STM32MP2 ROM code resource isolation

Revision as of 13:46, 8 December 2023 by Registered User (→‎FMC rawNAND)

1. Article purpose[edit source]

The purpose of this article is to describe the different requirements on system configuration (RIF, RCC) to guarantee a correct execution of the ROM code in all the supported execution contexts.

2. Introduction[edit source]

The STM32MP2 ROM code is executed in different contexts:

  • Cold boot to load the FSBL-A or the FSBL-M depending on main processor selection. In this context, Cortex-M33 and other master peripherals are under reset.
  • Standby exit to reload FSBL-A and restart Cortex-A35. In this context, Cortex-M33 and other master peripherals are under reset. But part of the system is initialized (Mainly RIF)
  • D1Standby exit to (re)load FSBL-A and restart Cortex-A35. In the context, Cortex-M33 and other master peripherals could be running. Moreover system is fully initialized (RIF, RCC...)

Depending on main processor selection (Cortex-A35 TDCID or Cortex-M33 TDCID) ROM code has or not the right to modify system configuration under TDCID responsibility. Moreover ROM code execution shall not impact rest of system during D1Stanby exit sequence.

Some rules on system configuration (RIF, RCC...) must be applied to guarantee STM32MP2 ROM code execution and isolation in the different contexts:

3. ROM code peripheral assignment[edit source]

3.1. Principles[edit source]

ROM code shall be able to access all resources required for its execution whatever ROM execution context (Cold boot, Standby exit and D1 Standby exit).

Depending on ROM code execution context, part of the system could be already configured and running. System configuration should be compliant with ROM code resource needs.

  • RIF configuration including RIFSC and RIF-aware peripherals
  • RCC clock tree configuration

At each execution ROM code checks resource access rights based on RIF registers (RIFSC and RIF-aware).

Four actions are possible:

Resource control type What is controlled How
Ensuring non-exclusive access The ROM code first checks that either resource access rights are not set, or are statically assigned to A35 The ROM code checks that either CID filtering is not configured, or is configured static and assigned to the A35.
Ensuring exclusive access The ROM code checks that either resource is statically assigned to A35, or that resource is shared via its semaphore, and semaphore can be taken within 10 ms. The ROM code checks that either CID filtering is configured static and assigned to the A35, or CID filtering is configured dynamic (meaning resource is shared via a semaphore) and semaphore can be taken within 10 ms.
Checking security level The ROM code checks that resource security level correspond to its needs The ROM code checks that resource security level
Setting security level The ROM code sets resource security level according to its needs. Indeed in that case security level used by SW ecosystem could be different from ROM code one. The ROM code sets resource security level according to its needs.

3.2. Secure peripherals[edit source]

The ROM code always ensure exclusive access and security level on these peripherals:

Peripheral RIF resource number RIF block Comment Secure level checked
BSEC clock R103 RCC 1
CPU1 boot, reset, IWDG management R70 RCC 1
CPU PWR1 R2 PWR power control 1
STGEN R33 RCC flexgen 1


In case of secure boot when the chip is in CLOSED-LOCKED state, the ROM code always ensure exclusive access and security level on these peripherals:

Peripheral RIF resource number RIF block Secure level checked
RNG R92 RIFSC 1
PKA R93 RIFSC 1
SAES R94 RIFSC 1
HASH R95 RIFSC 1
CRYP1 R96 RIFSC 1
SYSRAM/RISAB2 R74 RCC 1
CA35SS R106 RCC 1

3.3. Non-secure peripherals[edit source]

ROM code ensures non-secure access to non-secure peripherals used during its execution, then it set security level according to its needs.

ROM code adapt list of non-secure peripherals according to selected boot source.

3.3.1. SDMMC1 access ensure[edit source]

Checked in the following boot selection:

  • Cortex-A35 main processor
  • Boot from eMMC SDMMC1
  • Boot from SD-Card SDMMC1
  • Cortex-M33 main processor single boot device
  • Boot from eMMC SDMMC1
  • Boot from SD-Card SDMMC1
  • Cortex-M33 main processor dual boot device
  • Boot Cortex-M33 from sNOR and Cortex-A35 from eMMC SDMMC1
  • Boot Cortex-M33 from sNOR and Cortex-A35 from SD-Card SDMMC1
  • Boot Cortex-M33 from Hyperflash and Cortex-A35 from eMMC SDMMC1
  • Boot Cortex-M33 from Hyperflash and Cortex-A35 from SD-Card SDMMC1

The following table list resources associated to SDMMC1.

