STMicroelectronics STM32L5

This single processor demo application shows how to do the TrustZone Partitioning. It is split into a secure and non-secure part. Using CMSIS-Zone, it generates:

• A header file that contains #defines to control the various linker scatter files (and might be used in other parts of the application).
• The SystemIsolation_Config.c header file that contains memory protection controller (MPC) and peripheral protection controller (PPC) and related interrupt setup.
• The partition_gen.h header file that contains the secure attribution unit (SAU) setup and the NVIC configuration for secure/non-secure.

The application itself shows how to implement calls between the secure and the non-secure part.

Using the CMSIS-Zone project

• Import the project "Examples\STM32L5\Zone" into the CMSIS-Zone utility
• Open the STM32L5.azone file
• Generate the related output files

The STM32L5.azone file of that project has the following configuration settings:

• Added the zones blinky_s and blinky_ns
• Created the memory regions CODE_NS, CODE_S, Veneer, DATA_NS, and DATA_S
• Selected various memory regions and peripherals for using in the different zones:
  

The zones use different Flash and SRAM regions for code and data, but share Flash configuration registers. Peripherals, such as the system and IO configuration, as well as an UART are available in the secure world only. To generate the output, click on the Generate button in the Zone Editor tool bar. This creates the following files in the ftl_gen directory:

Template File	Generated File	Description
dump_fzone.txt.ftl	dump_fzone.txt	Contains the complete model
helper.ftlinc	N/A	Helper template file with FTL functions.
mem_layout.h.ftl	mem_layout.h	Header file that contains the memory region definitions, for example for the linker scatter file.
partition_gen.h.ftl	partition_gen.h	Configuration of the secure attribution unit (SAU) and the NVIC interrupt assignment.
SystemIsolation_Config.c.ftl	SystemIsolation_Config.c	Setup of the MPC and PPC.
scatter_ns.sct.ftl	scatter_ns.sct	Example scatter file for non-secure zone.
scatter_s.sct.ftl	scatter_s.sct	Example scatter file for secure zone.

These files can be used in any IDE to create the final application. In the following, the usage in Arm Keil MDK is described.

Using the MDK project

The example project can be loaded, built and debugged in µVision by performing the following steps:

1. Navigate to Examples/STM32L5/MDK
2. Open the multi-project workspace blinky.uvmpw
3. Optional: Update the generated files by executing the copy_gen.bat scripts in blinky_s\mdk and blinky_ns\mdk folders.
4. Run the batch build in MDK. Both projects, blinky_s and blinky_ns need to be compiled in order.

MDK project setup

The multiproject workspace contains the secure blinky_s project and the non-secure blinky_ns project:

The projects use the files generated in CMSIS-Zone as follows:

File	Used in	Description
mem_layout.h	blinky_s, blinky_ns	Input for the linker scatter files.
partition_gen.h	blinky_s	Configuration of the secure attribution unit (SAU) and the NVIC interrupt assignment. This file is included in the partition_stm32l5xx.h header file.
SystemIsolation_Config.c	blinky_s	Setup of the MPC and PPC.
blinky_ns.sct	blinky_ns	Scatter file for non-secure zone (initally based on generated file).
blinky_s.sct	blinky_s	Scatter file for secure zone (initally based on generated file).

Note

If you want to learn more about the general project layout for an Armv8-M project using TrustZone, refer to Application Note 291.

blinky_s.sct

As explained previously, the #defines in mem_layout.h can be used to create generic scatter files that are easy to update once changes in the CMSIS-Zone project happen. Using the mem_layout.h file from CMSIS-Zone, the following scatter file is used in the secure blinky project, which is based on the generated scatterf file (scatter_s.sct):

; Use Arm compiler 6 to pre-process the scatter file and pull in the defines from the mem_layout.h file:
#! armclang -E --target=arm-arm-none-eabi -mcpu=cortex-m33 -I../ -xc

#include "mem_layout.h"

; *------- <<< Use Configuration Wizard in Context Menu >>> ------------------

;<h> Stack Configuration
;  <o> Stack Size (in Bytes) <0x0-0xFFFFFFFF:8>
;</h>
#define STACK_SIZE 0x400

;<h> Heap Configuration
;  <o> Heap Size (in Bytes) <0x0-0xFFFFFFFF:8>
;</h>
#define HEAP_SIZE 0xC00

; *-------------- <<< end of configuration section >>> -----------------------
LR_CODE_S REGION_CODE_S_START REGION_CODE_S_SIZE {
  ER_CODE_S REGION_CODE_S_START REGION_CODE_S_SIZE {
      (RESET,+FIRST)
      (InRoot$$Sections)
    .ANY (+RO +XO)
  }
  RW_DATA_S REGION_DATA_S_START REGION_DATA_S_SIZE-HEAP_SIZE-STACK_SIZE {
    .ANY (+RW +ZI)
  }
#if HEAP_SIZE>0
  ARM_LIB_HEAP REGION_DATA_S_START+REGION_DATA_S_SIZE-HEAP_SIZE-STACK_SIZE EMPTY HEAP_SIZE {
  }
#endif
#if STACK_SIZE>0
  ARM_LIB_STACK REGION_DATA_S_START+REGION_DATA_S_SIZE-STACK_SIZE EMPTY STACK_SIZE {
  }
#endif
}
LR_Veneer REGION_VENEER_START REGION_VENEER_SIZE {
  ER_Veneer REGION_VENEER_START REGION_VENEER_SIZE {
     (Veneer$$CMSE)
  }
}

The partition_gen.h header file contains Configuration Wizard annotation so that it can be viewed in a graphical window: