Last edited one month ago

RISAB internal peripheral

Applicable for   STM32MP23x lines  STM32MP25x lines

1. Article purpose[edit | edit source]

The purpose of this article is to:

  • Briefly introduce the RISAB peripheral and its main features.
  • Indicate the peripheral instances assignment at boot time and their assignment at runtime (including whether instances can be allocated to secure contexts).
  • List the software frameworks and drivers managing the peripheral.
  • Explain how to configure the peripheral.

2. Peripheral overview[edit | edit source]

The RISAB peripheral is part of the RIF. It is used to protect internal RAMs.
Its main features are:

  • Configuration at fixed size memory blocks (512 B) and pages (4 KB)
  • Access filtering per:
    • secure level
    • CID filtering
    • privilege level per CID
    • read-only, write-only, or read/write per CID
  • Possibility to delegate page configuration to a specified execution context defined by delegated configuration CID. Useful to manage memory region access right at software component level instead of requiring changes to TDCID secure OS.

Refer to the STM32 MPU reference manuals for the complete list of features, and to the software frameworks and drivers, introduced below, to see which features are implemented.

3. Peripheral usage[edit | edit source]

This chapter is applicable in the scope of the OpenSTLinux BSP running on the Arm® Cortex®-A processor, and the STM32CubeMPU Package running on the Arm® Cortex®-M processor.

On STM32MP25x lines More info.png and STM32MP23x lines More info.png, there are six RISAB instances. On STM32MP21x lines More info.png, there are only four (RISAB4 and RISAB6 are removed). The following table shows RISAB - internal SRAM mapping and provides information regarding RISAB programming owner and default hardware configuration.
RISAB registers are accessible in read by all execution context to check memory can be accessed or not.

RISAB instance Internal SRAM Owner Default configuration
RISAB1 SYSRAM1 (lower 128 KB) Cortex-A35 secure Secure, unprivileged, any CID
RISAB2 SYSRAM2 (upper 128 KB) Cortex-A35 secure Secure, unprivileged, any CID
RISAB3 SRAM1 (lower 128 KB) TDCID secure Nonsecure, unprivileged, any CID
RISAB4[Note 1] SRAM2 (upper 128 KB) TDCID secure Nonsecure, unprivileged, any CID
RISAB5 RETRAM TDCID secure Secure, unprivileged, any CID
RISAB6[Note 1] VDERAM TDCID secure Nonsecure, unprivileged, any CID
  1. 1.0 1.1 Not present on STM32MP21x lines More info.png

RISAB configurations are done during bootflow according to memory usage. The ROM code and the FSBL perform an initial RISAB configuration to allow and secure their execution. The RISAB configuration for runtime execution is applied afterwards by the TDCID secure OS.

3.1. Boot time assignment[edit | edit source]

3.1.1. On STM32MP21x lines More info.png[edit | edit source]

Click on How to.png to expand or collapse the legend...

  • means that the peripheral can be assigned to the given boot time context.
  • means that the peripheral is assigned by default to the given boot time context and that the peripheral is mandatory for the Yocto-based OpenSTLinux Embedded Software.
  • means that the peripheral can be assigned to the given boot time context, but this configuration is not supported in Yocto-based OpenSTLinux Embedded Software.
  • is used for system peripherals that cannot be unchecked because they are hardware connected in the device.

The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32 MPU reference manuals.

Domain Peripheral Boot time allocation Comment How to.png
Instance Cortex-A35
secure
(ROM code)
Cortex-A35
secure
(TF-A BL2)
Cortex-A35
nonsecure
(U-Boot)
Security RISAB RISAB1
RISAB2
RISAB3 Used by ROM code only in serial boot for USB buffer management
RISAB5 Used by ROM code only during cold boot

3.1.2. On STM32MP23x lines More info.png[edit | edit source]

Click on How to.png to expand or collapse the legend...

  • means that the peripheral can be assigned to the given boot time context.
  • means that the peripheral is assigned by default to the given boot time context and that the peripheral is mandatory for the Yocto-based OpenSTLinux Embedded Software.
  • means that the peripheral can be assigned to the given boot time context, but this configuration is not supported in Yocto-based OpenSTLinux Embedded Software.
  • is used for system peripherals that cannot be unchecked because they are hardware connected in the device.

The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32 MPU reference manuals.

Domain Peripheral Boot time allocation Comment How to.png
Instance Cortex-A35
secure
(ROM code)
Cortex-A35
secure
(TF-A BL2)
Cortex-A35
nonsecure
(U-Boot)
Security RISAB RISAB1
RISAB2
RISAB3 Used by ROM code only in serial boot for USB buffer management
RISAB4
RISAB5 Used by ROM code only during cold boot
RISAB6

3.1.3. On STM32MP25x lines More info.png[edit | edit source]

Click on How to.png to expand or collapse the legend...

  • means that the peripheral can be assigned to the given boot time context.
  • means that the peripheral is assigned by default to the given boot time context and that the peripheral is mandatory for the Yocto-based OpenSTLinux Embedded Software.
  • means that the peripheral can be assigned to the given boot time context, but this configuration is not supported in Yocto-based OpenSTLinux Embedded Software.
  • is used for system peripherals that cannot be unchecked because they are hardware connected in the device.

