Difference between revisions of "STM32MP15 backup registers"

[quality revision] [pending revision]
m (At runtime)
 
 





1 Article purpose[edit]

The purpose of this article is to explain how the TAMP backup registers are used by STM32MPU Embedded Software.

2 Overview[edit]

The STM32MP15 embeds 32 backup registers of 32 bits. A programmable border allows to split those backup registers into a secure and a non-secure group.
By default, the ROM code defines the 10 first backup registers as secure, but this secure/non-secure border can be changed later on from the secure world.

3 Backup registers usage[edit]

This paragraph explains for which purpose some backup registers are used by the ROM code and STM32MPU Embedded Software distribution.
Then, the next chapter shows the backup register mapping used to fulfill those needs.

Warning.png It is important to notice that the backup registers are erased when a tamper detection occurs in TAMP internal peripheral

3.1 At boot time[edit]

  • Non-secure backup registers are used:
    • during a cold boot:
      • by U-Boot to initialize the boot counter, that should be reset later on by the application.
    • after a reset:
      • by U-Boot to get an eventual forced boot mode that was set before reset. This can be useful to set U-Boot in programmer mode after a reboot, for instance. Note that this forced boot mode is not interprated by the ROM code.
      • by U-Boot to increment the boot counter and perform given actions if a predefined number of successive boots is reached, due to cyclic resets before the application is alive (and clears the counter).
  • Secure backup registers are used:
    • to tell to the FSBL (TF-A or U-Boot SPL) how to behave:
      • on cold boot, the ROM code sets the magic number to 0x0: this value tells to the FSBL that a complete DDR initialization is needed before jumping to the SSBL (U-Boot).
      • on wakeup from Standby with DDR in self-refresh low power mode, if the magic number == 0xCA7FACE0 then the FSBL performs a partial DDR initialization to exit Self-Refresh then it branches the Arm® Cortex®-A7 core 0 non-secure execution to the given branch address (in Linux® kernel, that was set during secure context saving before the Standby low power mode entering).
    • by Linux® kernel on Arm® Cortex®-A7 core 0 (via a PSCI secure service) to tell to the ROM code how to start Arm® Cortex®-A7 core 1 (and enable the SMP mode): when Arm® Cortex®-A7 core 1 non-secure sees the magic number == 0xCA7FACE1 then it jumps to the given branch address.
    • by the ROM code during wakeup from Standby low power mode to recover the Cortex®-M4 firmware integrity check value and compare it to the one computed on RETRAM before starting the Cortex®-M4 again.

Notice: the ROM code knows if Cortex®-A7 and/or Cortex®-M4 have to be restarted after Standby thanks to RCC_MP_BOOTCR register, so the backup registers are not used here.

3.2 At runtime[edit]

  • Non secure backup registers
    • own the boot counter and should be reset by the application after a successful startup.
    • are used to store Cortex®-M4 retention firmware integrity check value before going to Standby mode, if the Cortex®-M4 needs to be started on wakeup from Standby mode by the ROM code.
  • Secure backup registers
    • are used by secure services to store:
      • Arm® Cortex®-A7 core 0 branch address that are used by the ROM code on wakeup from Standby mode.
      • Arm® Cortex®-M4 security perimeter that is restored by the ROM code before starting the Cortex®-M4 on wakeup from Standby.


4 Memory mapping[edit]

The table below shows the backup register mapping used by STM32MPU Embedded Software.
The TAMP backup register base address is 0x5C00A100, corresponding to TAMP_BKP0R.

