FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RTOS on TrustZone MCU STM32U5

HirenThumar2702
Associate III

‎2023-04-18 09:46 PM - edited ‎2023-11-20 07:45 AM

Hello Support Team.

Good Day.

We have chosen the STM32U585ZIT6Q (-40C to 85C, LQFP -144 pins, with trust zone core) controller for our product.

According to the firmware architecture, we intend to create two separate partitions, one for safety-critical (non-upgradable area) and the other for non-safety-critical (Upgradable area)

So We enable Trust Zone mode and seprate safety-critical and non- safety-critical

I have a question about Trust zone mode, which I will address below.

1. Can I utilise RTOS for both safety-critical and non-safety-critical applications?

2. Can I use RTOS on safety-critical sections and Bear Metal on non-critical sections?

3. How to transmit data in an RTOS-based platform across safety-critical and non-safety-critical areas 

I used STM32CubeIDE (Version: 1.12.0) for development. I've seen RTOS-based selection, but I haven't seen the RTOS configuration parameter (safety-critical parts). I've provided a screenshot to this thread.

If you have any examples, please share them with us. 

Thanks

Hiren R. Thumar
_legacyfs_online_stmicro_images_0693W00000biNLNQA2.png 

0 Kudos
2 REPLIES 2
Bubbles
ST Employee

‎2023-04-20 08:32 AM

Hello @HirenThumar2702​ ,

I have few remarks on your choice.

1) Safety and security are two different things, often contradicting each other. For example default state in case of detected error may be different for safety-oriented application and for security oriented one. Are you sure you don't mistake one for another?

2) The usual use of the TrustZone isolation is that secure part is a secure boot (non-upgradeable) along with some cryptographic library, platform attestation or secure storage. The RTOS is usually running in non-secure part, only calling for secure services when needed.

There are two stacks, so it could be possible to have 2 RTOS, but why? There is no advantage in doing that, only problems.

I suggest to use TF-M based SBSFU for the secure part and RTOS of your choice for the rest.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
HirenThumar2702
Associate III

‎2023-04-24 10:16 PM

Hi,

Good day,

Thanks for your suggestion

As per your 1 ans:(we required isolation between two projects(two hex files) below I explained our firmware module

I've included a block diagram picture. According to the block diagram, we shall be regarded as modules for both safety-critical and non-safety-critical systems.

When we proceed with certification, we will present the CRC of the safety-critical flash zones. The safety-critical flash region CRC cannot change if I change the non-safety-critical code.

Therefore, I chose a Trustzone-based MCU since two separate projects will establish when I activated Trust Zone functionality. One is the critical section and the second is the non-critical section.

But as per my block diagram, we are considering the below module

List of Modules in the critical and supervisory section:

1. STM32U5/L5 HAL layer libraries

2. Fault handling module

3. ClassB safety library

4. Safety test modules

5. Metering

List of Modules in the non-critical section:

1. MCU-MPU communication thread

2. Authentication of user

3. LED driver

In the critical section, we have a lot of activity thus RTOS would make handling purposes easier. 

if you have any suggestions, please let me know.

Thanks 

Hiren R. Thumar

Preview file
48 KB
0 Kudos
Top