The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32 MPU reference manuals.

Domain Peripheral Boot time allocation Comment How to.png
Instance Cortex-A35
secure
(ROM code)
Cortex-A35
secure
(TF-A BL2)
Cortex-A35
nonsecure
(U-Boot)
Security RISAB RISAB1
RISAB2
RISAB3 Used by ROM code only in serial boot for USB buffer management
RISAB4
RISAB5 Used by ROM code only during cold boot
RISAB6

3.2. Runtime assignment[edit | edit source]

3.2.1. On STM32MP21x lines More info.png[edit | edit source]

Click on How to.png to expand or collapse the legend...

STM32MP21 internal peripherals

Check boxes illustrate the possible peripheral allocations supported by Yocto-based OpenSTLinux Embedded Software:

  • means that the peripheral can be assigned to the given runtime context.
  • means that the peripheral is assigned by default to the given runtime context and that the peripheral is mandatory for the Yocto-based OpenSTLinux Embedded Software.
  • means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in Yocto-based OpenSTLinux Embedded Software.
  • is used for system peripherals that cannot be unchecked because they are hardware connected in the device.

Refer to How to assign an internal peripheral to an execution context for more information on how to assign peripherals manually or via STM32CubeMX.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32MP21 reference manuals.

Domain Peripheral Runtime allocation Comment How to.png
Instance Cortex-A35
secure
(OP-TEE /
TF-A BL31)
Cortex-A35
nonsecure
(Linux)
Cortex-M33
secure
(TF-M)
Cortex-M33
nonsecure
(STM32Cube)
Security RISAB RISAB1 OP-TEE
RISAB2 OP-TEE
RISAB3 OP-TEE
RISAB5 OP-TEE

3.2.2. On STM32MP23x lines More info.png[edit | edit source]

Click on How to.png to expand or collapse the legend...

STM32MP23 internal peripherals

Check boxes illustrate the possible peripheral allocations supported by Yocto-based OpenSTLinux Embedded Software:

  • means that the peripheral can be assigned to the given runtime context.
  • means that the peripheral is assigned by default to the given runtime context and that the peripheral is mandatory for the Yocto-based OpenSTLinux Embedded Software.
  • means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in Yocto-based OpenSTLinux Embedded Software.
  • is used for system peripherals that cannot be unchecked because they are hardware connected in the device.

Refer to How to assign an internal peripheral to an execution context for more information on how to assign peripherals manually or via STM32CubeMX.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32MP23 reference manuals.

Domain Peripheral Runtime allocation Comment How to.png
Instance Cortex-A35
secure
(OP-TEE /
TF-A BL31)
Cortex-A35
nonsecure
(Linux)
Cortex-M33
secure
(TF-M)
Cortex-M33
nonsecure
(STM32Cube)
Security RISAB RISAB1 OP-TEE
RISAB2 OP-TEE
RISAB3 OP-TEE
RISAB4 OP-TEE
RISAB5 OP-TEE
RISAB6 OP-TEE

3.2.3. On STM32MP25x lines More info.png[edit | edit source]

Click on How to.png to expand or collapse the legend...

STM32MP25 internal peripherals

Check boxes illustrate the possible peripheral allocations supported by Yocto-based OpenSTLinux Embedded Software:

  • means that the peripheral can be assigned to the given runtime context.
  • means that the peripheral is assigned by default to the given runtime context and that the peripheral is mandatory for the Yocto-based OpenSTLinux Embedded Software.
  • means that the peripheral can be assigned to the given runtime context, but this configuration is not supported in Yocto-based OpenSTLinux Embedded Software.
  • is used for system peripherals that cannot be unchecked because they are hardware connected in the device.

Refer to How to assign an internal peripheral to an execution context for more information on how to assign peripherals manually or via STM32CubeMX.
The present chapter describes STMicroelectronics recommendations or choice of implementation. Additional possibilities might be described in STM32MP25 reference manuals.

Domain Peripheral Runtime allocation Comment How to.png
Instance Cortex-A35
secure
(OP-TEE /
TF-A BL31)
Cortex-A35
nonsecure
(Linux)
Cortex-M33
secure
(TF-M)
Cortex-M33
nonsecure
(STM32Cube)
Cortex-M0+
(STM32Cube)
Security RISAB RISAB1 OP-TEE
RISAB2 OP-TEE
RISAB3 OP-TEE
RISAB4 OP-TEE
RISAB5 OP-TEE
RISAB6 OP-TEE

4. Software frameworks and drivers[edit | edit source]

Below are listed the software frameworks and drivers managing the RISAB peripheral for the embedded software components listed in the above tables.

5. How to assign and configure the peripheral[edit | edit source]

The STM32CubeMX graphical tool proposes an interface to configure the different RISAB memory regions.
It is possible to select for each region:

  • the security level
  • the privilege level
  • if the region is encrypted or not (depends on RISAF capability)
  • the master CID

The STM32CubeMX will generate the associated device tree configuration for the FSBL and secure OS running on the TDCID processor.

6. References[edit | edit source]