cancel
Showing results for 
Search instead for 
Did you mean: 

GTZC and PKA privileged config

hakeila
Associate III

Hi,

 

I have enabled the HASH, RNG, and PKA. I also enabled the Global Trust Zone Controller and configured the PKA as privilege access. However, the generated code from STM32CubeMX does produce an error due to undefined 

GTZC_CFGR3_PKA_Pos which is missing from stm32h523xx.h

 

Is that an error? 

 

I have to mention that when I first created the project, I haven't check Trust Zone option under the project. But I later enabled the GTZC.


Kind Regards,

Hani

1 ACCEPTED SOLUTION

Accepted Solutions
Jocelyn RICARD
ST Employee

Hello @hakeila ,

I could reproduce your issue. It only occurs if you want to change the PKA setting to privilege.

I will raise an internal ticket for that.

 Regarding the cryptographic library, this is a full software implementation. It does not use the hw accelerator. So, you shouldn't have any issue using it.

Best regards

Jocelyn

View solution in original post

8 REPLIES 8
STea
ST Employee

Hello @hakeila ,

Could you share the MX version as well as the ioc file you used to reproduce the issue.
as far as I recall there was an issue with MX missing some source files, but it was resolved.
and also, to make this statement clearer:

"I have to mention that when I first created the project, I haven't check Trust Zone option under the project. But I later enabled the GTZC."
is this meaning that you didn't select the option TrustZone enabled in CubeMX ?
Regards 

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Hello @hakeila ,

The STM32H523 does not support PKA, only STM32H533.

This is reason why this is not defined

Best regards

Jocelyn

Hi @Jocelyn RICARD 

 

So there is no PKA peripheral in STM32H523? If this is the case, this means that there is an error in CubeMX as I can see PKA module available and I can select it for my CubeMX project of STM32H523. And There are generated PKA source files generated together with HAL drivers.

Are you sure? PKA is mentioned to be available under STM32H523xx datasheet as shown in the snapshot I attached from the datasheet page.

Kind Regards,

Hani

 

 

 

Hi @STea ,

 

I will send you my .ioc file in private message

Hello @hakeila ,

Sorry, my bad. The STM32H523 is the non crypto version of STM32H533. But it still contains a version of PKA, limited to ECDSA, that is mostly used to secure boot.

I suspect an issue in the stm32h523.h where PKA is not referenced in GTZC related registers, possibly because this addition of such limited PKA in a "non crypto" device is something new...

Best regards

Jocelyn

 

hakeila
Associate III

Hi @Jocelyn RICARD 

 

Thank you so much for the clarification. Then it does make sense.

 

So, Will ST updates the stm32h523.h header file or should I manually add this config myself?

 

According to reference manual, the PKA priviledge config exists in GTZC config register 3 Bit 20. However this will be annoying to update everytime I regenerate the code after updating the MCU peripherals in CubeMX

 

I also would like to mention that ST did release a cryptographic library in Github as mentioned in 

https://wiki.st.com/stm32mcu/wiki/Security:Introduction_to_the_cryptographic_library_with_STM32

 

I am wondering if there are any limitations in using it for STM32H523 especially ST mentioned that this library supports all Cortex-M from ST

 

Kind Regards,

Hani  

Jocelyn RICARD
ST Employee

Hello @hakeila ,

I could reproduce your issue. It only occurs if you want to change the PKA setting to privilege.

I will raise an internal ticket for that.

 Regarding the cryptographic library, this is a full software implementation. It does not use the hw accelerator. So, you shouldn't have any issue using it.

Best regards

Jocelyn

Hi @Jocelyn RICARD 

 

Thank you so much for the confirmation. Looking forward to ST fix.

 

Regarding the ST Cryptographic library, it does contain stm32h5xx_hal_cryp(_ex).h files. I am guessing I can't particularly use these for STM32H523 MCU since there are no hardware accelerators for AES, am I right?

 

Or Can I import the crypto HAL drivers and use the library as is on STM32H523 regardless?

 

If this is possible, then I can the AES HAL together with mbedtls AES 

 

Kind Regards,
Hani