cancel
Showing results for 
Search instead for 
Did you mean: 

Using OSPI from non-secure with Trusted Firmware on STM32u585

taunboel
Associate II

Hello, I've been trying to build an application with Trusted Firmware and using Zephyr RTOS for the non-secure application i'm using b_u585i_iot02a board. After i build my application, the OSPI is not working anymore from my non-secure application. I can see from AN5247 and RM0456 that the default security state of the OSPI banks when building with trusted firmware is secure, which then makes sense. So my question is: Is it true that the OSPI is non acccessible from non-secure application when building with trusted firmware pr. default?

And if yes, how can i disable this so i'm able to use it from my non-secure application as before?

4 REPLIES 4
CMYL
ST Employee

Hello,

My understanding of RM0456 Table 28. MPCWM resource assignment ans "Figure 15. GTZC in Armv8-M subsystem block diagram" external memory can be configured as sec or nsec using GTZC/MPCWMx.

For setting OCTOSPIx as secure or non-secure refer to 5.6.4 GTZC1 TZSC secure configuration register 3 (GTZC1_TZSC_SECCFGR3)

Best Regards,

Younes

taunboel
Associate II

Hey again @Younes LAHBIB​ ,

i now have had some time to dig on this subject and for what i can see when i read out the value of the GTZC1_TZSC_SECCFGR3 and the GTZC1_TZSC_PRIVCFGR3 register (both from secure and non secure) i get 0's on bits corresponding to the security access/priviledge level on the OCTOSPI, which means that the access/privilidge on the OCTOSPI should be non-secure and unprivileged. Which means, as far as I understand, that i should be able to use the OCTOSPI as normal from my non-secure Zephyr Application. I'm still getting an write enable failed error from the non-secure flash driver, which is working, when i'm building and flashing without TF-M/TZEN enabled. Is there something that i'm missing or misunderstanding?

Best Regards,

Tobias

CMYL
ST Employee

Hey again,

We are still analyzing this issue.

Can you dump the registers when the issue happened ?

We asked if you see any security violation like ILA or hard fault when write enabled failed ?

Best regards,

Younes

taunboel
Associate II

Hey again @Younes LAHBIB​ thanks for getting back to me regarding this issue.

I have attached a dump of the GTZC1_TZC, OCTOSPI2, GTZC1_TZIC registers around when the Error inside the driver (stm32u5xx_hal_ospi.c) in the function HAL_OSPI_AutoPolling is happening. I have just dumped the registers in my gdb debug session, so sorry if the format isn't so pretty, but it's readable.

I don't see any secure violation like hard fault or anything in the TZIC registers, which is also wondering me a bit.

Let me now if it's not enough info or i can provide you with anything else.

Best Regards,

Tobias