STMicroelectronics STM32L5 User Manual
AN5600
Application note
STM32L5 Series GPIO usage with TrustZone®
Introduction
This document briefly describes the different security problems that can be caused by a non-suitable GPIO/peripheral security attribute combination and it provides details about the implementation on devices of the STM32L5 Series.
Armv8-M TrustZone® aims to do the physical isolation of two execution environments: a secure world and a non-secure world, in which different sets of instructions ensure the valid execution of the code and prevent intruders from tampering or exploiting information from the secure into the non-secure world.
The Cortex-M33 implements the functionality of secure and non-secure world distinction at the hardware level, to ensure time efficient world switches. It uses source and origin memory addresses to check the security conditions.
The secure world ensures that no confidential data is available in non-secure world.
In the STM32L5 devices, depending on the peripherals and corresponding I/Os security attributes, some paths are protected by hardware, preventing the non-secure world from inferring any secure information.
Some other paths between peripherals and I/Os are not protected by hardware, so it is up to the user, through the secure code, to set up the suitable peripherals/GPIOs security attribute.
AN5600 - Rev 1 - January 2021 |
www.st.com |
For further information contact your local STMicroelectronics sales office. |
|
|
|
AN5600
General information
1General information
|
This document applies to the STM32L5 Series Arm® Cortex® core-based microcontrollers. |
Note: |
Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere. |
AN5600 - Rev 1 |
page 2/17 |
|
|
AN5600
Security levels
2Security levels
There are two different threat models:
•data leakage
•denial of service
The peripherals and corresponding I/Os security attribute must be well configured to prevent the non-secure world from having secure information or causing troubles to secure application.
|
Table 1. Threat models |
|
|
Target protection |
Security rationale |
|
|
Secrets leakage |
Protect user or manufacturer secrets |
|
|
Denial of service |
Make it more difficult for s/w attacks to make the final product behave badly |
|
|
AN5600 - Rev 1 |
page 3/17 |
|
|
AN5600
I/O security
3I/O security
When TrustZone® security is activated (TZEN = 1), each I/O pin of GPIO port can be individually configured as secure through the GPIOx_SECCFGR registers.
After reset, each I/O pin of GPIO is set as secure. Only secure application can write to GPIOx_SECCFGR registers to change the I/Os security attributes.
When an I/O pin is configured as secure:
•Its corresponding configuration bits for alternate function (AF), mode selection (MODE) and I/O data are read at zero/write ignore’ (RAZ/WI) in case of non-secure access.
•Its corresponding bit for pull-up/pull-down configuration in standby mode (through PWR_PUCRx and PWR_PDCRx, x = A…H) becomes secure.
•The connection between the I/O and peripherals is allowed or blocked depending on the I/O connection to the peripheral, which are direct connection or through alternate function logic. and on the I/O and peripheral security attributes.
Note: |
The peripheral security attribute is defined through the global TrustZone® controller GTZC and TrustZone® |
|
security controller TZSC. For more details, please refer to the STM32L5 reference manual RM0438. |
|
For more details, please refer to Section 4 STM32L5 I/Os access rules when TrustZone is enabled. |
AN5600 - Rev 1 |
page 4/17 |
|
|
AN5600
STM32L5 I/Os access rules when TrustZone is enabled
4STM32L5 I/Os access rules when TrustZone is enabled
Setting the GPIO in secure mode allows to be sure that the non-secure application will not be able to change alternate function selection or IO mode.
Therefore, it is guaranteed that:
•input data are not redirected to another peripheral
•output data are not replaced by those generated by another peripheral
•on-going secure communication is not corrupted
Some hardware protections are implemented to make sure that:
•data coming from a non-secure IO cannot be routed to a secure IP, in order to protect ongoing secure peripheral transactions
•data going to a non-secure pin do not originate from a secure peripheral to avoid potential secrets disclosure
Even if there are hardware protections, there are cases where the user must well configure the peripheral and I/O security attributes.
The access rules depend on:
•whether the I/O pin selection is done through alternate functions registers (such as USART, TIM…)
•the I/Os have analog switches, directly controlled by peripherals (such as ADC, OPAMP)
•there is direct connection between I/Os additional functions and peripherals (such as touch sense, DAC…)
These three cases are detailed in the 3 following subsections.
4.1I/Os used as alternate function
When digital alternate function is used (input/output mode), in order to protect the data transiting from/to the I/O managed by a secure peripheral, the STM32L552xx and STM32L562xx add a secure alternate function gate on the path between the peripheral and its allocated I/Os. This gate behaves as following:
•If the digital peripheral is secure, the I/O pin must also be secure to allow input/output of data
•If the I/O pin is configured as non-secure, the connection with the secure peripheral is blocked by hardware
•If the digital peripheral is not secure, the connection is allowed regardless of the I/O pin security attribute
The table below summarizes the I/O behavior when configured as alternate function and depending on the security attribute of the I/O and peripheral.
Table 2. Access Rules when the I/O is used as alternate function
Security configuration |
|
Alternate function logic |
||
Peripheral |
Allocated I/O |
Input |
|
Output |
|
|
|
|
|
Secure |
Secure |
I/O data |
|
Peripheral data |
|
|
|||
Non-secure |
|
|||
|
|
|
|
|
|
|
|
|
|
Secure |
Non-secure |
Zero |
|
Zero |
|
|
|
|
|
Non-secure |
I/O data |
|
Peripheral data |
|
|
|
|||
|
|
|
|
|
For example, when an UART is configured as a secure peripheral, this means that this UART is only allowed to be accessed by the secure world, not by the non-secure world.
However, in this case, when the UART pin is non-secure, the non-secure world cannot get the secure UART’s information thanks to the hardware protection. This is illustrated in Figure xxx.
AN5600 - Rev 1 |
page 5/17 |
|
|
AN5600
I/Os with analog switches
Figure 1. Secure UART connection to I/O allowed when the I/O is secure.
Secure access |
|
Non-secure access |
|
|
|
Secure UART
Secure I/O
Figure 2. Secure UART connection to I/O not allowed when the I/O is non-secure.
Secure access |
|
Non-secure access |
|
|
|
Secure UART
Non-secure I/O
4.2I/Os with analog switches
When analog function with analog switch is used, the STM32L552xx and STM32L562xx add a secure gate on the analog switch. This secure gate controls the switch opening/closing and allows blocking the connection between the secure I/O and corresponding non-secure analog peripheral function.
Here, a different requirement applies to analog peripherals comparing to digital peripherals.
The goal is to prevent from capturing or corrupting pad level signals by using analog switches embedded in the GPIO cells. A typical example is to use a non-secure ADC to capture serial data transiting on a secure I/O.
The analog functions concerned by this rule (for instance when an IO is secure and analog peripheral is nonsecure, the connection is blocked by hardware) are the following:
AN5600 - Rev 1 |
page 6/17 |
|
|
Loading...