BSEC internal peripheral

Revision as of 07:57, 24 September 2019 by Nicolas Le Bayon (talk | contribs) (add some information about OTP access conditions)

1 Article purpose[edit]

The purpose of this article is to

  • briefly introduce the BSEC peripheral and its main features
  • indicate the level of security supported by this hardware block
  • explain how each instance can be allocated to the three runtime contexts and linked to the corresponding software components
  • explain, when necessary, how to configure the BSEC peripheral.

2 Peripheral overview[edit]

The BSEC peripheral is used to control an OTP (one time programmable) fuse box, used for on-chip non-volatile storage for device configuration and security parameters.

2.1 Features[edit]

Refer to STM32MP15 reference manuals for the complete list of features, and to the software components, introduced below, to see which features are implemented.

2.2 Security support[edit]

The BSEC is a secure peripheral.

3 Peripheral usage and associated software[edit]

3.1 Boot time[edit]

The BSEC is configured at boot time to set up platform security.

3.2 Runtime[edit]

3.2.1 Overview[edit]

The BSEC instance is a system peripheral and is controlled by the Arm® Cortex®-A7 secure:

Info white.png Information
  • BSEC lower OTP access can be made available to the Arm® Cortex®-A7 non-secure.
  • Upper OTP access can be managed as exceptions (in Trusted Boot Chain only, using TF-A), via "secure monitor calls", managed by TF-A or by OP-TEE. Please refer to BSEC device tree configuration for more details.

3.2.2 Software frameworks[edit]

Internal peripherals software table template

| Security
| BSEC
| OP-TEE BSEC driver
| Linux NVMEM framework
|
|
|-
|}

3.2.3 Peripheral configuration[edit]

The configuration is based on Device tree, please refer to BSEC device tree configuration article.
It can be applied by the firmware running in a secure context, done in TF-A or in OP-TEE.
It can also be configured by Linux® kernel, please refer to NVMEM overview article.

3.2.4 Peripheral assignment[edit]

Internal peripherals assignment table template

| rowspan="1" | Security
| rowspan="1" | BSEC
| BSEC
| 
| 
|
|
|-
|}

4 How to go further[edit]

5 References[edit]