TAMP register Security ROM / software register name Comment
TAMP_BKP31R Non-secure BACKUP_M4_WAKEUP_AREA_HASH SHA-256 integrity check value computed on RETRAM by Linux remoteproc during the coprocessor firmware loading and checked by the ROM code on wakeup from Standby before starting the coprocessor
TAMP_BKP30R Non-secure
TAMP_BKP29R Non-secure
TAMP_BKP28R Non-secure
TAMP_BKP27R Non-secure
TAMP_BKP26R Non-secure
TAMP_BKP25R Non-secure
TAMP_BKP24R Non-secure
TAMP_BKP23R Non-secure BACKUP_M4_WAKEUP_AREA_LENGTH Amount of bytes hashed in RETRAM to compute the integrity check value
TAMP_BKP22R Non-secure BACKUP_M4_WAKEUP_AREA_START Start address in RETRAM from where the integrity check value has to be computed
TAMP_BKP21R Non-secure BACKUP_BOOT_COUNTER Boot counter
TAMP_BKP20R Non-secure BACKUP_BOOT_MODE[1] Boot mode context information
TAMP_BKP19R Non-secure (Reserved for future use)
TAMP_BKP18R Non-secure (Reserved for future use)
TAMP_BKP17R Non-secure (Reserved for future use)
TAMP_BKP16R Non-secure (Reserved for future use)
TAMP_BKP15R Non-secure (Reserved for future use)
TAMP_BKP14R Non-secure (Reserved for future use)
TAMP_BKP13R Non-secure (Reserved for future use)
TAMP_BKP12R Non-secure (Reserved for future use)
TAMP_BKP11R Non-secure (Reserved for future use)
TAMP_BKP10R Non-secure (Reserved for future use)
TAMP_BKP9R Secure (Reserved for future use)
TAMP_BKP8R Secure (Reserved for future use)
TAMP_BKP7R Secure (Reserved for future use)
TAMP_BKP6R Secure (Reserved for future use)
TAMP_BKP5R Secure BACKUP_BRANCH_ADDRESS[1] CPU0 or CPU1 branch address
TAMP_BKP4R Secure BACKUP_MAGIC_NUMBER[1] CPU0 or CPU1 boot magic number
TAMP_BKP3R Secure BACKUP_M4_SECURITY_PERIMETER_EXTI3 Value of AEIC TZENR3
TAMP_BKP2R Secure BACKUP_M4_SECURITY_PERIMETER_EXTI2 Value of AEIC TZENR2
TAMP_BKP1R Secure BACKUP_M4_SECURITY_PERIMETER_EXTI1 Value of AEIC TZENR1
TAMP_BKP0R Secure BACKUP_WAKEUP_SEC Wakeup parameters

5 References[edit]

{{ReviewsComments|W916 GBA: backup register #17 to be reserved for resource table address}}
{{ReviewsComments|W938 FabienD: RscTable : implementation ongoing and planned for DV 1.2.0}}<noinclude>

{{ArticleMainWriter|GeraldB}}
{{ArticleApprovedVersion| GeraldB | LionelD, PatrickD | No previous approved version | AlainF - 26Oct'18 - 9168 | 1Oct'18}}

[[Category:STM32MP15 platform configuration|3]]</noinclude>

__FORCETOC__

== Article purpose ==
The purpose of this article is to explain how the [[TAMP internal peripheral|TAMP]] backup registers are used by [[STM32MPU Embedded Software architecture overview|STM32MPU Embedded Software]].

== Overview ==
The STM32MP15 embeds 32 backup registers of 32 bits. A programmable border allows to split those backup registers into a secure and a non-secure group.<br />

By default, the [[STM32MP15 ROM code overview|ROM]] code defines the 10 first backup registers as secure, but this secure/non-secure border can be changed later on from the secure world.

== Backup registers usage ==
This paragraph explains for which purpose some backup registers are used by the [[STM32MP15 ROM code overview|ROM]] code and [[STM32MPU Embedded Software distribution]].<br />

Then, the next chapter shows the backup register mapping used to fulfill those needs.<br />
<br />

