cancel
Showing results for 
Search instead for 
Did you mean: 

Secure SPI on STM32MP157-DK1

simoBen47
Associate III

Hey everyone,

I am working on STM32MP157-DK1 with trustzone cortex-A.

I want to use SPI in secure side, but it's possible only with SPI6 that is not mapped to the outside.

It's possible to activate SPI (1 ... 5) peripherals in secure side ? if not, why ?

Best regards

4 REPLIES 4
PatrickF
ST Employee

Hello,

from HW point of view, only SPI6 could be set as only allowing trustzone secure access (using ETZPC settings).

There is no blocking point to use any SPI from secure SW (trustzone), but obviously they will not be protected from unwanted non-secure accesses.

On STM32MP157A-DK1 board, SPI6 could be made available on PZ0, PZ1 and PZ2 (secure GPIOs), but those signals are not available on a header (need to solder wires on U8 which is not populated on this board).

Another option is to use STM32MP157x-EV1 board where SPI6 could be made available on GPIO expansion connector of MB1262 board (same pins than SPI1)

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

Hi,

thanks a lot for your quick answer. It was my understanding (BTW I've ordered a EV1...)

When you say: "that any SPI from secure SW (trustzone), will not be protected from unwanted non-secure accesses". I understand from M4 point of view, but if the TF-A mapping is modified (configuring the memory region of SPI in TZ only) , the ARM7 core will not be allowed to access to this SPI. (not using EXTZC but the core itself)

Is it correct ?

This is true for Cortex-A7 alone as protection is done using MMU inside the core.

Nevertheless, any other master e.g. MDMA or DMA1/2 will not be protected to be set-up to access any non-secure area as their master accesses are not visible by the Cortex-A7 MMU.

Note that MDMA could be set to have all channel secure, but this will restrict a lot it's usage by Linux non-secure SW.

Note that if needed DMA1/2 could be restricted to be Cortex-M4 access only.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

Thank you. It's clear now.