SYSRAM internal memory

Revision as of 13:31, 1 February 2022 by Registered User

1 Article purpose[edit]

The purpose of this article is to briefly introduce the SYSRAM internal memory and indicate the level of security supported by this memory.

2 Peripheral overview[edit]

The SYSRAM is an internal memory peripheral. It is physically located near the Arm® Cortex-A to optimize the core performance.

  • STM32MP13x lines More info.png SYSRAM is 128-Kbyte wide
  • STM32MP15x lines More info.png SYSRAM is 256-Kbyte wide

2.1 Features[edit]

Refer to the STM32MP13 reference manuals or STM32MP15 reference manuals for the complete list of features, and to the software components, introduced below, to see which features are really implemented.

2.2 Security support[edit]

The SYSRAM is a secure peripheral (under ETZPC TrustZone memory adapter (TZMA)): it can be split into a secure and a non-secure regions with a 4-Kbyte granularity.

3 Peripheral usage and associated software[edit]

3.1 Boot time[edit]

3.1.1 On STM32MP13x lines More info.png[edit]

The ROM code leaves the SYSRAM secure when it jumps to the entry point of the FSBL that it just loaded into the SYSRAM.
The FSBL does not have to keep any context in SYSRAM when it jumps to the SSBL: each boot stage is independent from the other.

3.1.2 On STM32MP15x lines More info.png[edit]

The ROM code mainly configures the SYSRAM as a secure peripheral during its execution. It uses 9 Kbytes located at the beginning of the SYSRAM to store its read and write data. Among them, it stores the boot context in the first 512 bytes of SYSRAM: this boot context contains several information (such as the selected boot device) and pointers to the ROM code exported services (used for secure boot authentication). The ROM code loads the FSBL just after the boot context, into the remaining 247 Kbytes of SYSRAM, and eventually branches the Cortex®-A7 core 0 execution to this FSBL.
The FSBL code can use the whole SYSRAM, but it must take care not to overwrite the boot context before taking it into account.

3.2 Runtime[edit]

3.2.1 Overview[edit]

In STMicroelectronics distribution, the SYSRAM runtime mapping is the one reached at the end of the boot. It is consequently fully secure and contains a minimal secure monitor (from TF-A) or a secure OS (like OP-TEE).

You may decide to split the SYSRAM at runtime. In this case:

  • set the SYSRAM bottom secure, for a Cortex®-A7 secure monitor (from TF-A) or a secure OS (such as OP-TEE)

and

  • set the SYSRAM top non-secure, for instance for using in Linux® as reserved memory
Info white.png Information
STM32MP13 embeds an on-the-fly DDR cyphering engine, the DDRMCE internal peripheral, allowing to put secure sensitive code inside the external DDR, instead of the SYSRAM

3.2.2 Software frameworks[edit]

3.2.2.1 On STM32MP13x lines More info.png[edit]
Domain Peripheral Software components Comment
OP-TEE Linux
Core/RAM SYSRAM OP-TEE Linux reserved memory
3.2.2.2 On STM32MP15x lines More info.png[edit]
Domain Peripheral Software components Comment
OP-TEE Linux STM32Cube
Core/RAM SYSRAM TF-A BL32 or OP-TEE Linux reserved memory

3.2.3 Peripheral configuration[edit]

The configuration is applied by the firmware running in the context to which the peripheral is assigned. The configuration can be done alone via the STM32CubeMX tool for all internal peripherals, and then manually completed (particularly for external peripherals), according to the information given in the corresponding software framework article.

3.2.4 Peripheral assignment[edit]

3.2.4.1 On STM32MP13x lines More info.png[edit]

Click on the right to expand the legend...

STM32MP13IPsOverview.png

Check boxes illustrate the possible peripheral allocations supported by STM32 MPU Embedded Software:

  • means that the peripheral can be assigned () to the given runtime context.
  • means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
  • is used for system peripherals that cannot be unchecked because they are statically connected in the device.

Refer to How to assign an internal peripheral to an execution context for more information on how to assign peripherals manually or via STM32CubeMX.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possiblities might be described in STM32MP13 reference manuals.

Domain Peripheral Runtime allocation Comment
Instance Cortex-A7
secure
(OP-TEE)
Cortex-A7
non-secure
(Linux)
Core/RAM SYSRAM SYSRAM Shareable (multiple choices supported)
3.2.4.2 On STM32MP15x lines More info.png[edit]

Click on the right to expand the legend...

STM32MP15 internal peripherals

Check boxes illustrate the possible peripheral allocations supported by STM32 MPU Embedded Software:

  • means that the peripheral can be assigned () to the given runtime context.
  • means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in STM32 MPU Embedded Software distribution.
  • is used for system peripherals that cannot be unchecked because they are statically connected in the device.

Refer to How to assign an internal peripheral to an execution context for more information on how to assign peripherals manually or via STM32CubeMX.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possiblities might be described in STM32MP15 reference manuals.

Domain Peripheral Runtime allocation Comment
Instance Cortex-A7
secure
(OP-TEE)
Cortex-A7
non-secure
(Linux)
Cortex-M4

(STM32Cube)
Core/RAM SYSRAM SYSRAM Shareable (multiple choices supported)

4 References[edit]