{{Warning|It is important to notice that the backup registers are erased when a tamper detection occurs in [[TAMP internal peripheral]]}}
=== At boot time ===
{{InternalInfo| '''Non-secure backup registers''' not yet developed usage:
* by [[U-Boot overview|U-Boot]] or [[Linux remoteproc framework overview|Linux remoteproc]] to store the Cortex<sup>&reg;</sup>-M4 firmware '''integrity check value'''. This firmware can be loaded in U-Boot or in Linux<sup>&reg;</sup>, depending on the [[Boot chains overview|boot chain configuration]].
}}
* '''Non-secure backup registers''' are used:
** during a cold boot:
*** by [[U-Boot overview|U-Boot]] to initialize the '''boot counter''', that should be reset later on by the application.
** after a reset:
*** by [[U-Boot overview|U-Boot]] to get an eventual '''forced boot mode''' that was set before reset. This can be useful to set U-Boot in programmer mode after a reboot, for instance. Note that this '''forced boot mode''' is not interprated by the [[STM32MP15 ROM code overview|ROM]] code.
*** by [[U-Boot overview|U-Boot]] to increment the '''boot counter''' and perform given actions if a predefined number of successive boots is reached, due to cyclic resets before the application is alive (and clears the counter).
* '''Secure backup registers''' are used:
** to tell to the FSBL ([[TF-A overview|TF-A]] or [[U-Boot overview|U-Boot SPL]]) how to behave:
*** on cold boot, the [[STM32MP15 ROM code overview|ROM]] code sets the '''magic number''' to 0x0: this value tells to the FSBL that a complete [[DDRCTRL and DDRPHYC internal peripherals|DDR]] initialization is needed before jumping to the SSBL ([[U-Boot overview|U-Boot]]).
*** on wakeup from Standby with DDR in self-refresh [[Power overview|low power mode]], if the '''magic number''' == 0xCA7FACE0 then the FSBL performs a partial [[DDRCTRL and DDRPHYC internal peripherals|DDR]] initialization to exit Self-Refresh then it branches the Arm<sup>&reg;</sup> Cortex<sup>&reg;</sup>-A7 core 0 non-secure execution to the given '''branch address''' (in Linux<sup>&reg;</sup> kernel, that was set during secure context saving before the Standby [[Power overview|low power mode]] entering).
** by Linux<sup>&reg;</sup> kernel on Arm<sup>&reg;</sup> Cortex<sup>&reg;</sup>-A7 core 0 (via a PSCI secure service) to tell to the [[STM32MP15 ROM code overview|ROM]] code how to start Arm<sup>&reg;</sup> Cortex<sup>&reg;</sup>-A7 core 1 (and enable the SMP mode): when Arm<sup>&reg;</sup> Cortex<sup>&reg;</sup>-A7 core 1 non-secure sees the '''magic number''' == 0xCA7FACE1 then it jumps to the given '''branch address'''.
** by the [[STM32MP15 ROM code overview|ROM]] code during wakeup from Standby [[Power overview|low power mode]] to recover the Cortex<sup>&reg;</sup>-M4 firmware '''integrity check value''' and compare it to the one computed on [[RETRAM internal memory|RETRAM]] before starting the Cortex<sup>&reg;</sup>-M4 again.
Notice: the [[STM32MP15 ROM code overview|ROM]] code knows if Cortex<sup>&reg;</sup>-A7 and/or Cortex<sup>&reg;</sup>-M4 have to be restarted after Standby thanks to [[RCC internal peripheral|RCC_MP_BOOTCR]] register, so the backup registers are not used here.

=== At runtime ===
* Non secure backup registers
** own the '''boot counter''' and should be reset by the application after a successful startup.
** are used to store Cortex<sup>&reg;</sup>-M4 retention firmware '''integrity check value''' before going to Standby mode, if the Cortex<sup>&reg;</sup>-M4 needs to be started on wakeup from Standby mode by the [[STM32MP15 ROM code overview|ROM]] code.
* Secure backup registers
** are used by [[TF-A overview#BL32|secure services]] to store:
*** Arm<sup>&reg;</sup> Cortex<sup>&reg;</sup>-A7 core 0 '''branch address''' that are used by the [[STM32MP15 ROM code overview|ROM]] code on wakeup from Standby mode.
*** Arm<sup>&reg;</sup> Cortex<sup>&reg;</sup>-M4 '''security perimeter''' that is restored by the [[STM32MP15 ROM code overview|ROM]] code before starting the Cortex<sup>&reg;</sup>-M4 on wakeup from Standby.
{{ReviewsComments| GeraldB W838: to be completed with a description of the '''Cortex-M state''' and '''Cortex-A state''' once those registers using is agreed<br />

TAMP_BKP19R / Non-secure / BACKUP_CORTEX_M_STATE / Cortex-M state (written by Cortex-M / read by Cortex-A)<br />

TAMP_BKP18R / Non-secure / BACKUP_CORTEX_A_STATE / Cortex-A state (written by Cortex-A / read by Cortex-M)}}

== Memory mapping ==
The table below shows the backup register mapping used by [[STM32MPU Embedded Software architecture overview|STM32MPU Embedded Software]].<br />

