STMicroelectronics STM32L5 User Manual

AN5600

Application note

STM32L5 Series GPIO usage with TrustZone

Introduction

This document briefly describes the different security problems that can be caused by a non-suitable GPIO/peripheral security
attribute combination and it provides details about the implementation on devices of the STM32L5 Series.

Armv8-M TrustZone® aims to do the physical isolation of two execution environments: a secure world and a non-secure world,
in which different sets of instructions ensure the valid execution of the code and prevent intruders from tampering or exploiting
information from the secure into the non-secure world.

The Cortex-M33 implements the functionality of secure and non-secure world distinction at the hardware level, to ensure time
efficient world switches. It uses source and origin memory addresses to check the security conditions.

The secure world ensures that no confidential data is available in non-secure world.

In the STM32L5 devices, depending on the peripherals and corresponding I/Os security attributes, some paths are protected by
hardware, preventing the non-secure world from inferring any secure information.

Some other paths between peripherals and I/Os are not protected by hardware, so it is up to the user, through the secure code,
to set up the suitable peripherals/GPIOs security attribute.

®

AN5600 - Rev 1 - January 2021
For further information contact your local STMicroelectronics sales office.

www.st.com

1 General information

This document applies to the STM32L5 Series Arm® Cortex® core-based microcontrollers.

Note: Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

AN5600

General information

AN5600 - Rev 1

page 2/17

2 Security levels

There are two different threat models:

• data leakage

• denial of service

The peripherals and corresponding I/Os security attribute must be well configured to prevent the non-secure world
from having secure information or causing troubles to secure application.

Target protection Security rationale

Secrets leakage Protect user or manufacturer secrets

Denial of service Make it more difficult for s/w attacks to make the final product behave badly

AN5600

Security levels

Table 1. Threat models

AN5600 - Rev 1

page 3/17

3 I/O security

When TrustZone® security is activated (TZEN = 1), each I/O pin of GPIO port can be individually configured as
secure through the GPIOx_SECCFGR registers.

After reset, each I/O pin of GPIO is set as secure. Only secure application can write to GPIOx_SECCFGR
registers to change the I/Os security attributes.

When an I/O pin is configured as secure:

• Its corresponding configuration bits for alternate function (AF), mode selection (MODE) and I/O data are
read at zero/write ignore’ (RAZ/WI) in case of non-secure access.

• Its corresponding bit for pull-up/pull-down configuration in standby mode (through PWR_PUCRx and
PWR_PDCRx, x = A…H) becomes secure.

• The connection between the I/O and peripherals is allowed or blocked depending on the I/O connection to
the peripheral, which are direct connection or through alternate function logic. and on the I/O and peripheral
security attributes.

Note:

The peripheral security attribute is defined through the global TrustZone® controller GTZC and TrustZone
security controller TZSC. For more details, please refer to the STM32L5 reference manual RM0438.

For more details, please refer to Section 4 STM32L5 I/Os access rules when TrustZone is enabled.

AN5600

I/O security

®

AN5600 - Rev 1

page 4/17

STM32L5 I/Os access rules when TrustZone is enabled

4 STM32L5 I/Os access rules when TrustZone is enabled

Setting the GPIO in secure mode allows to be sure that the non-secure application will not be able to change
alternate function selection or IO mode.

Therefore, it is guaranteed that:

• input data are not redirected to another peripheral

• output data are not replaced by those generated by another peripheral

• on-going secure communication is not corrupted

Some hardware protections are implemented to make sure that:

• data coming from a non-secure IO cannot be routed to a secure IP, in order to protect ongoing secure
peripheral transactions

• data going to a non-secure pin do not originate from a secure peripheral to avoid potential secrets disclosure

Even if there are hardware protections, there are cases where the user must well configure the peripheral and I/O
security attributes.

The access rules depend on:

• whether the I/O pin selection is done through alternate functions registers (such as USART, TIM…)

• the I/Os have analog switches, directly controlled by peripherals (such as ADC, OPAMP)

• there is direct connection between I/Os additional functions and peripherals (such as touch sense, DAC…)

These three cases are detailed in the 3 following subsections.

AN5600

4.1

I/Os used as alternate function

When digital alternate function is used (input/output mode), in order to protect the data transiting from/to the I/O
managed by a secure peripheral, the STM32L552xx and STM32L562xx add a secure alternate function gate on
the path between the peripheral and its allocated I/Os. This gate behaves as following:

• If the digital peripheral is secure, the I/O pin must also be secure to allow input/output of data

• If the I/O pin is configured as non-secure, the connection with the secure peripheral is blocked by hardware

• If the digital peripheral is not secure, the connection is allowed regardless of the I/O pin security attribute

The table below summarizes the I/O behavior when configured as alternate function and depending on the
security attribute of the I/O and peripheral.

Table 2. Access Rules when the I/O is used as alternate function

Security configuration Alternate function logic

Peripheral Allocated I/O Input Output

Secure

Non-secure

Secure

Non-secure I/O data Peripheral data

For example, when an UART is configured as a secure peripheral, this means that this UART is only allowed to
be accessed by the secure world, not by the non-secure world.

However, in this case, when the UART pin is non-secure, the non-secure world cannot get the secure UART’s
information thanks to the hardware protection. This is illustrated in Figure xxx.

Secure I/O data Peripheral data

Non-secure

Zero Zero

AN5600 - Rev 1

page 5/17

I/Os with analog switches

Figure 1. Secure UART connection to I/O allowed when the I/O is secure.

Secure access Non-secure access

Secure UART

Secure I/O

Figure 2. Secure UART connection to I/O not allowed when the I/O is non-secure.

Secure access Non-secure access

AN5600

4.2 I/Os with analog switches

When analog function with analog switch is used, the STM32L552xx and STM32L562xx add a secure gate on the
analog switch. This secure gate controls the switch opening/closing and allows blocking the connection between
the secure I/O and corresponding non-secure analog peripheral function.

Here, a different requirement applies to analog peripherals comparing to digital peripherals.

The goal is to prevent from capturing or corrupting pad level signals by using analog switches embedded in the
GPIO cells. A typical example is to use a non-secure ADC to capture serial data transiting on a secure I/O.

The analog functions concerned by this rule (for instance when an IO is secure and analog peripheral is non­secure, the connection is blocked by hardware) are the following:

Secure UART

Non-secure I/O

AN5600 - Rev 1

page 6/17