1. Article purpose[edit source]
The purpose of this article is to:
- briefly introduce the Resource Isolation Framework and its main features,
- list the different elements that make it up
- explain how RIF is integrated at system level
2. What is Resource Isolation Framework[edit source]
The Resource Isolation Framework (aka RIF) is a fully integrated firewall solution, isolating execution contexts from each other. It allows to protect access to:
- Internal memories
- External memories
- Internal peripherals
- Peripheral features when a peripheral is providing multiple features that could be assigned to different execution contexts
and from:
- any bus master peripherals
3. Peripheral usage[edit source]
This chapter is applicable in the scope of the OpenSTLinux BSP running on the Arm® Cortex®-A processor(s), and the STM32CubeMPU Package running on the Arm® Cortex®-M processor.
3.1. Boot time assignment[edit source]
3.1.1. On STM32MP1 series[edit source]
The CRC peripheral is not used at boot time.
3.1.2. On STM32MP2 series[edit source]
Click on 
to expand or collapse the legend...
- ☐ means that the peripheral can be assigned to the given boot time context.
- ☑ means that the peripheral is assigned by default to the given boot time context and that the peripheral is mandatory for the STM32 MPU Embedded Software distribution.
- ⬚ means that the peripheral can be assigned to the given boot time context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
- ✓ is used for system peripherals that cannot be unchecked because they are hardware connected in the device.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32MP25 reference manuals.
| Domain | Peripheral | Boot time allocation | Comment
| |||
|---|---|---|---|---|---|---|
| Instance | Cortex-A35 secure (ROM code) |
Cortex-A35 secure (TF-A BL2) |
Cortex-A35 non-secure (U-Boot) | |||
| Security | CRC | CRC | ⬚ | |||
3.2. Runtime assignment[edit source]
3.2.1. On STM32MP13x lines 
[edit source]
Click on to expand or collapse the legend...
Check boxes illustrate the possible peripheral allocations supported by STM32 MPU Embedded Software:
- ☐ means that the peripheral can be assigned to the given runtime context.
- ☑ means that the peripheral is assigned by default to the given runtime context and that the peripheral is mandatory for the STM32 MPU Embedded Software distribution.
- ⬚ means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
- ✓ is used for system peripherals that cannot be unchecked because they are hardware connected in the device.
Refer to How to assign an internal peripheral to an execution context for more information on how to assign peripherals manually or via STM32CubeMX.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32MP13 reference manuals.
| Domain | Peripheral | Runtime allocation | Comment
| ||
|---|---|---|---|---|---|
| Instance | Cortex-A7 secure (OP-TEE) |
Cortex-A7 non-secure (Linux) | |||
| Security | CRC | CRC | ☐ | ||
3.2.2. On STM32MP15x lines [edit source]
Click on to expand or collapse the legend...
Check boxes illustrate the possible peripheral allocations supported by STM32 MPU Embedded Software:
- ☐ means that the peripheral can be assigned to the given runtime context.
- ☑ means that the peripheral is assigned by default to the given runtime context and that the peripheral is mandatory for the STM32 MPU Embedded Software distribution.
- ⬚ means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
- ✓ is used for system peripherals that cannot be unchecked because they are hardware connected in the device.
Refer to How to assign an internal peripheral to an execution context for more information on how to assign peripherals manually or via STM32CubeMX.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possiblities might be described in STM32MP15 reference manuals.
| Domain | Peripheral | Runtime allocation | Comment
| |||
|---|---|---|---|---|---|---|
| Instance | Cortex-A7 secure (OP-TEE) |
Cortex-A7 non-secure (Linux) |
Cortex-M4 (STM32Cube) | |||
| Security | CRC | CRC1 | ☐ | ☐ | ||
| CRC2 | ☐ | ☐ | ||||
3.2.3. On STM32MP25x lines [edit source]
Click on to expand or collapse the legend...
Check boxes illustrate the possible peripheral allocations supported by STM32 MPU Embedded Software:
- ☐ means that the peripheral can be assigned to the given runtime context.
- ☑ means that the peripheral is assigned by default to the given runtime context and that the peripheral is mandatory for the STM32 MPU Embedded Software distribution.
- ⬚ means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
- ✓ is used for system peripherals that cannot be unchecked because they are hardware connected in the device.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32MP25 reference manuals.
| Domain | Peripheral | Runtime allocation | Comment
| |||||
|---|---|---|---|---|---|---|---|---|
| Instance | Cortex-A35 secure (OP-TEE / TF-A BL31) |
Cortex-A35 non-secure (Linux) |
Cortex-M33 secure (TF-M) |
Cortex-M33 non-secure (STM32Cube) |
Cortex-M0+ (STM32Cube) | |||
| Security | CRC | CRC | ⬚OP-TEE | ☐ | ⬚ | ☐ | ||
4. Software frameworks and drivers[edit source]
Below are listed the software frameworks and drivers managing the CRC peripheral for the embedded software components listed in the above tables.
- Linux®: crypto framework
- STM32Cube: CRC HAL driver and header file of CRC HAL module
5. How to assign and configure the peripheral[edit source]
Arm® is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere. 