FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CMSIS cmox_mac_compute() with trustzone on Secure CRC peripheral

TMO
Associate

‎2025-10-27 8:14 AM

Hello , 

I am trying to calculate a MAC using `cmox_mac_compute()` from this lib on an STM32L562 in the Secure code.

The code looks like this :

auto r = cmox_initialize(NULL); /*default template with stm32l5xx.h included*/
auto ret = cmox_mac_compute(CMOX_CMAC_AES_ALGO,
	                       in, in_s,
	                       key, 16,
	                       NULL, 0,
	                       out, 16, NULL);

This exact code works when run on non secure mode if everything is set as non secure in stm32CubeMX.
I tried to debug the library to understand what was wrong and found out that the issue comes from the fact that cmox_mac_compute tries to access my crc peripheral from 0x40023000 instead of 0x50023000 (CRC non secure and secure addresses).
I am also almost sure that my GTZ and SAU are correctly set because i was able to write at address 0x50023000 and not at 0x40023000 when running from Secure code.

I also have :

CRC_BASE_S => 0x50023000
CRC_BASE_NS => 0x40023000
CRC_BASE => 0x50023000

So this looks fine. I also tried to forcefuly set CRC_BASE_NS to 0x50023000 but the cmac calculation was wrong again (still the same as when it doesn't work).

Because of these reasons , i guess that CMSIS isn't using CRC_BASE but an instance or something not directly linked to CRC_BASE.

I suppose that has to be done in 'cmox_initialize' or something similar but couldn't find anything to set the address or the mode to 'Secure execution context' so the library accesses the CRC through its secure address.

Also , i am effectively compiling the secure version in the secure elf and the same goes for non secure.

Can anyone help reguarding this matter ?  

Labels:
3 REPLIES 3
MaxenceV
Associate II

‎2025-10-29 3:28 AM

Hi @TMO,

I also encoutered this issue a few weeks ago. However, I have not found a solution yet. I am also interested if anyone can provide help.

 

Maxence V

0 Kudos
Ethan HUANG
ST Employee

‎2025-10-30 2:43 AM

@TMO Please share your complete project (including all the files generated by CubeMX as well as IOC) for our analysis. 

0 Kudos
TMO
Associate
In response to Ethan HUANG

‎2025-10-30 3:37 AM

Thank you for your response.

Unfortunately i can't share the code as it is a corporate work.

However , i actually found a workaround.

I unpacked 'libSTM32Cryptographic_CM33_MOD.a' from the library I linked.

then replaced the '0x3F003501' occurence in cmox_init.c.o by  '0x4F003501' to offset CRC access address by 0x10000000 and access it via '0x50023000' and not '0x40023000' (via secure address and not non secure address). and it seems to work rather well.

I feel that it is because the library (CMSIS lib) was compiled for Non-Secure code and not for Secure code.
Because CRC addresses are set through defines in stm32L5 HALs. And my secure CRC access was working properly outside of the CMSIS library. Also , setting the CRC's Non secure address to 0x50023000 wasn't helping either.

Also , I think I found an minor error in the STM32L5 reference manual (RM0438 Rev8) in sec. 6.9.10 page 223
the BIT0 SECCR_SECPG description mentions Non secure programming.  I see you are an ST employee so i take this chance to mention it.

0 Kudos
Top