CMSIS-Zone  
System Resource Management
 
Loading...
Searching...
No Matches
STMicroelectronics STM32L5

This single processor demo application shows how to do the TrustZone Partitioning. It is split into a secure and non-secure part. Using CMSIS-Zone, it generates:

  • A header file that contains #defines to control the various linker scatter files (and might be used in other parts of the application).
  • The SystemIsolation_Config.c header file that contains memory protection controller (MPC) and peripheral protection controller (PPC) and related interrupt setup.
  • The partition_gen.h header file that contains the secure attribution unit (SAU) setup and the NVIC configuration for secure/non-secure.

The application itself shows how to implement calls between the secure and the non-secure part.

Using the CMSIS-Zone project

  • Import the project "Examples\STM32L5\Zone" into the CMSIS-Zone utility
  • Open the STM32L5.azone file
  • Generate the related output files

The STM32L5.azone file of that project has the following configuration settings:

The zones use different Flash and SRAM regions for code and data, but share Flash configuration registers. Peripherals, such as the system and IO configuration, as well as an UART are available in the secure world only. To generate the output, click on the Generate button in the Zone Editor tool bar. This creates the following files in the ftl_gen directory:

Template File Generated File Description
dump_fzone.txt.ftl dump_fzone.txt Contains the complete model
helper.ftlinc N/A Helper template file with FTL functions.
mem_layout.h.ftl mem_layout.h Header file that contains the memory region definitions, for example for the linker scatter file.
partition_gen.h.ftl partition_gen.h Configuration of the secure attribution unit (SAU) and the NVIC interrupt assignment.
SystemIsolation_Config.c.ftl SystemIsolation_Config.c Setup of the MPC and PPC.
scatter_ns.sct.ftl scatter_ns.sct Example scatter file for non-secure zone.
scatter_s.sct.ftl scatter_s.sct Example scatter file for secure zone.

These files can be used in any IDE to create the final application. In the following, the usage in Arm Keil MDK is described.

Using the MDK project

The example project can be loaded, built and debugged in µVision by performing the following steps:

  1. Navigate to Examples/STM32L5/MDK
  2. Open the multi-project workspace blinky.uvmpw
  3. Optional: Update the generated files by executing the copy_gen.bat scripts in blinky_s\mdk and blinky_ns\mdk folders.
  4. Run the batch build in MDK. Both projects, blinky_s and blinky_ns need to be compiled in order.

MDK project setup

The multiproject workspace contains the secure blinky_s project and the non-secure blinky_ns project:

The projects use the files generated in CMSIS-Zone as follows:

File Used in Description
mem_layout.h blinky_s, blinky_ns Input for the linker scatter files.
partition_gen.h blinky_s Configuration of the secure attribution unit (SAU) and the NVIC interrupt assignment. This file is included in the partition_stm32l5xx.h header file.
SystemIsolation_Config.c blinky_s Setup of the MPC and PPC.
blinky_ns.sct blinky_ns Scatter file for non-secure zone (initally based on generated file).
blinky_s.sct blinky_s Scatter file for secure zone (initally based on generated file).
Note
If you want to learn more about the general project layout for an Armv8-M project using TrustZone, refer to Keil Application Note 291.

blinky_s.sct

As explained previously, the #defines in mem_layout.h can be used to create generic scatter files that are easy to update once changes in the CMSIS-Zone project happen. Using the mem_layout.h file from CMSIS-Zone, the following scatter file is used in the secure blinky project, which is based on the generated scatterf file (scatter_s.sct):

; Use Arm compiler 6 to pre-process the scatter file and pull in the defines from the mem_layout.h file:
#! armclang -E --target=arm-arm-none-eabi -mcpu=cortex-m33 -I../ -xc
#include "mem_layout.h"
; *------- <<< Use Configuration Wizard in Context Menu >>> ------------------
;<h> Stack Configuration
; <o> Stack Size (in Bytes) <0x0-0xFFFFFFFF:8>
;</h>
#define STACK_SIZE 0x400
;<h> Heap Configuration
; <o> Heap Size (in Bytes) <0x0-0xFFFFFFFF:8>
;</h>
#define HEAP_SIZE 0xC00
; *-------------- <<< end of configuration section >>> -----------------------
LR_CODE_S REGION_CODE_S_START REGION_CODE_S_SIZE {
ER_CODE_S REGION_CODE_S_START REGION_CODE_S_SIZE {
(RESET,+FIRST)
(InRoot$$Sections)
.ANY (+RO +XO)
}
RW_DATA_S REGION_DATA_S_START REGION_DATA_S_SIZE-HEAP_SIZE-STACK_SIZE {
.ANY (+RW +ZI)
}
#if HEAP_SIZE>0
ARM_LIB_HEAP REGION_DATA_S_START+REGION_DATA_S_SIZE-HEAP_SIZE-STACK_SIZE EMPTY HEAP_SIZE {
}
#endif
#if STACK_SIZE>0
ARM_LIB_STACK REGION_DATA_S_START+REGION_DATA_S_SIZE-STACK_SIZE EMPTY STACK_SIZE {
}
#endif
}
LR_Veneer REGION_VENEER_START REGION_VENEER_SIZE {
ER_Veneer REGION_VENEER_START REGION_VENEER_SIZE {
*(Veneer$$CMSE)
}
}

The partition_gen.h header file contains Configuration Wizard annotation so that it can be viewed in a graphical window: