cancel
Showing results for 
Search instead for 
Did you mean: 

H573 TrustZone Callable Secure Code

DPade.1
Associate III

Is it possible to call Secure (S) application code from Non-Secure (NS) application code with TrustZone on STM32H573?  I have not seen any examples of this from ST, so I want to know if it is possible or if there is some fundamental reason why not.

The idea is to re-use protected private keys for bi-directional authentication purposes.  For example, an ECDSA private key is stored in the S application.  The NS application could provide a message content in RAM and call the S application to generate the signature.  This would allow the NS application to generate signatures at runtime without direct access to the private key data. The effect would be like using the S application as a sort of software TPM.

The use-case would be to allow an external PC tool communicating with the device to determine that the device is genuine and authentic.

Further, this could be extended for AES data encryption/decryption.  The AES keys and/or implementation could be stored in the S application but be used to encrypt/decrypt data for the NS application.

If the above use-case is possible, what would be the ideal secure boot path for the H573 (ST-iROT + Secure Manager, ST-iROT + Secure App (w/o Secure Manager), or OEM-iROT)?

2 REPLIES 2
DPade.1
Associate III

I have found a way to do this though the ARM documentation:

https://developer.arm.com/documentation/100690/0201/Switching-between-Secure-and-Non-secure-states

I have also run across some other macros provided by ARM which can facilitate this (I'm sure there are some other related macros as well):

__attribute__((cmse_nonsecure_call))
cmse_nsfptr_create(callback)

 So it seems what I intend to do is perfectly possible with TrustZone.  The question remains, does ST Secure Manager provide any built-in API to accomplish these same sorts of tasks, or do I need to develop my own secure application so I can provide the needed API?

Jocelyn RICARD
ST Employee

Hello @DPade.1 ,

you well understood what TrustZone can be used for !

There is no specific example for that.

You can still have a look to 

STM32Cube_FW_H5_V1.2.0\Projects\NUCLEO-H563ZI\Examples\RTC\RTC_TrustZone\

where a secure service is defined in secure_nsc.c

I would suggest you have a look to video resources related to TrustZone no only on H5 as TrustZone is related to Cortex-M33 available also on STM32L5, STM32U5 and STM32WBA.

Regarding device identification, this is one of the services provided by the Secure Manager.

Please check the wiki pages related to secure manager and especially this one.

You can see how it works in cloud connectivity packages 

Best regards

Jocelyn