How to use the secure display feature

Applicable for

Coming soon

1. Article purpose[edit source]

This article aims to explain how to use the secure display hardware feature thanks to:

the STM32 LTDC internal peripheral
the following secure hardware internal peripherals:
- on STM32MP13x lines , the STM32 ETZPC internal peripheral
- on STM32MP25x lines , the STM32 RIFSC internal peripheral
the STM32 OP-TEE framework and its related libutee library^[1] that offers services to Trusted Applications (TA) including the Trusted User Interface (TUI) API

This article also explains how to configure and use a Trusted User Interface / Trusted Application example for demonstrating the secure display hardware feature.

Secure display feature example with the pin pad on STM32MP257x-EV1 Evaluation board

2. Prerequisites[edit source]

To run the Trusted User Interface / Trusted Application example, required hardware boards and software stacks are listed below:

On STM32MP13x lines : The STM32MP135x-DK Discovery kit
On STM32MP25x lines : The STM32MP257x-EV1 Evaluation board or the STM32MP257x-DK Discovery kit
A display panel or the HDMI interface
An OpenSTLinux distribution

3. LTDC Secure layer description[edit source]

On STM32MP13x lines , the LTDC layer2 can be set as secure (under ETZPC control), whereas the layer1 is always non-secure.

On STM32MP25x lines , the LTDC layer3 can be set as secure (under RIFSC internal peripheral control), whereas layer1 and layer2 are always non-secure, with grouped regs and additional interrupt set:

The RISUP differentiates the access right of accesses performed toward the following RIF protected peripheral ID:
- "LTDC common": LTDC common registers, about panel info, synchronization, interface
- "LTDC_L1L2" (layer 1 and 2): for the window of any two default applications
- "LTDC_L3": LTDC layer 3, for the window of a potentially secure application, or any default application if there is no secure layer
- "LTDC_ROT": LTDC rotation, with information about the rotation buffers
The RIMU differentiates the bus transactions emitted by the following AXI masters:
- "RIMU_L1L2": read access only for layer 1 and 2, always non-protected
- "RIMU_L3": read access only for layer 3, potentially protected
- "RIMU_ROT": write of blended pixels, and read of to-be-rotated pixels, potentially protected, because containing blended pixels of the protected layer 3

Information

Please refer to the STM32 MPU reference manuals for more details on the LTDC secure display hardware feature.

4. Related softwares and Configurations[edit source]

4.1. Device Tree[edit source]

4.2. OP-TEE[edit source]

header file of LTDC HAL module

4.3. Linux kernel[edit source]

drivers/gpu/drm/stm/ltdc.c

...
      /*
       * Check the security of layer 2.
       * Do not expose this layer to the user (do not create a plan)
       * if this one is reserved for secure application.
       */
      if (of_device_is_compatible(dev->of_node, "st,stm32mp25-ltdc")) {
            ret = stm32_rifsc_check_access_by_id(STM32MP25_RIFSC_LTDC_L2_ID);
            if (ret)
                  ldev->caps.nb_layers--;
      }
...

Check the number of DRM/KMS layers are exposed to the userland with next commands:

Information

If the secure layer is used, the userland application can used the remaining 1 layer on STM32MP13x lines and the remaining 2 layers on STM32MP25x lines

.

modetest -p

add modetest results

4.4. Userland Trusted Application example[edit source]

5. Debug and Traces[edit source]

6. How to run the TUI TA example[edit source]

Boot the board, then use the optee-tui-client binary example, using the following command examples.

Get the optee-tui-client help and usage:

optee-tui-client
Usage:
       --print-screen-info
       --blank-screen <color> (value in ARGB format, ex. 0xFF112233)
       --display-image <x>,<y>,<width>,<height>,<path> (file in raw ARGB format)
       --draw-pin-pad

Get the display information:

Information

All traces starting with "D/TA:..." are related to the OP-TEE Trusted Application debug mode.

 optee-tui-client --print-screen-info
D/TA:  TA_InvokeCommandEntryPoint:160 result: 0
D/TA:  TA_InvokeCommandEntryPoint:160 result: 0
width: 1024
height: 600
width DPI: 160
height DPI: 160
color depth: 0
D/TA:  TA_InvokeCommandEntryPoint:160 result: 0

Set a background color on the secure layer to a given color (100% red in the below example):

Information

Use the key sequence "CTRL+C" in the console to stop the example.

 optee-tui-client --blank-screen 0xFF0000
D/TA:  TA_InvokeCommandEntryPoint:160 result: 0
D/TA:  TA_InvokeCommandEntryPoint:160 result: 0
Hit Ctrl-C to quit
^C

Start the application example with the pin pad use case:

Warning

The pin pad example is part of the OP-TEE libutee/tui example but is not functional. To make it functional, it would be necessary to add the hardware and software secure management of the touchscreen (including its associated I2C interface) and to add a software secure pin code authentification/verification mechanism...

 optee-tui-client --draw-pin-pad
D/TA:  TA_InvokeCommandEntryPoint:160 result: 0
D/TA:  TA_InvokeCommandEntryPoint:160 result: -65529
TEEC_InvokeCommand 7 failed with code 0xffff0007 origin 0x4

Secure display feature example with the pin pad on STM32MP257x-EV1 Evaluation board

7. How to go further[edit source]

You may be interested in the following related articles:

How to use LTDC layers from CM33 and CA35 simultaneously

8. References[edit source]

↑ OP-TEE libraries (libutee) man pages

[libutee-1] OP-TEE libraries (libutee) man pages

[1]