FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SBSFU | KMS and X509 support | RAM usage by SE

Go to solution
Jakub Standarski
Associate III

‎2024-02-08 09:47 AM

Hello all,
Quick question. Why does Secure Engine (SE) consume so much RAM for projects supporting KMS and X509? In sample projects, by default it's around 120 [kB] of RAM assigned for SE. For purely "building" purposes we decreased it down to 36 [kB] and it builds successfully, but still wondering why by default it's so much?

 

PS. Yes, that question might seem dumb, but we are trying to find out what's the RAM consumption by SE.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Jocelyn RICARD
ST Employee

‎2024-02-20 01:14 AM

Hello @Jakub Standarski,

the reason for using that much memory is because of the  workaround needed to avoid an issue related to the firewall IP itself.

This issue is described in the errata sheet ES0393 chapter 2.4.2 Spurious Firewall reset.

You can also find in Projects\B-L4S5I-IOT01A\Applications\2_Images_KMS\Linker_Common\STM32CubeIDE\mapping_sbsfu.ld the explanation and some details about this workaround.

/* RAM section */
/* SE RAM1 region protected by firewall */
/* SE stack is placed 1st in RAM, stack overflow does not write on other RAM area */
__ICFEDIT_SE_region_RAM_start__     = 0x20000000;
__ICFEDIT_SE_region_RAM_stack_top__ = 0x20002000;
__ICFEDIT_SE_region_RAM_end__       = 0x2001FFBF;

/* See errata sheet: ES0393 - Rev 6 - October 2019                                                                              */
/* Only 128 Kbytes - 1 byte and with the 6 lowest bits set to 0 of SRAM1 can be protected by the firewall instead of the full memory space (192 Kbytes of SRAM1). */
/* Use SRAM2 or SRAM3 as system RAM and avoid accessing SRAM1 before any access to an address outside the protected SRAM1 area,                                   */
/* of which the 18 LSBs correspond to an address within the protected SRAM1 area.                                                                                 */
/* So we declare all SRAM1 to avoid spurious Firewall reset but only 0x1FFC0 bytes can be actually used (under Firewall).                                         */
__ICFEDIT_SE_region_SRAM1_do_not_use_start__ = 0x2001FFC0;
__ICFEDIT_SE_region_SRAM1_do_not_use_end__   = 0x2002FFFF; /* 0x10040 bytes we cannot use to avoid spurious firewall reset */

/* SBSFU RAM dummy memory access: See errata sheet: ES0393 - Rev 6 - October 2019 :                */
/* - if multiple RAM banks are available: select another RAM bank than the RAM bank used by FWALL  */
/*   AND                                                                                           */
/* - select a memory range with 18 LSB outside the 18 LSB range protected by FWALL                 */
__ICFEDIT_SB_region_RAM_dummy_access_start__ = 0x20030000;
__ICFEDIT_SB_region_RAM_dummy_access_end__   = __ICFEDIT_SB_region_RAM_dummy_access_start__ + 3;

 

Best regards

Jocelyn

View solution in original post

3 REPLIES 3
Go to solution
CMYL
ST Employee

‎2024-02-12 12:50 PM

Hello @Jakub Standarski 

Can you please provide the STM32 Family and the path to the SE project ? One of the following projects I guess: ~\STM32CubeExpansion_SBSFU_V2.6.2\Projects\B-L4S5I-IOT01A\Applications\2_Images_KMS      or   2_Images_STSAFE

 

Best Regards

0 Kudos
Go to solution
Jocelyn RICARD
ST Employee

‎2024-02-20 01:14 AM

Hello @Jakub Standarski,

the reason for using that much memory is because of the  workaround needed to avoid an issue related to the firewall IP itself.

This issue is described in the errata sheet ES0393 chapter 2.4.2 Spurious Firewall reset.

You can also find in Projects\B-L4S5I-IOT01A\Applications\2_Images_KMS\Linker_Common\STM32CubeIDE\mapping_sbsfu.ld the explanation and some details about this workaround.

/* RAM section */
/* SE RAM1 region protected by firewall */
/* SE stack is placed 1st in RAM, stack overflow does not write on other RAM area */
__ICFEDIT_SE_region_RAM_start__     = 0x20000000;
__ICFEDIT_SE_region_RAM_stack_top__ = 0x20002000;
__ICFEDIT_SE_region_RAM_end__       = 0x2001FFBF;

/* See errata sheet: ES0393 - Rev 6 - October 2019                                                                              */
/* Only 128 Kbytes - 1 byte and with the 6 lowest bits set to 0 of SRAM1 can be protected by the firewall instead of the full memory space (192 Kbytes of SRAM1). */
/* Use SRAM2 or SRAM3 as system RAM and avoid accessing SRAM1 before any access to an address outside the protected SRAM1 area,                                   */
/* of which the 18 LSBs correspond to an address within the protected SRAM1 area.                                                                                 */
/* So we declare all SRAM1 to avoid spurious Firewall reset but only 0x1FFC0 bytes can be actually used (under Firewall).                                         */
__ICFEDIT_SE_region_SRAM1_do_not_use_start__ = 0x2001FFC0;
__ICFEDIT_SE_region_SRAM1_do_not_use_end__   = 0x2002FFFF; /* 0x10040 bytes we cannot use to avoid spurious firewall reset */

/* SBSFU RAM dummy memory access: See errata sheet: ES0393 - Rev 6 - October 2019 :                */
/* - if multiple RAM banks are available: select another RAM bank than the RAM bank used by FWALL  */
/*   AND                                                                                           */
/* - select a memory range with 18 LSB outside the 18 LSB range protected by FWALL                 */
__ICFEDIT_SB_region_RAM_dummy_access_start__ = 0x20030000;
__ICFEDIT_SB_region_RAM_dummy_access_end__   = __ICFEDIT_SB_region_RAM_dummy_access_start__ + 3;

 

Best regards

Jocelyn

Go to solution
Jakub Standarski
Associate III

‎2024-02-20 06:24 AM

Much appreciated! That explains everything.

Top