1] used for authentication using the same algorithm support.

1.1. On STM32MP13x lines and STM32MP2 unknown microprocessor device[edit | edit source]↑

Secure Hash algorithms supports:

SHA-1 ^[2]
SHA-2 ^[3]:
- SHA-224
- SHA-256
- SHA-384
- SHA-512
- Truncated output SHA-512/224, SHA512/256
SHA-3 ^[4]:
- SHA3-224
- SHA3-256
- SHA3-384
- SHA3-512
- SHAKE128 and 256
- Keccak-based functions
HMAC support for all supported algorithm

Refer to the STM32 MPU reference manuals for the complete list of features, and to the software frameworks and drivers, introduced below, to see which features are implemented.

1.2. On STM32MP15x lines [edit | edit source]↑

Secure Hash algorithms supports:

MD5 ^[5]
SHA-1 ^[2]
SHA-2 ^[3]:
- SHA-224
- SHA-256
HMAC support for all supported algorithm

Refer to the STM32MP15 reference manuals for the complete list of features, and to the software frameworks and drivers, introduced below, to see which features are implemented.

2. Peripheral usage[edit | edit source]↑

This chapter is applicable in the scope of the OpenSTLinux BSP running on the Arm^® Cortex^®-A processor(s), and the STM32CubeMPU Package running on the Arm^® Cortex^®-M processor.

2.1. Boot time assignment[edit | edit source]↑

The HASH instance is used as boot device to support binary authentication when device is in secured locked state.

2.1.1. On STM32MP13x lines [edit | edit source]↑

Expand

Click on the right to expand the legend...

Domain	Peripheral	Boot time allocation				Comment
Domain	Peripheral	Instance	Cortex-A7 secure (ROM code)	Cortex-A7 secure (TF-A BL2)	Cortex-A7 non-secure (U-Boot)	Comment
Security	HASH	HASH	✓	☑

2.1.2. On STM32MP15x lines [edit | edit source]↑

Expand

Click on the right to expand the legend...

Domain	Peripheral	Boot time allocation				Comment
Domain	Peripheral	Instance	Cortex-A7 secure (ROM code)	Cortex-A7 secure (TF-A BL2)	Cortex-A7 non-secure (U-Boot)	Comment
Security	HASH	HASH1	✓	☑
Security	HASH	HASH2				not used at boot time.

2.1.3. On STM32MP21 unknown microprocessor device[edit | edit source]↑

Click on to expand or collapse the legend...

Domain	Peripheral	Boot time allocation				Comment
Domain	Peripheral	Instance	Cortex-A35 secure (ROM code)	Cortex-A35 secure (TF-A BL2)	Cortex-A35 nonsecure (U-Boot)	Comment
Security	HASH	HASH1	✓	☑	☐

2.1.4. On STM32MP23 unknown microprocessor device[edit | edit source]↑

Click on to expand or collapse the legend...

Domain	Peripheral	Boot time allocation				Comment
Domain	Peripheral	Instance	Cortex-A35 secure (ROM code)	Cortex-A35 secure (TF-A BL2)	Cortex-A35 nonsecure (U-Boot)	Comment
Security	HASH	HASH	✓	☑	☐

2.1.5. On STM32MP25 unknown microprocessor device[edit | edit source]↑

Click on to expand or collapse the legend...

Domain	Peripheral	Boot time allocation				Comment
Domain	Peripheral	Instance	Cortex-A35 secure (ROM code)	Cortex-A35 secure (TF-A BL2)	Cortex-A35 nonsecure (U-Boot)	Comment
Security	HASH	HASH	✓	☑	☐

2.2. Runtime assignment[edit | edit source]↑

2.2.1. On STM32MP13x lines [edit | edit source]↑

Expand

Click on the right to expand the legend...

Domain	Peripheral	Runtime allocation			Comment
Domain	Peripheral	Instance	Cortex-A7 secure (OP-TEE)	Cortex-A7 non-secure (Linux)	Comment
Security	HASH	HASH	☐	☐	Assignment (single choice)

2.2.2. On STM32MP15x lines [edit | edit source]↑

Expand

Click on the right to expand the legend...