Function RIF resource number RIF block Resource description Secure level set Check at cold boot Check at Standby exit Check at D1Standby exit
Root Clock SDMMC1 R51 RCC Flexgen 51 0 Yes Yes Yes
Clock GPIOE R94 RCC GPIO E clock config 0 Yes Yes Yes
IO voltage protection R6 PWR VDDIO1 (PWR_C8) 1 Yes Yes Yes
GPIO PE3 R3 GPIOE SDMMC1_CK 0 Yes Yes Yes
GPIO PE2 R2 GPIOE SDMMC1_CMD 0 Yes Yes Yes
GPIO PE4 R4 GPIOE SDMMC1_D0 0 Yes Yes Yes
SDMMC1 R76 RIFSC SDMMC1 controller 0 Yes Yes Yes

3.3.2. SDMMC2 access ensure[edit source]

Checked in the following boot selection:

  • Cortex-A35 main processor
  • Boot from eMMC SDMMC2
  • Boot from SD-Card SDMMC2
  • Cortex-M33 main processor single boot device
  • Boot from eMMC SDMMC2
  • Boot from SD-Card SDMMC2
  • Cortex-M33 main processor dual boot device
  • Boot Cortex-M33 from sNOR and Cortex-A35 from eMMC SDMMC2
  • Boot Cortex-M33 from sNOR and Cortex-A35 from SD-Card SDMMC2
  • Boot Cortex-M33 from Hyperflash and Cortex-A35 from eMMC SDMMC2
  • Boot Cortex-M33 from Hyperflash and Cortex-A35 from SD-Card SDMMC2

The following table list resources associated to SDMMC2.

Function RIF resource number RIF block Resource description Secure level set Check at cold boot Check at Standby exit Check at D1Standby exit
Root Clock SDMMC2 R52 RCC Flexgen 52 0 Yes Yes Yes
Clock GPIOE R94 RCC GPIO E clock config 0 Yes Yes Yes
IO voltage protection R5 PWR VDDIO2 (PWR_C7) 1 Yes Yes Yes
GPIO PE14 R14 GPIOE SDMMC2_CK 0 Yes Yes Yes
GPIO PE15 R15 GPIOE SDMMC2_CMD 0 Yes Yes Yes
GPIO PE13 R13 GPIOE SDMMC2_D0 0 Yes Yes Yes
SDMMC2 R77 RIFSC SDMMC1 controller 0 Yes Yes Yes

3.3.3. OCTOSPI1 access ensure[edit source]

Checked in the following boot selection:

  • Cortex-A35 main processor
  • Boot from sNAND
  • Boot from sNOR
  • Boot from Hyperflash
  • Cortex-M33 main processor single boot device
  • Boot from sNAND
  • Boot from sNOR
  • Boot from Hyperflash
  • Cortex-M33 main processor dual boot device
  • Boot Cortex-M33 from sNOR and Cortex-A35 from eMMC SDMMC1
  • Boot Cortex-M33 from sNOR and Cortex-A35 from SD-Card SDMMC1
  • Boot Cortex-M33 from Hyperflash and Cortex-A35 from eMMC SDMMC1
  • Boot Cortex-M33 from Hyperflash and Cortex-A35 from SD-Card SDMMC1
  • Boot Cortex-M33 from sNOR and Cortex-A35 from eMMC SDMMC2
  • Boot Cortex-M33 from sNOR and Cortex-A35 from SD-Card SDMMC2
  • Boot Cortex-M33 from Hyperflash and Cortex-A35 from eMMC SDMMC2
  • Boot Cortex-M33 from Hyperflash and Cortex-A35 from SD-Card SDMMC2

The following table list resources associated to OctoSPI1.

