2023-11-30 02:48 AM
Hi,
I'm trying to get access to the UID registers (address 0x0BFA0700UL) of the CPU with the above configuration from the non secure application. The secure fault callback is getting called. I have tried adding an entry in the boot code file low_level_security.c in the sau_init_cfg and region_cfg_init_ns arrays in an attempt to allow the non secure application to access this region.
This addition does not seem to help.
I would like to get access to these values in order to initialize the USB CDC device stack which uses this data in the device description. Obviously I have access to these registers in the boot code. In a TF-M project on the same hardware I pass this data to the application using the BOOT_TFM_SHARED_DATA_BASE.
Is it possible to make this data accessible to the non secure application without adding all the TF-M code? If so, can you, please, provide some pointer to how I should approach this to get the code working?
From a security point of view, is this approach adding vulnerability to the code? If it is, should I take a different path to make this data available to the non secure application?
Thanks,
Daniel
2023-11-30 02:28 PM
Hello @DPerr.2216 ,
There has been a case created to resolve this question and we will be reaching out to you directly.
Regards,
Roger
2023-12-01 07:57 AM
to get access to this register, you need to update the secure application SAU and to insure the MPU configured by SBSFU allows the application to access this range of address.
For the SAU update :
in the file
STM32Cube_FW_U5_V1.3.0\Projects\B-U585I-IOT02A\Applications\SBSFU\SBSFU_Appli\Secure\Inc\partition_stm32u5xx.h
You need to define
/*
// <e>Initialize SAU Region 6
// <i> Setup SAU Region 6 memory attributes
*/
#define SAU_INIT_REGION6 1
/*
// <o>Start Address <0-0xFFFFFFE0>
*/
#define SAU_INIT_START6 0xBFA0500 /* start address of SAU region 6 */
/*
// <o>End Address <0x1F-0xFFFFFFFF>
*/
#define SAU_INIT_END6 0xBFA14FF /* end address of SAU region 6 */
/*
// <o>Region is
// <0=>Non-Secure
// <1=>Secure, Non-Secure Callable
*/
#define SAU_INIT_NSC6 0
The for the MPU of the application, you need to modify the file :
STM32Cube_FW_U5_V1.3.0\Projects\B-U585I-IOT02A\Applications\SBSFU\SBSFU_Boot\Src\low_level_security.c
In the structure
const struct mpu_armv8m_region_cfg_t region_cfg_appli_ns[] __attribute__((section(".BL2_NoHdp_Data"))) = {
Please add a region 6
{
6,
PACKAGE_BASE,
(PACKAGE_BASE + 0xfff),
MPU_ARMV8M_MAIR_ATTR_DATANOCACHE_IDX,
MPU_ARMV8M_XN_EXEC_NEVER,
MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
MPU_ARMV8M_SH_NONE,
#ifdef FLOW_CONTROL
FLOW_STEP_MPU_NS_A_EN_R6,
FLOW_CTRL_MPU_NS_A_EN_R6,
FLOW_STEP_MPU_NS_A_CH_R6,
FLOW_CTRL_MPU_NS_A_CH_R6,
#endif /* FLOW_CONTROL *//
}
and for the associated flow control for example :
STM32Cube_FW_U5_V1.3.0\Projects\B-U585I-IOT02A\Applications\SBSFU\SBSFU_Boot\Inc\boot_hal_flowcontrol.h
#define FLOW_STEP_MPU_NS_A_EN_R6 0x00000000U
#define FLOW_STEP_MPU_NS_A_CH_R6 0x00000000U
#define FLOW_CTRL_MPU_NS_A_EN_R6 (FLOW_CTRL_MPU_NS_A_EN_R5 ^ FLOW_STEP_MPU_NS_A_EN_R6)
#define FLOW_CTRL_MPU_NS_A_CH_R6 (FLOW_CTRL_MPU_NS_A_CH_R5 ^ FLOW_STEP_MPU_NS_A_CH_R6)
2024-01-23 04:31 AM
Hello @Frantz LEFRERE @DPerr.2216 @Roger SHIVELY
Greetings
i have a similar requirement to access the UID of the microcontroller using the TFM Example(TFM_SBSFU_Boot, TFM_Appli(Secure+Non Secure) provided by ST package. Can the same steps be used or any file difference is applicable. Please suggest solutions
Thanks and Regards
Philip
2024-01-23 04:51 AM
2024-01-23 04:57 AM
Hello @Frantz LEFRERE
Thanks for your quick reply
Yes my target is STM32U585. one query is like i dont have a file in TFM_Appli_Secure-> partition_stm32u5xx.h. could you please guide where i have to add the contents from this file.(for SAU Update)
Thanks for your support
2024-01-23 05:05 AM
The SAU configuration is done by the TFM_SBSFU_Boot and not the Appli.
Please modify the TFM_SBSFU project.
2024-01-23 05:12 AM
Hi @Frantz LEFRERE
Thanks for the support
Will add the code portion that was shared above in the TFM_SBSFU_Boot project and will update.
Thanks again
Philip
2024-05-06 11:11 PM
Hi Frantz, I have a similar requirement and the solution provided by you worked straightforwardly until I made a slight change in U5 board linker file script.
By default Appli Non Secure was using SRAM(192KB) which got exhausted for my application so I switched to SRAM3 but it has a consequence that now I am not able to get UID_BASE.
In other words, previously ld conf was like below
MEMORY
{
FLASH (rx) : ORIGIN = NS_CODE_START, LENGTH = NS_CODE_SIZE
RAM (rwx) : ORIGIN = NS_DATA_START, LENGTH = NS_DATA_SIZE
}
which now is
MEMORY
{
FLASH (rx) : ORIGIN = NS_CODE_START, LENGTH = NS_CODE_SIZE
SRAM3 (rwx) : ORIGIN = _SRAM3_BASE_NS + SRAM3_S_SIZE, LENGTH = _SRAM3_SIZE_MAX
}
And boom, now UID_BASE stopped working. Any clue for this?