Domain	Peripheral	Runtime allocation				Comment
Domain	Peripheral	Instance	Cortex-A7 secure (OP-TEE)	Cortex-A7 non-secure (Linux)	Cortex-M4 (STM32Cube)	Comment
Security	HASH	HASH1	☐	☐		Assignment (single choice)
Security	HASH	HASH2			☐

2.2.3. On STM32MP21 unknown microprocessor device[edit | edit source]↑

Click on to expand or collapse the legend...

Domain	Peripheral	Runtime allocation					Comment
Domain	Peripheral	Instance	Cortex-A35 secure (OP-TEE / TF-A BL31)	Cortex-A35 nonsecure (Linux)	Cortex-M33 secure (TF-M)	Cortex-M33 nonsecure (STM32Cube)	Comment
Security	HASH	HASH1	☐^OP-TEE	☐	☐	☐
Security	HASH	HASH2	☐^OP-TEE	☐	☐	☐

2.2.4. On STM32MP23 unknown microprocessor device[edit | edit source]↑

Click on to expand or collapse the legend...

Domain	Peripheral	Runtime allocation					Comment
Domain	Peripheral	Instance	Cortex-A35 secure (OP-TEE / TF-A BL31)	Cortex-A35 nonsecure (Linux)	Cortex-M33 secure (TF-M)	Cortex-M33 nonsecure (STM32Cube)	Comment
Security	HASH	HASH	☐^OP-TEE	☐	☐	☐

2.2.5. On STM32MP25 unknown microprocessor device[edit | edit source]↑

Click on to expand or collapse the legend...

Domain	Peripheral	Runtime allocation						Comment
Domain	Peripheral	Instance	Cortex-A35 secure (OP-TEE / TF-A BL31)	Cortex-A35 nonsecure (Linux)	Cortex-M33 secure (TF-M)	Cortex-M33 nonsecure (STM32Cube)	Cortex-M0+ (STM32Cube)	Comment
Security	HASH	HASH	☐^OP-TEE	☐	☐	☐

3. Software frameworks and drivers[edit | edit source]↑

Below are listed the software frameworks and drivers managing the HASH peripheral for the embedded software components listed in the above tables.

Linux^®: crypto framework
OP-TEE: HASH driver and Cryptographic Provider API (CP API)
STM32Cube: HASH HAL driver and header file of HASH HAL module
TF-A BL2: HASH driver

4. How to assign and configure the peripheral[edit | edit source]↑

The peripheral assignment can be done via the STM32CubeMX graphical tool (and manually completed if needed).
This tool also helps to configure the peripheral:

partial device trees (pin control and clock tree) generation for the OpenSTLinux software components,
HAL initialization code generation for the STM32CubeMPU Package.

The configuration is applied by the firmware running in the context in which the peripheral is assigned.

5. References[edit | edit source]↑

[1] ttps://en.wikipedia.org/wiki/HMAC

[SHA-2] {Jump up to: 2.0} ^2.1 https://en.wikipedia.org/wiki/Secure_Hash_Algorithms

[SHA2-3] {Jump up to: 3.0} ^3.1 https://en.wikipedia.org/wiki/SHA-2

[4] ttps://en.wikipedia.org/wiki/SHA-3

[5] ttps://en.wikipedia.org/wiki/MD5

[1]

[2]

[3]

[4]

[5]

@@ Line 1: / Line 1: @@
 {{ApplicableFor
-|MPUs list=STM32MP13x, STM32MP15x
+|MPUs list=STM32MP13x, STM32MP15x, STM32MP21x, STM32MP23x, STM32MP25x
-|MPUs checklist=STM32MP13x, STM32MP15x
+|MPUs checklist=STM32MP13x, STM32MP15x, STM32MP21x, STM32MP23x, STM32MP25x
 }}
-<noinclude></noinclude>
-==Article purpose==
-The purpose of this article is to:
-* briefly introduce the HASH peripheral and its main features,
-* indicate the peripheral instances assignment at boot time and their assignment at runtime (including whether instances can be allocated to secure contexts),
-* list the software frameworks and drivers managing the peripheral,
-* explain how to configure the peripheral.
 ==Peripheral overview==
 The '''HASH''' peripheral is used to compute a message digest. <br />
 The '''HASH''' peripheral is also able to give the HMAC<ref>https://en.wikipedia.org/wiki/HMAC</ref> used for authentication using the same algorithm support.
-====On {{MicroprocessorDevice | device=13}}====
+====On {{MicroprocessorDevice | device=13}} and {{MicroprocessorDevice | device=2}}====
 Secure Hash algorithms supports:
 * SHA-1 <ref name=SHA>https://en.wikipedia.org/wiki/Secure_Hash_Algorithms</ref>
-* SHA-2 :
+* SHA-2 <ref name=SHA2>https://en.wikipedia.org/wiki/SHA-2</ref>:
 ** SHA-224
 ** SHA-256
@@ Line 33: / Line 24: @@
 * HMAC support for all supported algorithm
-Refer to the [[STM32MP13 resources#Reference manuals|STM32MP13 reference manuals]] for the complete list of features, and to the software frameworks and drivers, introduced below, to see which features are implemented.
+Refer to the [[STM32 MPU resources#Reference manuals|STM32 MPU reference manuals]] for the complete list of features, and to the software frameworks and drivers, introduced below, to see which features are implemented.
 ====On {{MicroprocessorDevice | device=15}}====
@@ Line 39: / Line 30: @@
 * MD5 <ref>https://en.wikipedia.org/wiki/MD5</ref>
 * SHA-1 <ref name=SHA>https://en.wikipedia.org/wiki/Secure_Hash_Algorithms</ref>
-* SHA-2 :
+* SHA-2 <ref name=SHA2>https://en.wikipedia.org/wiki/SHA-2</ref>:
 ** SHA-224
 ** SHA-256
@@ Line 50: / Line 41: @@
 ===Boot time assignment===
-The HASH instance is used as boot device to support binary authentication.
+The HASH instance is used as boot device to support binary authentication when device is in [[Device life cycle|secured locked]] state.
 ====On {{MicroprocessorDevice | device=13}}====
 {{#lst:STM32MP1_internal_peripherals_assignment_table_template|stm32mp1_boottime}}
@@ Line 83: / Line 74: @@
 |-
 <section end=stm32mp15_boottime />
+|}
+====On {{MicroprocessorDevice | device=21}}====
+{{#lst:STM32MP2_internal_peripherals_assignment_table_template|stm32mp2_a35_boottime}}
+<section begin=stm32mp21_a35_boottime />
+| rowspan="1" | Security
+| rowspan="1" | [[HASH internal peripheral | HASH]]
+| HASH1
+| <span title="system peripheral" style="font-size:21px">✓</span>
+| <span title="assigned peripheral" style="font-size:21px">☑</span>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+|
+|-
+<section end=stm32mp21_a35_boottime />
+|}
+====On {{MicroprocessorDevice | device=23}}====
+{{#lst:STM32MP2_internal_peripherals_assignment_table_template|stm32mp2_a35_boottime}}
+<section begin=stm32mp23_a35_boottime />
+| rowspan="1" | Security
+| rowspan="1" | [[HASH internal peripheral | HASH]]
+| HASH
+| <span title="system peripheral" style="font-size:21px">✓</span>
+| <span title="assigned peripheral" style="font-size:21px">☑</span>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+|
+|-
+<section end=stm32mp23_a35_boottime />
+|}
+====On {{MicroprocessorDevice | device=25}}====
+{{#lst:STM32MP2_internal_peripherals_assignment_table_template|stm32mp2_a35_boottime}}
+<section begin=stm32mp25_a35_boottime />
+| rowspan="1" | Security
+| rowspan="1" | [[HASH internal peripheral | HASH]]
+| HASH
+| <span title="system peripheral" style="font-size:21px">✓</span>
+| <span title="assigned peripheral" style="font-size:21px">☑</span>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+|
+|-
+<section end=stm32mp25_a35_boottime />
 |}
