Hi,
I have SBSFU working with my HW, which has a STM32U585, with some (minor) modifications to the B-U585I-IOT02A example.
I also have an application that I need to run with the secure bootloader (as the nonsecure app), developed by a wider team (lets call this our "user" app). This was developed to date without trustzone being enabled.
I can get the user app to begin to boot with the secure bootloader (so signing, addressing, startup, etc. are all OK). However, the user app runs out of RAM before doing anything useful, so I need to assign more RAM to the nonsecure app.
As far as I can see the U5 SBSFU example configures/assigns SRAM1 (192KB) to the nonsecure app, and SRAM2 (64KB) and part of SRAM3 (first 32KB) to the secure app. This leaves the remainder of SRAM3 (480KB) and SRAM4 (16KB) unassigned/unused.
A couple of questions:
- Our secure app doesn't require much RAM (does very little other than configuring the trustzone controller and MPU and booting the nonsecure app). Is there any reason not to assign SRAM4 to the secure app, and SRAM1/2/3 to the nonsecure app (it makes porting our existing user app easier if the RAM is contiguous)? Is this a valid config when trustzone is enabled (or is there something special about SRAM2 to say it can only be used with the secure app)?
- What needs to be done to assign SRAM2 and SRAM3 to the nonsecure app? Is it just a case of replicating the unsecure_sram1() function? Is there any example of doing this?
- We have the MPU enabled. If the RAM is contiguous will one MPU block be sufficient (despite the fact its across the three SRAM banks)?
- We have PSRAM on our HW, connected to an OCTO_SPI port (same part as on B-U585I-IOT02A). What needs to be done to assign this to the nonsecure app (so that it can be mapped, which we have working as expected when trustzone is not enabled)? Is there any example of doing this for the B-U585I-IOT02A board (or similar) with trustzone enabled?
Thanks,
RJH