FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secure SPI on STM32MP157-DK1

simoBen47
Associate III

‎2019-09-09 04:53 AM

Hey everyone,

I am working on STM32MP157-DK1 with trustzone cortex-A.

I want to use SPI in secure side, but it's possible only with SPI6 that is not mapped to the outside.

It's possible to activate SPI (1 ... 5) peripherals in secure side ? if not, why ?

Best regards

Labels:
0 Kudos
4 REPLIES 4
PatrickF
ST Employee

‎2019-09-09 05:24 AM

Hello,

from HW point of view, only SPI6 could be set as only allowing trustzone secure access (using ETZPC settings).

There is no blocking point to use any SPI from secure SW (trustzone), but obviously they will not be protected from unwanted non-secure accesses.

On STM32MP157A-DK1 board, SPI6 could be made available on PZ0, PZ1 and PZ2 (secure GPIOs), but those signals are not available on a header (need to solder wires on U8 which is not populated on this board).

Another option is to use STM32MP157x-EV1 board where SPI6 could be made available on GPIO expansion connector of MB1262 board (same pins than SPI1)

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
0 Kudos
simoBen47
Associate III
In response to PatrickF

‎2019-09-09 06:10 AM

Hi,

thanks a lot for your quick answer. It was my understanding (BTW I've ordered a EV1...)

When you say: "that any SPI from secure SW (trustzone), will not be protected from unwanted non-secure accesses". I understand from M4 point of view, but if the TF-A mapping is modified (configuring the memory region of SPI in TZ only) , the ARM7 core will not be allowed to access to this SPI. (not using EXTZC but the core itself)

Is it correct ?

0 Kudos
PatrickF
ST Employee
In response to simoBen47

‎2019-09-09 06:19 AM

This is true for Cortex-A7 alone as protection is done using MMU inside the core.

Nevertheless, any other master e.g. MDMA or DMA1/2 will not be protected to be set-up to access any non-secure area as their master accesses are not visible by the Cortex-A7 MMU.

Note that MDMA could be set to have all channel secure, but this will restrict a lot it's usage by Linux non-secure SW.

Note that if needed DMA1/2 could be restricted to be Cortex-M4 access only.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
0 Kudos
simoBen47
Associate III
In response to simoBen47

‎2019-09-09 07:22 AM

Thank you. It's clear now.

0 Kudos
Top