@@ Line 92: / Line 128: @@
   | rowspan="1" | [[HASH internal peripheral|HASH]]
   | HASH
-  | <span title="assigned peripheral" style="font-size:21px">☑</span>
+  | <span title="assignable peripheral" style="font-size:21px">☐</span>
   | <span title="assignable peripheral" style="font-size:21px">☐</span>
   | Assignment (single choice)
@@ Line 106: / Line 142: @@
   | HASH1
   | <span title="assignable peripheral" style="font-size:21px">☐</span>
-  | <span title="assigned peripheral" style="font-size:21px">☑</span>
+  | <span title="assignable peripheral" style="font-size:21px">☐</span>
   |
   | Assignment (single choice)
@@ Line 117: / Line 153: @@
   |-
 <section end=stm32mp15_runtime />
+|}
+====On {{MicroprocessorDevice | device=21}}====
+{{#lst:STM32MP2_internal_peripherals_assignment_table_template|stm32mp21_runtime}}
+<section begin=stm32mp21_a35_runtime />
+| rowspan="2" | Security
+| rowspan="2" | [[HASH internal peripheral | HASH]]
+| HASH1
+| <span title="assigned peripheral" style="font-size:21px">☐</span><sup>OP-TEE</sup>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+|
+|-
+| HASH2
+| <span title="assignable peripheral" style="font-size:21px">☐</span><sup>OP-TEE</sup>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+|
+|-
+<section end=stm32mp21_a35_runtime />
+|}
+====On {{MicroprocessorDevice | device=23}}====
+{{#lst:STM32MP2_internal_peripherals_assignment_table_template|stm32mp23_runtime}}
+<section begin=stm32mp23_a35_runtime />
+| rowspan="1" | Security
+| rowspan="1" | [[HASH internal peripheral | HASH]]
+| HASH
+| <span title="assigned peripheral" style="font-size:21px">☐</span><sup>OP-TEE</sup>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+|
+|-
+<section end=stm32mp23_a35_runtime />
+|}
+====On {{MicroprocessorDevice | device=25}}====
+{{#lst:STM32MP2_internal_peripherals_assignment_table_template|stm32mp25_runtime}}
+<section begin=stm32mp25_a35_runtime />
+| rowspan="1" | Security
+| rowspan="1" | [[HASH internal peripheral | HASH]]
+| HASH
+| <span title="assigned peripheral" style="font-size:21px">☐</span><sup>OP-TEE</sup>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+| <span title="assignable peripheral" style="font-size:21px">☐</span>
+|
+|
+|-
+<section end=stm32mp25_a35_runtime />
 |}
@@ Line 122: / Line 211: @@
 Below are listed the software frameworks and drivers managing the HASH peripheral for the embedded software components listed in the above tables.
-* '''Linux<sup>&reg;</sup>''': [[Crypto_API_overview|crypto framework]]
+*'''Linux<sup>&reg;</sup>''': [[Crypto_API_overview|crypto framework]]
-* '''OP-TEE''': [[OP-TEE_overview|HASH driver]] and {{CodeSource | OP-TEE_OS | core/include/crypto/crypto.h | Cryptographic Provider API (CP API)}}
+* '''OP-TEE''': [[STM32 MPU OP-TEE_overview|HASH driver]] and {{CodeSource | OP-TEE_OS | core/include/crypto/crypto.h | Cryptographic Provider API (CP API)}}
-* '''STM32Cube''': [[STM32CubeMP1 architecture|HASH HAL driver]] and {{CodeSource | STM32CubeMP1 | Drivers/STM32MP1xx_HAL_Driver/Inc/stm32mp1xx_hal_hash.h | header file of HASH HAL module}}
+*'''STM32Cube''': [[STM32CubeMP15 Package architecture|HASH HAL driver]] and {{CodeSource | STM32CubeMP1 | Drivers/STM32MP1xx_HAL_Driver/Inc/stm32mp1xx_hal_hash.h | header file of HASH HAL module}}
-* '''TF-A BL2''': [[TF-A_overview|HASH driver]]
+*'''TF-A BL2''': [[TF-A_overview|HASH driver]]
 ==How to assign and configure the peripheral==
 The peripheral assignment can be done via the [[STM32CubeMX]] graphical tool (and manually completed if needed).<br />
 This tool also helps to configure the peripheral:
-* partial device trees (pin control and clock tree) generation for the OpenSTLinux software components,
+*partial device trees (pin control and clock tree) generation for the OpenSTLinux software components,
-* HAL initialization code generation for the STM32CubeMPU Package.
+*HAL initialization code generation for the STM32CubeMPU Package.
 The configuration is applied by the firmware running in the context in which the peripheral is assigned.
 ==References==
-<references/>
+<references />
 <noinclude>