Function RIF resource number RIF block Resource description Secure level set Check at cold boot Check at Standby exit Check at D1Standby exit
Root Clock Octospi1 R48 RCC Flexgen 48 0 Yes Yes Yes
Octospi1 Clock gating R110 RCC Octospi1 clock and resey 0 Yes Yes Yes
IOM R111 RIFSC IOManager 0 Yes Yes No
IO voltage protection R0 PWR VDDIO3 & VDDIO4 (PWR_CR1) 1 Yes Yes No
Clock GPIOB R91 RCC GPIO B clock config 0 Yes Yes No
Clock GPIOD R93 RCC GPIO B clock config 0 Yes Yes No
GPIO PD 0, 3-5 R0, 3-5 GPIOD Port 1 config single wire 0 Yes Yes No
GPIO PD 1, 2, 6-11 R1, 2, 6-11 GPIOD Port 1 hyperflash 0 Yes Yes No
GPIO PE 0, 1, 8, 10 R0, 1, 8, 10 GPIOE Port 2 config single wire 0 Yes Yes No
GPIO PE 2-7, 9, 11 R2-7, 9, 11 GPIOD Port 2 hyperflash 0 Yes Yes No


Info white.png Information
OctoSPI1 and OctoSPI2 controllers connected to the physical port thanks to the IO Manager (IOM) which support different modes (direct, swap or muxed). Mode is set by ecosystem SW according to board definition. When executed D1Standby exit procedure, ROM code can't modify IOM configuration set by ecosystem to not disturb rest of the system. It is ecosystem responsibility to set an IOM configuration that guarantee ROM code execution.

3.3.4. FMC raw NAND[edit source]

Checked in the following boot selection:

  • Cortex-A35 main processor
  • Boot from FMC raw NAND
  • Cortex-M33 main processor single boot device
  • Boot from FMC raw NAND
  • Cortex-M33 main processor dual boot device
  • Boot Cortex-M33 from sNOR and Cortex-A35 from FMC raw NAND
  • Boot Cortex-M33 from Hyperflash and Cortex-A35 from FMC raw NAND

The following table list resources associated to FMC.

Function RIF resource number RIF block Resource description Secure level set Check at cold boot Check at Standby exit Check at D1Standby exit
Root Clock FMC R50 RCC Flexgen 50 0 Yes Yes No
FMC clock gating R112 RCC FMC clock and reset 0 Yes Yes No
Clock GPIOB R91 RCC GPIO B clock config 0 Yes Yes No
Clock GPIOD R93 RCC GPIO D clock config 0 Yes Yes No
Clock GPIOE R94 RCC GPIO E clock config 0 Yes Yes No
IO voltage protection R5 PWR VDDIO2 (PWR_C7) 1 Yes Yes Yes
GPIO PB 13-14 R13-14 GPIOB 8bit config (12 IOs) 0 Yes Yes No
GPIO PD 12,14-15 R12, 14-15 GPIOD 8bit config (12 IOs) 0 Yes Yes No
GPIO PE 6-9, 11-15 R6-9, 11-15 GPIOE 8bit config (12 IOs) 0 Yes Yes No
GPIO PB 5-11 R5-11 GPIOB 16bit config added 0 Yes Yes No
GPIO PD13 R13 GPIOD 16bit config added 0 Yes Yes No
FMC R0 R0 FMC FMC common resource 0 Yes Yes No
FMC R5 R5 FMC FMC NAND controler 0 Yes Yes Yes
Info white.png Information
FMC is a RIF-aware peripheral. Each FMC internal controller could be allocated
Under construction.png Coming soon

Note:

  • IOM not reconfigured in D1Standby exit --> right configuration to be done by ecosystem SW
  • FMC R0 common register not reconfigured in D1Standby exit --> right configuration to be done by ecosystem SW

4. ROM code secure context isolation[edit source]

4.1. Principles[edit source]

  • guarantee that all secure IPs used by ROM code can't preempted by another secure processor running in parallel of the ROM code.
  • Guarantee that no bus master processors and peripherals can access ROM code resources (peripheral and memories)

--> No master with CID1 and Secure RIF configuration shall be active during ROM code execution


table droit d'accès avec common + lock in case of M33TD

4.2. Rules Secure peripherals RIF protection[edit source]

table avec resources

4.3. Rules on master peripherals RIF protection[edit source]

Resource Isolation Framework

Reset and clock control

Read only memory

First stage boot loader

Cortex®

Trusted Domain Compartment IDentifier - NEW

Resource Isolation Framework Security Controller - NEW

Boot and Security and OTP control

Independent watchdog

Central processing unit

System time generator

Random number generator

Former spelling for e•MMC ('e' in italic)

Secure digital

General-purpose input/output (A realization of open ended transmission between devices on an embedded level. These pins available on a processor can be programmed to be used to either accept input or provide output to external devices depending on user desires and applications requirements.)

input/output

Retrieved from "https://wiki.st.com/stm32mpu/index.php?title=STM32MP2_ROM_code_resource_isolation&oldid=99510"