The TAMP backup register base address is 0x5C00A100, corresponding to TAMP_BKP0R.
{| 
! [[TAMP internal peripheral|TAMP]] register
! Security
! [[STM32MP15 ROM code overview|ROM]] / software register name
! Comment
|-
| TAMP_BKP31R
| Non-secure
| rowspan="8" | BACKUP_M4_WAKEUP_AREA_HASH
| rowspan="8" | SHA-256 integrity check value computed on [[RETRAM internal memory|RETRAM]] by [[Linux remoteproc framework overview|Linux remoteproc]] during the coprocessor firmware loading and checked by the [[STM32MP15 ROM code overview|ROM]] code on wakeup from Standby before starting the coprocessor
|-
| TAMP_BKP30R
| Non-secure
|-
| TAMP_BKP29R
| Non-secure
|-
| TAMP_BKP28R
| Non-secure
|-
| TAMP_BKP27R
| Non-secure
|-
| TAMP_BKP26R
| Non-secure
|-
| TAMP_BKP25R
| Non-secure
|-
| TAMP_BKP24R
| Non-secure
|-
| TAMP_BKP23R
| Non-secure
| BACKUP_M4_WAKEUP_AREA_LENGTH
| Amount of bytes hashed in [[RETRAM internal memory|RETRAM]] to compute the integrity check value
|-
| TAMP_BKP22R
| Non-secure
| BACKUP_M4_WAKEUP_AREA_START
| Start address in [[RETRAM internal memory|RETRAM]] from where the integrity check value has to be computed
|-
| TAMP_BKP21R
| Non-secure
| BACKUP_BOOT_COUNTER
| Boot counter
|-
| TAMP_BKP20R
| Non-secure
| BACKUP_BOOT_MODE<ref name="u-boot">{{CodeSource | U-Boot | arch/arm/mach-stm32mp/include/mach/stm32.h}}</ref>

| Boot mode context information
|-
| TAMP_BKP19R
| Non-secure
| 
| 
(Reserved for future use)|-
| TAMP_BKP18R
| Non-secure
| 
| 
(Reserved for future use)|-
| TAMP_BKP17R
| Non-secure
|
| (Reserved for future use)
|-
| TAMP_BKP16R
| Non-secure
|
| (Reserved for future use)
|-
| TAMP_BKP15R
| Non-secure
|
| (Reserved for future use)
|-
| TAMP_BKP14R
| Non-secure
|
| (Reserved for future use)
|-
| TAMP_BKP13R
| Non-secure
|
| (Reserved for future use)
|-
| TAMP_BKP12R
| Non-secure
|
| (Reserved for future use)
|-
| TAMP_BKP11R
| Non-secure
|
| (Reserved for future use)
|-
| TAMP_BKP10R
| Non-secure
|
| (Reserved for future use)
|-
| TAMP_BKP9R
| Secure
|
| (Reserved for future use)
|-
| TAMP_BKP8R
| Secure
|
| (Reserved for future use)
|-
| TAMP_BKP7R
| Secure
|
| (Reserved for future use)
|-
| TAMP_BKP6R
| Secure
|
| (Reserved for future use)
|-
| TAMP_BKP5R
| Secure
| BACKUP_BRANCH_ADDRESS<ref name="u-boot" />

| CPU0 or CPU1 branch address
|-
| TAMP_BKP4R
| Secure
| BACKUP_MAGIC_NUMBER<ref name="u-boot" />

| CPU0 or CPU1 boot magic number
|-
| TAMP_BKP3R
| Secure
| BACKUP_M4_SECURITY_PERIMETER_EXTI3
| Value of AEIC TZENR3
|-
| TAMP_BKP2R
| Secure
| BACKUP_M4_SECURITY_PERIMETER_EXTI2
| Value of AEIC TZENR2
|-
| TAMP_BKP1R
| Secure
| BACKUP_M4_SECURITY_PERIMETER_EXTI1
| Value of AEIC TZENR1
|-
| TAMP_BKP0R
| Secure
| BACKUP_WAKEUP_SEC
| Wakeup parameters
|}

== References ==<references/>
(3 intermediate revisions by one other user not shown)
Line 1: Line 1:
  +
{{ReviewsComments|W916 GBA: backup register #17 to be reserved for resource table address}}
  +
{{ReviewsComments|W938 FabienD: RscTable : implementation ongoing and planned for DV 1.2.0}}
 
<noinclude>
 
<noinclude>
 
{{ArticleMainWriter|GeraldB}}
 
{{ArticleMainWriter|GeraldB}}
Line 108: Line 110:
 
| Non-secure
 
| Non-secure
 
|  
 
|  
|  
+
| (Reserved for future use)
 
|-
 
|-
 
| TAMP_BKP18R
 
| TAMP_BKP18R
 
| Non-secure
 
| Non-secure
 
|  
 
|  
|  
+
| (Reserved for future use)
 
|-
 
|-
 
| TAMP_BKP17R
 
| TAMP_BKP17R

Attachments

Discussions