The TrustZone project contains two project files, the secure zone project and the non-secure zone project. These two projects are downloaded to different flash addresses.
TrustZone projects require starting from the secure zone project and then jumping to the non-secure zone for execution.
This is because security attributes need to be set at startup, such as security peripherals such as SAU and GTZC. These security attributes can only be set in the secure area. Therefore, the project in the secure area is downloaded to the starting address of the Flash, 0x08000000, but because this is the code of the secure area, the alias address 0x0C000000 of 0x08000000 is actually used. These two addresses are actually the same address. The concept of alias area appeared in STM32F1, and the bit band area at that time was also a kind of alias area. After the security attributes of the project in the secure area are configured, it is necessary to jump to the non-secure area. The code of the non-secure area is downloaded to another address, such as 0x08100000. Of course, this address depends on how the user divides the Flash area, and this address can be changed.
int main(void)
{
/* SAU/IDAU, FPU and interrupts secure/non-secure allocation setup done */
/* in SystemInit() based on partition_stm32u575xx.h file's definitions. */
/* USER CODE BEGIN 1 */
/* Enable SecureFault handler (HardFault is default) */
SCB->SHCSR |= SCB_SHCSR_SECUREFAULTENA_Msk;
/* STM32U5xx **SECURE** HAL library initialization:
- Configure the Flash prefetch
- Configure the Systick to generate an interrupt each 1 msec
- Set NVIC Group Priority to 3
- Low Level Initialization
*/
/* MCU Configuration--------------------------------------------------------*/
/* Reset of all peripherals, Initializes the Flash interface and the Systick. */
HAL_Init();
/* Configure the System Power */
SystemPower_Config();
/* GTZC initialisation */
MX_GTZC_S_Init();
/* Initialize all configured peripherals */
MX_GPIO_Init();
MX_ICACHE_Init();
/* All IOs are by default allocated to secure */
/* Release them all to non-secure except PC.07 (LED1) kept as secure */
__HAL_RCC_GPIOA_CLK_ENABLE();
__HAL_RCC_GPIOB_CLK_ENABLE();
__HAL_RCC_GPIOC_CLK_ENABLE();
__HAL_RCC_GPIOD_CLK_ENABLE();
__HAL_RCC_GPIOE_CLK_ENABLE();
__HAL_RCC_GPIOF_CLK_ENABLE();
__HAL_RCC_GPIOG_CLK_ENABLE();
__HAL_RCC_GPIOH_CLK_ENABLE();
HAL_GPIO_ConfigPinAttributes(GPIOA, GPIO_PIN_ALL, GPIO_PIN_NSEC);
HAL_GPIO_ConfigPinAttributes(GPIOB, GPIO_PIN_ALL, GPIO_PIN_NSEC);
HAL_GPIO_ConfigPinAttributes(GPIOC, (GPIO_PIN_ALL & ~(GPIO_PIN_7)), GPIO_PIN_NSEC);
HAL_GPIO_ConfigPinAttributes(GPIOD, GPIO_PIN_ALL, GPIO_PIN_NSEC);
HAL_GPIO_ConfigPinAttributes(GPIOE, GPIO_PIN_ALL, GPIO_PIN_NSEC);
HAL_GPIO_ConfigPinAttributes(GPIOF, GPIO_PIN_ALL, GPIO_PIN_NSEC);
HAL_GPIO_ConfigPinAttributes(GPIOG, GPIO_PIN_ALL, GPIO_PIN_NSEC);
HAL_GPIO_ConfigPinAttributes(GPIOH, GPIO_PIN_ALL, GPIO_PIN_NSEC);
/* Secure SysTick should rather be suspended before calling non-secure */
/* in order to avoid wake-up from sleep mode entered by non-secure */
/* The Secure SysTick shall be resumed on non-secure callable functions */
/* For the purpose of this example, however the Secure SysTick is kept */
/* running to toggle the secure IO and the following is commented: */
/* HAL_SuspendTick(); */
/*************** Setup and jump to non-secure *******************************/
NonSecure_Init();
/* Non-secure software does not return, this code is not executed */
/* Infinite loop */
while (1);
}
The above code is the main function of the project located in the safe zone, from which we can see that its startup process is:
- Set security attributes, including SAU and GTZC. In GTZC, you need to set the secure area address and non-secure area address of SRAM and assign security attributes to peripherals.
- Allocate resources to the non-secure area, including GPIO, interrupts, and DMA. From the figure below, you can see that after reset, some peripherals are in the secure area and some are in the non-secure area. If you want to use peripherals in the secure area in a non-secure project, you need to configure them and assign them to the non-secure area. For example, if all GPIOs are in the secure area, if you want to use UART or GPIO in the non-secure area, then you need to assign the corresponding pins to the non-secure area.
- Initialization of the secure zone peripherals, initialization of the peripherals used in the secure zone.
- Jump to the non-safe area, so how to jump from the safe area to the non-safe area? The jump function is shown below.
#define VTOR_TABLE_NS_START_ADDR 0x08100000UL
static void NonSecure_Init(void)
{
funcptr_NS NonSecure_ResetHandler;
SCB_NS->VTOR = VTOR_TABLE_NS_START_ADDR;
/* Set non-secure main stack (MSP_NS) */
__TZ_set_MSP_NS((*(uint32_t *)VTOR_TABLE_NS_START_ADDR));
/* Get non-secure reset handler */
NonSecure_ResetHandler = (funcptr_NS)(*((uint32_t *)((VTOR_TABLE_NS_START_ADDR) + 4U)));
/* Start non-secure state software application */
NonSecure_ResetHandler();
}
This code is very similar to the IAP code, both of which implement the jump to the program area. The steps are as follows:
- Assign the interrupt vector table of the non-security area to the program control block.
- Set the stack top address to be used. It should be noted that the kernel has two SP registers (stack top pointer registers), one for the secure area and one for the non-secure area, so this actually sets the stack top pointer for the non-secure area.
- Finally, jump to the restart function in the non-safe area.
From the above content, we can see that when STM32 starts, it first runs the code in the secure area, allocates security attributes and peripheral resources, and then jumps to the main function in the non-secure area for execution. Therefore, the code mainly executes the code in the non-secure area, and the code in the non-secure area can call the function in the secure area through the NSC function to realize the interaction between the two areas.
提升卡
变色卡
千斤顶
