FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32L5: How to integrate STM32TrustZone and TF-M with my project

Errorr__
Associate

‎2025-02-11 09:24 AM - last edited on ‎2025-02-11 10:00 AM by

Hello everyone,

Security is a key requirement in my current project, and while researching security for embedded systems I came across STM32 TrustZone and Trusted Firmware‑M (TF‑M). I’m working with an STM32L5 series MCU (which supports both TrustZone and TF‑M) and have reviewed the “Getting Started with STM32CubeL5 TF‑M Application” document (UM2671) as well as the TF‑M SBSFU example provided by ST.

However, I have several questions as I try to customize and integrate these solutions into my project:

  1. Customizing the TF‑M Example:
    – The official TF‑M example (SBSFU-based) doesn’t include an IOC file. How can I customize or adapt this example for my project without an IOC file?
    – In other words, what’s the recommended approach to configure peripherals and other settings manually in the absence of STM32CubeMX’s IOC project file?

  2. Creating a New Project with TF‑M as an SDK:
    – If I start a new project from scratch, can I integrate TF‑M as an SDK or library?
    – What configurations (e.g., compiler flags, linker scripts, secure/non‑secure partition settings) are required to successfully include TF‑M into a new project?

  3. Moving X‑CUBE‑SUBG2 to the Secure World:
    – I’m currently using the X‑CUBE‑SUBG2 module for Sub‑GHz RF communication. I want to run this module in the secure world.
    – How do I modify my TF‑M project to move the X‑CUBE‑SUBG2 components (such as drivers and middleware) into the secure domain?
    – If I do move it to the secure world, will I need to create secure-to‑non‑secure gateway (NSC) functions to access its APIs from the non‑secure side? If so, what’s the proper way to implement these wrappers?

  4. Project Setup Order – TrustZone vs. TF‑M:
    – Am I approaching this correctly? Should I first configure the project to enable TrustZone and then integrate TF‑M, or is it better to set up TF‑M first and then configure TrustZone for the overall project?
    – What is the recommended process for setting up a project that requires both TrustZone and TF‑M support?

I’m fairly new to this area and would greatly appreciate any guidance, best practices, or pointers to additional documentation or examples that might help clarify these points.

Thank you in advance for your help!

Labels:
0 Kudos
0 REPLIES 0
Top