8 Code generation with TrustZone enabled (STM32L5 series only) ¶
• Arm Cortex-M4 core booting, Arm Cortex-M7 gated
• A first core booting executing from flash, loads the second core code to the SRAM then enables the second core to boot.
STM32CubeMX uses template files delivered with STM32CubeH7 MCU packages as reference.
Code generation with TrustZone enabled (STM32L5 series only)
8 Code generation with TrustZone enabled (STM32L5 series only)
In STM32CubeMX project manager view, all project generation options remain available.
However, the choice of toolchains is limited to the IDEs/compilers supporting the Cortex ® -M33 core:
• EWARM v8.32 or higher
• MDK-ARM v5.27 or higher (ARM compiler 6)
• STM32CubeIDE (GCC v4.2 or higher)
• Makefile (GCC v4.2 or higher)
Upon product selection, STM32CubeMX requires to choose between enabling TrustZone or not.
• When TrustZone is enabled, STM32CubeMX generates two C projects: one secure and one nonsecure. After compilation, two images are available for download, one for each context.
• When TrustZone is disabled, STM32CubeMX generates a nonsecure C project, as for other products not supporting it.
Specificities
When TrustZone is enabled, the project generation must be adjusted to ensure that secure and nonsecure images can be built.
Figure 581. Building secure and nonsecure images with ARMv8-M TrustZone
Code generation with TrustZone enabled (STM32L5 series only)
When TrustZone is enabled for the project, STM32CubeMX generates three folders:
• NonSecure for nonsecure code
• Secure for secure code
• Secure_nsclib for nonsecure callable region
See Figure 582 (use TZ_BasicStructure_project_inCubeIDE.png) and Figure 583 (use STM32L5_STM32CubeMX_Project_settings_inCubeIDE.png).
Figure 582. Project explorer view for STM32L5 TrustZone enabled projects
Code generation with TrustZone enabled (STM32L5 series only)
Figure 583. Project settings for STM32CubeIDE toolchain
STM32CubeMX also generates specific files, detailed in Table 28.
Table 28. Files generated when TrustZone is enabled
File
Folder
Details
The product core secure/nonsecure partitioning .h “template” file
Example: partition_stm32l552xx.h
Secure
Initial setup for secure/nonsecure zones for
ARMCM33 based on CMSIS CORE V5.3.1 partition_ARMCM33.h Template.
It initializes Security attribution unit (SAU)
CTRL register, setup behavior of Sleep and Exception Handling, Floating Point Unit and Interrupt Target.
secure_nsc.h file
Secure_nsclib
Must be filled by the user with the list of nonsecure callable APIs.
Templates are available as reference in
STM32L5Cube embedded software package in Templates\TrustZone®\Secure_nsclib folders.
System_stm32l5xx_s.c
Secure
CMSIS Cortex-M33 device peripheral access layer system source file to be used in secure application when the system implements security.
Code generation with TrustZone enabled (STM32L5 series only)
Table 28. Files generated when TrustZone is enabled (continued)
File
Folder
Details
System_stm32l5xx_ns.c
NonSecure
CMSIS Cortex-M33 device peripheral access layer system source file to be used in nonsecure application when the system implements security.
System_stm32l5xx_ns.c | NonSecure | CMSIS Cortex-M33 device peripheral access layer system source file to be used in nonsecure application when the system implements security. |


