Last edited 5 months ago

STM32MP1 boot chain overview

Applicable for STM32MP13x lines, STM32MP15x lines

1. Diagram frames and legend[edit source]

STM32MP hardware execution contexts

The hardware execution contexts are shown with vertical frames in the boot diagrams:

  • the  Arm Cortex-A secure  context, in pink
  • the  Arm Cortex-A non-secure  context, in dark blue
  • the  Arm Cortex-M  context, in light blue, for STM32MP15x lines More info.png only

The horizontal frame in:

  • the bottom part shows the boot chain
  • the top part shows the runtime services, that are installed by the boot chain


Boot chain diagrams legend

The legend on the right illustrates how the information about the various components shown in the frames are involved in the boot process. These are highlighted as follows:

  • The box color shows the component source code origin
  • The arrows show the loading and calling actions between the components
  • The Cube logo is used on the top right corner of components that can be configured via STM32CubeMX
  • The lock show the components that can be authenticated during the boot process


2. STM32MP13 boot chain[edit source]

2.1. Overview[edit source]

STM32MP13 boot chain uses Trusted Firmware-A (TF-A) as the FSBL in order to fulfill all the requirements for security-sensitive customers, and it uses U-Boot as the SSBL. Note that this boot chain can run on any STM32MP13 device security variant (that is, with or without the secure boot).
Refer to the security overview for an introduction of the secure features available on STM32MP13, from the secure boot up to trusted applications execution.

STM32MP13 boot chain

2.2. ROM code[edit source]

The ROM code starts the processor in secure mode. It supports the FSBL authentication and decryption.

2.3. First stage bootloader (FSBL)[edit source]

The FSBL is executed from the SYSRAM.
Among other things, this bootloader initializes (part of) the clock tree and the DDR controller. Finally, the FSBL loads the second-stage bootloader (SSBL) into the DDR external RAM and jumps to it.
The bootloader stage 2, so called TF-A BL2, is the Trusted Firmware-A (TF-A) binary used as FSBL on STM32MP13.

2.4. Second stage bootloader (SSBL)[edit source]

U-Boot is commonly used as a bootloader in embedded software and it is the one used on STM32MP13.

2.5. Linux[edit source]

Linux® OS is loaded in DDR by U-Boot and executed in the non-secure context.

2.6. Secure OS / Secure monitor[edit source]

The Cortex-A7 secure world supports OP-TEE secure OS.

3. STM32MP15 boot chain[edit source]

3.1. Overview[edit source]

STM32MP15 boot chain uses Trusted Firmware-A (TF-A) as the FSBL in order to fulfill all the requirements for security-sensitive customers, and it uses U-Boot as the SSBL. Note that the authentication is optional with this boot chain, so it can run on any STM32MP15 device security variant (that is, with or without the Secure boot).
Refer to the security overview for an introduction of the secure features available on STM32MP15, from the secure boot up to trusted applications execution.

STM32MP15 boot chain

Note:

3.2. ROM code[edit source]

The ROM code starts the processor in secure mode. It supports the FSBL authentication and offers authentication services to the FSBL.

3.3. First stage bootloader (FSBL)[edit source]

The FSBL is executed from the SYSRAM.
Among other things, this bootloader initializes (part of) the clock tree and the DDR controller. Finally, the FSBL loads the second-stage bootloader (SSBL) into the DDR external RAM and jumps to it.
The bootloader stage 2, so called TF-A BL2, is the Trusted Firmware-A (TF-A) binary used as FSBL on STM32MP15.

3.4. Second stage bootloader (SSBL)[edit source]

U-Boot is commonly used as a bootloader in embedded software and it is the one used on STM32MP15.

3.5. Linux[edit source]

Linux® OS is loaded in DDR by U-Boot and executed in the non-secure context.

3.6. Secure OS / Secure monitor[edit source]

The Cortex-A7 secure world supports OP-TEE secure OS.

3.7. Coprocessor firmware[edit source]

The coprocessor STM32Cube firmware can be started at the SSBL level by U-Boot with the remoteproc feature (rproc command) or, later, by Linux remoteproc framework, depending on the application startup time-targets.


Arm® is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere. Arm logo.png

Cortex®

First stage boot loader

Second stage boot loader

Read only memory

Doubledata rate (memory domain)

Random access memory (Early computer memories generally hadserial access. Memories where any given address can be accessed when desired were then called "random access" to distinguish them from the memories where contents can only be accessed in a fixed order. The term is used today for volatile random-acces ssemiconductor memories.)

Trusted firmware for Arm® Cortex®-A

Boot loader stage 2

Linux® is a registered trademark of Linus Torvalds.

Operating system

Das U-Boot -- the universal boot loader (see U-Boot)

Arm® is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere. Arm logo.png

Cortex®

First stage boot loader

Second stage boot loader

Read only memory

Doubledata rate (memory domain)

Random access memory (Early computer memories generally hadserial access. Memories where any given address can be accessed when desired were then called "random access" to distinguish them from the memories where contents can only be accessed in a fixed order. The term is used today for volatile random-acces ssemiconductor memories.)

Trusted firmware for Arm® Cortex®-A

Boot loader stage 2

Linux® is a registered trademark of Linus Torvalds.

Operating system

Das U-Boot -- the universal boot loader (see U-Boot)

Retrieved from "https://wiki.st.com/stm32mpu/index.php?title=STM32MP1_boot_chain_overview&oldid=100557"