2025-09-02 1:44 AM
Hi,
I'm working on the evalboard of the STM32H563. With a plain project I'm able to activate the memory mapped mode of a plugged nor-flash.
If I change the project to have Trustzone activated and divided the application in secure/non-secure part, I'm not able to activate the memory mapped mode. The communication to the flash is basically working because I can read the ID. The hal functions don't give any error, so I expect that everything should work.
Has anybody an idea what the problem can be?
Best regards,
Stefan
2025-09-09 1:04 PM
Stefan,
I have the same problem on an STM32U5G9 processor. I'm reading 0x00's from my flash in non-secure mode without any faults for secure access from non-secure. Flash is mapped to 0x9000'0000 through 0x9400'0000 via octospi1. I've seen some indication that the TrustZone security controller needs to have the watermark configuration set for external flash access but haven't had any success yet.
Have you made any progress on this? Anyone else have any guidance?
Thanks,
-Rob
2025-09-09 10:43 PM
If you go in CubeMx in menu Tools/Memory Management, have you added the OctoSpi memory range as a NS application region?
2025-09-10 12:40 AM
Hello,
In TrustZone environment, external memory should be mapped as non secure in SAU configuration.
If you leave SAU disabled at set ALLNS bit is should be enough because IDAU maps this region as non secure by default. If you enable SAU, then all memory is secure by default. You need then to create a SAU region for external memory and set it as non secure.
Second step, is the GTZC configuration. For external memories you need to setup the MPCWM.
In Table 31 of STM32U5 RM you can see which MPCWM to use. For instance of OSPI1 this is MPCWM1.
You have an example of usage of MPCWM here:
STM32Cube_FW_U5_V1.8.0\Projects\STM32U575I-EV\Examples\GTZC\GTZC_MPCWM_IllegalAccess_TrustZone\
Best regards
Jocelyn
2025-09-10 10:19 AM
My secure portion is actually a third party bootloader that doesn't appear to use CubeMX. I believe I have correctly added OctoSpi memory range as NS manually.
-Rob
2025-09-10 10:24 AM
Jocelyn,
I have modified the example you referenced for my specifics, but am not seeing the MPCWM registers change when I step through HAL_GTZC_TZSC_MPCWM_ConfigMemAttributes() with the IAR C-Spy debugger. I am building with STM32Cube_FW_V1.5.0. See code below.
Any suggestions?
Thanks,
-Rob
2025-09-12 8:32 AM
To close out my stm32u5g9 issue, I found that the STZC clock was not enabled. I also setup a separate SAU region just for the ospi from 0x9000'0000 to 0x9FFF'FFFF.
I am now able to read external flash from non-secure mode.
-Rob
2025-09-12 9:32 AM