Last edited one month ago

STM32MP25 OP-TEE overview

Applicable for STM32MP25x lines

This section gives an overview of OP-TEE core drivers (UPPERCASE in the figure) implemented for the STM32MP25 support, with their respective software frameworks (lowercase in the figure).

On STM32MP25x lines More info.png, when Cortex-A35 main processor mode is selected, OP-TEE is the main TEE of the platform.
It is running in Cortex-A35 secure context (EL2S and EL1S execution level). It is associated to TF-A BL31 secure monitor which is running in Cortex-A35 EL3 and which is providing Cortex-A35 cluster low power functionalities via PSCI interface.

OP-TEE is in charge of:

  • System resources management:
    • Internal and external regulators
    • Clock tree (PLLs and Root clocks)
    • System peripheral clock gating
    • Oscillators calibration
    • Firewall configuration and dynamic management
    • OTP access
    • RNG access
    • Wakeup pins
  • Secure services
    • Cryptography via Global Platform (GP) API
    • PKCS#11
    • Trusted UI
    • StMM for secure UEFI
    • fTPM (firmware TPM) for TPM2 services
    • OTP for provisioning
    • SecCopro for secure coprocessor management

Like mentioned STM32 MPU OP-TEE overview, the different features can be independently activated according to customer needs.

The following figure provides an overview of STM32MP25x lines More info.png OP-TEE.

The components are grouped per functional domains.
Each OP-TEE framework is further described in OP-TEE secure OS category articles.
Each STM32 MPU peripheral is introduced in peripherals overview articles.
Both those sections are reusing the same functional domain split.

The color code, explained in the legend, allows to see the code origin for each component.

Zoom out to OpenSTLinux distribution

STM32MP25 OP-TEE overview.png

OpenSTLinux BSP legend.png