2025-01-06 05:02 PM
Hi,
I have enabled the HASH, RNG, and PKA. I also enabled the Global Trust Zone Controller and configured the PKA as privilege access. However, the generated code from STM32CubeMX does produce an error due to undefined
GTZC_CFGR3_PKA_Pos which is missing from stm32h523xx.h
Is that an error?
I have to mention that when I first created the project, I haven't check Trust Zone option under the project. But I later enabled the GTZC.
Kind Regards,
Hani
Solved! Go to Solution.
2025-01-10 08:42 AM
Hello @hakeila ,
I could reproduce your issue. It only occurs if you want to change the PKA setting to privilege.
I will raise an internal ticket for that.
Regarding the cryptographic library, this is a full software implementation. It does not use the hw accelerator. So, you shouldn't have any issue using it.
Best regards
Jocelyn
2025-01-07 08:46 AM
Hello @hakeila ,
Could you share the MX version as well as the ioc file you used to reproduce the issue.
as far as I recall there was an issue with MX missing some source files, but it was resolved.
and also, to make this statement clearer:
"I have to mention that when I first created the project, I haven't check Trust Zone option under the project. But I later enabled the GTZC."
is this meaning that you didn't select the option TrustZone enabled in CubeMX ?
Regards
2025-01-07 08:58 AM
Hello @hakeila ,
The STM32H523 does not support PKA, only STM32H533.
This is reason why this is not defined
Best regards
Jocelyn
2025-01-07 05:15 PM
So there is no PKA peripheral in STM32H523? If this is the case, this means that there is an error in CubeMX as I can see PKA module available and I can select it for my CubeMX project of STM32H523. And There are generated PKA source files generated together with HAL drivers.
Are you sure? PKA is mentioned to be available under STM32H523xx datasheet as shown in the snapshot I attached from the datasheet page.
Kind Regards,
Hani
2025-01-07 05:15 PM
2025-01-07 11:24 PM
Hello @hakeila ,
Sorry, my bad. The STM32H523 is the non crypto version of STM32H533. But it still contains a version of PKA, limited to ECDSA, that is mostly used to secure boot.
I suspect an issue in the stm32h523.h where PKA is not referenced in GTZC related registers, possibly because this addition of such limited PKA in a "non crypto" device is something new...
Best regards
Jocelyn
2025-01-08 02:25 PM - edited 2025-01-08 02:34 PM
Thank you so much for the clarification. Then it does make sense.
So, Will ST updates the stm32h523.h header file or should I manually add this config myself?
According to reference manual, the PKA priviledge config exists in GTZC config register 3 Bit 20. However this will be annoying to update everytime I regenerate the code after updating the MCU peripherals in CubeMX
I also would like to mention that ST did release a cryptographic library in Github as mentioned in
https://wiki.st.com/stm32mcu/wiki/Security:Introduction_to_the_cryptographic_library_with_STM32
I am wondering if there are any limitations in using it for STM32H523 especially ST mentioned that this library supports all Cortex-M from ST
Kind Regards,
Hani
2025-01-10 08:42 AM
Hello @hakeila ,
I could reproduce your issue. It only occurs if you want to change the PKA setting to privilege.
I will raise an internal ticket for that.
Regarding the cryptographic library, this is a full software implementation. It does not use the hw accelerator. So, you shouldn't have any issue using it.
Best regards
Jocelyn
2025-01-12 02:07 PM
Thank you so much for the confirmation. Looking forward to ST fix.
Regarding the ST Cryptographic library, it does contain stm32h5xx_hal_cryp(_ex).h files. I am guessing I can't particularly use these for STM32H523 MCU since there are no hardware accelerators for AES, am I right?
Or Can I import the crypto HAL drivers and use the library as is on STM32H523 regardless?
If this is possible, then I can the AES HAL together with mbedtls AES
Kind Regards,
Hani