8 Code generation with TrustZone enabled (STM32L5 series only)

  • A first core booting executing from flash, loads the second core code to the SRAM then enables the second core to boot.

STM32CubeMX uses template files delivered with STM32CubeH7 MCU packages as reference.

Code generation with TrustZone enabled (STM32L5 series only)

8 Code generation with TrustZone enabled (STM32L5 series only)

In STM32CubeMX project manager view, all project generation options remain available.

However, the choice of toolchains is limited to the IDEs/compilers supporting the Cortex ® -M33 core:

  • EWARM v8.32 or higher

  • MDK-ARM v5.27 or higher (ARM compiler 6)

  • STM32CubeIDE (GCC v4.2 or higher)

  • Makefile (GCC v4.2 or higher)

Upon product selection, STM32CubeMX requires to choose between enabling TrustZone or not.

  • When TrustZone is enabled, STM32CubeMX generates two C projects: one secure and one nonsecure. After compilation, two images are available for download, one for each context.

  • When TrustZone is disabled, STM32CubeMX generates a nonsecure C project, as for other products not supporting it.

Specificities

When TrustZone is enabled, the project generation must be adjusted to ensure that secure and nonsecure images can be built.

Figure 581. Building secure and nonsecure images with ARMv8-M TrustZone

../../../../_images/image7470.webp

Code generation with TrustZone enabled (STM32L5 series only)

When TrustZone is enabled for the project, STM32CubeMX generates three folders:

  • NonSecure for nonsecure code

  • Secure for secure code

  • Secure_nsclib for nonsecure callable region

See Figure 582 (use TZ_BasicStructure_project_inCubeIDE.png) and Figure 583 (use STM32L5_STM32CubeMX_Project_settings_inCubeIDE.png).

Figure 582. Project explorer view for STM32L5 TrustZone enabled projects


File

Folder

Details

The product core secure/nonsecure partitioning .h “template” file

Example: partition_stm32l552xx.h

Secure

Initial setup for secure/nonsecure zones for

ARMCM33 based on CMSIS CORE V5.3.1 partition_ARMCM33.h Template.

It initializes Security attribution unit (SAU)

CTRL register, setup behavior of Sleep and Exception Handling, Floating Point Unit and Interrupt Target.

secure_nsc.h file

Secure_nsclib

Must be filled by the user with the list of nonsecure callable APIs.

Templates are available as reference in

STM32L5Cube embedded software package in Templates\TrustZone ® \Secure_nsclib folders.

System_stm32l5xx_s.c

Secure

CMSIS Cortex-M33 device peripheral access layer system source file to be used in secure application when the system implements security.

Code generation with TrustZone enabled (STM32L5 series only)

Table 28. Files generated when TrustZone is enabled (continued)

File

Folder

Details

System_stm32l5xx_ns.c

NonSecure

CMSIS Cortex-M33 device peripheral access layer system source file to be used in nonsecure application when the system implements security.

System_stm32l5xx_ns.c | NonSecure | CMSIS Cortex-M33 device peripheral access layer system source file to be used in nonsecure application when the system implements security. |