This single processor demo application shows how to do the TrustZone Partitioning. It is split into a secure and non-secure part. Using CMSIS-Zone, it generates:
The application itself shows how to implement calls between the secure and the non-secure part.
The LPC55S69.azone file of that project has the following configuration settings:
hello_world_s
and hello_worls_ns
CODE_NS
, Config
, CODE_S
, Veneer
, DATA_NS
, and DATA_S
The zones use different Flash and SRAM regions for code and data, but share Flash configuration registers. Peripherals, such as the system and IO configuration, as well as an UART are available in the secure world only. To generate the output, click on the Generate button in the Zone Editor tool bar. This creates the following files in the ftl_gen
directory:
Template File | Generated File | Description |
---|---|---|
dump_fzone.txt.ftl | dump_fzone.txt | Contains the complete model |
helper.ftlinc | N/A | Helper template file with FTL functions. |
mem_layout.h.ftl | mem_layout.h | Header file that contains the memory region definitions, for example for the linker scatter file. |
scatter_ns.sct.ftl | scatter_ns.sct | Example scatter file for the non-secure zone (currently not used in MDK). |
scatter_s.sct.ftl | scatter_s.sct | Example scatter file for the secure zone (currently not used in MDK). |
tzm_config_mpc.c.ftl | tzm_config_mpc.c | Setup of the memory protection controller (MPC). |
tzm_config_ppc.c.ftl | tzm_config_ppc.c | Setup of the peripheral protection controller (PPC). |
tzm_config_sau.c.ftl | tzm_config_sau.c | Configuration of the secure attribution unit (SAU) and the NVIC interrupt assignment. |
These files can be used in any IDE to create the final application. In the following, the usage in Arm Keil MDK is described.
The example project can be loaded, built and debugged in µVision by performing the following steps:
The multiproject workspace contains the secure hello_world_s
project and the non-secure hello_world_ns
project:
The projects use the files generated in CMSIS-Zone as follows:
File | Used in | Description |
---|---|---|
mem_layout.h | hello_world_s, hello_world_ns | Input for the scatter files. |
tzm_config_mpc.c | hello_world_s | Functions called from tzm_config.c |
tzm_config_ppc.c | hello_world_s | Functions called from tzm_config.c |
tzm_config_sau.c | hello_world_s | Functions called from tzm_config.c |
The scatter files hello_world_s.sct
and hello_world_ns.sct
are based on the original scatter files from NXP and are using a preinclude to mem_layout.h to get the information about the different memory regions.
As explained previously, the #defines in mem_layout.h
can be used to create generic scatter files that are easy to update once changes in the CMSIS-Zone project happen. Using the mem_layout.h file from CMSIS-Zone, the following scatter file is used in the secure hello_world
project:
During the system initialization, the function SystemInitHook is called. This is used when application specific code needs to be called as close to the reset entry as possible. In this example, this function calls BOARD_InitTrustZone, which calls the three TZM_Config_* functions: