165DMIPS, up to 512KB Flash, 256KB SRAM, SMPS, AES+PKA
Datasheet - production data
Features
Ultra-low-power with FlexPowerControl
• 1.71 V to 3.6 V power supply
• -40 °C to 85/125 °C temperature range
• Batch acquisition mode (BAM)
• 187 nA in VBAT mode: supply for RTC and
32x32-bit backup registers
• 17 nA Shutdown mode (5 wakeup pins)
• 108 nA Standby mode (5 wakeup pins)
• 222 nA Standby mode with RTC
• 3.16 μA Stop 2 with RTC
• 106 μA/MHz Run mode (LDO mode)
• 62 μA/MHz Run mode @ 3 V
(SMPS step-down converter mode)
• 5 µs wakeup from Stop mode
• Brownout reset (BOR) in all modes except
Shutdown
Core
Memories
• Up to 512-Kbyte Flash, two banks read-whilewrite
• 256 Kbytes of SRAM including 64 Kbytes with
hardware parity check
• External memory interface supporting SRAM,
PSRAM, NOR, NAND and FRAM memories
• OCTOSPI memory interface
• Arm® 32-bit Cortex®-M33 CPU with
TrustZone
ART Accelerator
• 8-Kbyte instruction cache allowing 0-wait-state
execution from Flash memory and external
memories; frequency up to 110 MHz, MPU,
165 DMIPS and DSP instructions
Performance benckmark
• 1.5 DMIPS/MHz (Drystone 2.1)
• 442 CoreMark
Energy benchmark
• 370 ULPMark-CP® score
• 54 ULPMark-PP
• 27400 SecureMark-TLS
February 2020DS12736 Rev 21/323
This is information on a product in full production.
®
and FPU
®
(4.02 CoreMark®/MHz)
®
score
®
score
Security
• Arm® TrustZone® and securable I/Os,
memories and peripherals
• Flexible life cycle scheme with RDP (readout
protection)
• Root of trust thanks to unique boot entry and
hide protection area (HDP)
CLK, NE[4:1], NL, NBL[1:0], A[25:0],
D[15:0], NOE, NWE, NWAIT, NCE, INT as
AF
DP
DM
FIFO
@ VDDA
BOR
Supply
supervision
PVD, PVM
Int
reset
XTAL 32 kHz
RTC
FCLK
Standby
interface
IWDG
@VBAT
@ VDD
@VDD
AWU
PCLKx
VDD = 1.71 to 3.6 V
VSS
Voltage regulator
LDO and SMPS
3.3 to 1.2 V
VDD
Power management
@ VDD
RTC_TAMP[8:1]
Backup register
AHB bus-matrix
2 channels, 1 compl. channel,
BKIN as AF
TIM2
TIM3
TIM4
TIM5
USART2
USART3
I2C1/SMBUS
SPI1
TIM17
USART1
EXT IT. WKUP
TIM16
TIM8 / PWM
TIM15
SDMMC1
TIM1 / PWM
TIM6
TIM7
WWDG
GPIO PORT H
GPIO PORT F
GPIO PORT G
GPIO PORT D
GPIO PORT E
GPIO PORT B
GPIO PORT C
GPIO PORT A
DMA1
DMA2
APB1 110 MHz (max)
SRAM 192 KB
SRAM 64 KB
NJTRST, JTDI,
JTCK/SWCLK
JTDO/SWD, JTDO
C-BUS
S-BUS
PB[15:0]
PC[15:0]
PD[15:0]
PE[15:0]
PF[15:0]
PG[15:0]
PH[1:0]
16b
16b
16b
16b
3 compl. Channels (TIM1_CH[1:3]N),
4 channels (TIM1_CH[1:4]), ETR, BKIN,
BKIN2 as AF
1 channel, 1 compl. channel,
BKIN as AF
1 channel, 1 compl. channel,
BKIN as AF
OUT2
16b
16b
SCL, SDA, SMBA as AF
SCL, SDA, SMBA as AF
MOSI, MISO, SCK, NSS as AF
RX, TX, CTS, RTS as AF
RX, TX, CTS, RTS as AF
RX, TX, CK, CTS, RTS as AF
RX, TX, CK, CTS, RTS as AF
smcard
irDA
smcard
irDA
32b
16b
16b
32b
4 channels, ETR as AF
4 channels, ETR as AF
4 channels, ETR as AF
4 channels, ETR as AF
AHB/APB1
OSC_IN
OSC_OUT
HCLKx
XTAL OSC
4- 16MHz
16xIN
VREF+
USART2MBps
Temperature sensor
MCLK_A, SD_A, FS_A, SCK_A, EXTCLK
MCLK_B, SD_B, FS_B, SCK_B as AF
SAI1
MCLK_A, SD_A, FS_A, SCK_A, EXTCLK
MCLK_B, SD_B, FS_B, SCK_B as AF
SAI2
SDCKIN[7:0], SDDATIN[7:0],
SDCKOUT,SDTRIG as AF
DFSDM
Touch sensing controller
8 groups of sensing channels as AF
OUT, INN, INP
LPUART1
LPTIM1
LPTIM2
RX, TX, CTS, RTS as AF
IN1, IN2, OUT, ETR as AF
IN1, OUT, ETR as AF
RC HSI
RC LSI
PLL 1&2&3
MSI
Octo SPI1 memory interface
IO[7:0],
CLK, NCLK, NCS. DQS
@ VDDUSB
COMP1
INP, INN, OUT
COMP2
INP, INN, OUT
@ VDDA
RTC_OUT
VDDIO, VDDUSB
FIFO
PHY
AHB1 110 MHz
CRC
OUT, INN, INP
I2C2/SMBUS
I2C3/SMBUS
OpAmp1
SPI3
SPI2
UART5
UART4
APB2 110MHz
AHB2 110 MHz
OpAmp2
@VDDA
RNG
AES
VREF Buffer
@ VDDA
@ VDD
HASH
FIFO
TX, RX as AF
FDCAN1
SCL, SDA, SMBA as AF
I2C4/SMBUS
ITF
ADC1
@ VDDA
SYSCFG
Icache 8KB
ADC2
LPTIM3
IN1, OUT, ETR as AF
UCPD1
DP
DM
@ VDDUSB
PHY
CRS
PKA32
DMAMUX1
AHB1 110 MHz
AHB/APB2
32-bits AHB bus
VDD power domain
VDDUSB power domain
VBAT power domain
VDDIO2 power domain
VDDA power domain
OTFDEC
GTZC
Reset
and clock
control
UCPD1
Figure 1. STM32L562xx block diagram
1. AF: alternate function on I/O pins.
DS12736 Rev 219/323
79
Functional overviewSTM32L562xx
3 Functional overview
3.1 Arm® Cortex®-M33 core with TrustZone® and FPU
The Cortex®-M33 with TrustZone and FPU is a highly energy efficient processor designed
for microcontrollers and deeply embedded applications, especially those requiring efficient
security.
The Cortex®-M33 processor delivers a high computational performance with low-power
consumption and an advanced response to interrupts. it features:
•Arm® TrustZone® technology, using the ARMv8-M main extension supporting secure
and non-secure states
•Memory protection units (MPUs), 8 regions for secure and 8 regions for non secure
•Configurable secure attribute unit (SAU) supporting up to 8 memory regions
•Floating-point arithmetic functionality with support for single precision arithmetic
The processor supports a set of DSP instructions that allows an efficient signal processing
and a complex algorithm execution.
The Cortex®-M33 processor supports the following bus interfaces:
•System AHB bus:
The System AHB (S-AHB) bus interface is used for any instruction fetch and data
access to the memory-mapped SRAM, peripheral, external RAM and external device,
or Vendor_SYS regions of the ARMv8-M memory map.
•Code AHB bus
The Code AHB (C-AHB) bus interface is used for any instruction fetch and data access
to the code region of the ARMv8-M memory map.
Figure 1 shows the general block diagram of the STM32L562xx family devices.
3.2 Art Accelerator – instruction cache (ICACHE)
The instruction cache (ICACHE) is introduced on C-AHB code bus of Cortex®-M33
processor to improve performance when fetching instruction (or data) from both internal and
external memories.
20/323DS12736 Rev 2
STM32L562xxFunctional overview
ICACHE offers the following features:
•Multi-bus interface:
–slave port receiving the memory requests from the Cortex
®
-M33 C-AHB code
execution port
–master1 port performing refill requests to internal memories (FLASH and SRAMs)
–master2 port performing refill requests to external memories (external
FLASH/RAMs through Octo-SPI/FMC interfaces)
–a second slave port dedicated to ICACHE registers access.
•Close to zero wait states instructions/data access performance:
–0 wait-state on cache hit
–hit-under-miss capability, allowing to serve new processor requests while a line
refill (due to a previous cache miss) is still ongoing
–critical-word-first refill policy, minimizing processor stalls on cache miss
–hit ratio improved by 2-ways set-associative architecture and pLRU-t replacement
policy (pseudo-least-recently-used, based on binary tree), algorithm with best
complexity/performance balance
–dual master ports allowing to decouple internal and external memory traffics, on
Fast and Slow buses, respectively; also minimizing impact on interrupt latency
–optimal cache line refill thanks to AHB burst transactions (of the cache line size).
–performance monitoring by means of a hit counter and a miss counter.
•Extension of cacheable region beyond Code memory space, by means of address
remapping logic that allows to define up to 4 cacheable external regions
•Power consumption reduced intrinsically (most accesses to cache memory rather to
bigger main memories); even improved by configuring ICACHE as direct mapped
(rather than the default 2-ways set-associative mode)
•TrustZone
®
security support
•Maintenance operation for software management of cache coherency
•Error management: detection of unexpected cacheable write access, with optional
interrupt raising.
3.3 Memory protection unit
The memory protection unit (MPU) is used to manage the CPU accesses to the memory
and to prevent one task to accidentally corrupt the memory or the resources used by any
other active task. This memory area is organized into up to 8 regions for secure and 8
regions for non secure state.
The MPU is especially helpful for applications where some critical or certified code has to be
protected against the misbehavior of other tasks. It is usually managed by an RTOS (realtime operating system). If a program accesses a memory location that is prohibited by the
MPU, the RTOS can detect it and take action. In an RTOS environment, the kernel can
dynamically update the MPU area setting based on the process to be executed.
The MPU is optional and can be bypassed for applications that do not need it.
DS12736 Rev 221/323
79
Functional overviewSTM32L562xx
3.4 Embedded Flash memory
The devices feature 512 Kbytes of embedded Flash memory which is available for storing
programs and data.
The Flash interface features:
•Single or dual bank operating modes
•Read-while-write (RWW) in dual bank mode
This feature allows to perform a read operation from one bank while an erase or program
operation is performed to the other bank. The dual bank boot is also supported. Each bank
contains 128 pages of 2 or 4
memory also embeds 512 bytes OTP (one-time programmable) for user data.
Flexible protections can be configured thanks to the option bytes:
• Readout protection (RDP) to protect the whole memory. Four levels of protection are
available:
– Level 0: no readout protection
– Level 0.5: available only when TrustZone is enabled
All read/write operations (if no write protection is set) from/to the non-secure Flash
memory are possible. The Debug access to secure area is prohibited. Debug access
to non-secure area remains possible.
– Level 1: memory readout protection; the Flash memory cannot be read from or written
to if either the debug features are connected or the boot in RAM or bootloader are
selected. If TrustZone is enabled, the non-secure debug is possible and the boot in
SRAM is not possible.
– Level 2: chip readout protection; the debug features (Cortex
wire), the boot in RAM and the bootloader selection are disabled (JTAG fuse). This
selection is irreversible.
•Write protection (WRP): the protected area is protected against erasing and
programming:
–In single bank mode, four areas can be selected with 4-Kbyte granularity.
–In dual bank mode, two areas per bank can be selected with 2-Kbyte granularity.
Kbytes (depending on the read access width). The Flash
®
-M33 JTAG and serial
The whole non-volatile memory embeds the error correction code (ECC) feature supporting:
•Single error detection and correction
•Double error detection
•The address of the ECC fail can be read in the ECC register.
TrustZone security
When the TrustZone security is enabled, the whole Flash is secure after reset and the
following protections are available:
•Non-volatile watermark-based secure Flash area: the secure area can be accessed
only in secure mode.
–In single bank mode, four areas can be selected with a page granularity.
–In dual bank mode, one area per bank can be selected with a page granularity.
•Secure hidden protection area: it is part of the Flash secure area and it can be
protected to deny an access to this area by any data read, write and instruction fetch.
22/323DS12736 Rev 2
STM32L562xxFunctional overview
For example, a software code in the secure Flash memory hidden protection area can
be executed only once and deny any further access to this area until next system reset.
•Volatile block-based secure Flash area. In a block-based secure area, each page can
be programmed on-the-fly as secure or non-secure.
3.5 Embedded SRAM
The devices feature 256 Kbytes of embedded SRAM. This SRAM is split into three blocks:
•192 Kbytes mapped at address 0x2000 0000 (SRAM1).
•64 Kbytes located at address 0x0A03 0000 with hardware parity check (SRAM2).
This memory is also mapped at address 0x2003 0000 offering a contiguous address
space with the SRAM1.
This block is accessed through the C-bus for maximum performance. Either 64 Kbytes
or upper 4 Kbytes of SRAM2 can be retained in Standby mode.
The SRAM2 can be write-protected with 1 Kbyte granularity.
The memory can be accessed in read/write at CPU clock speed with 0 wait states.
TrustZone security
When the TrustZone security is enabled, all SRAMs are secure after reset. The SRAM can
be programmed as non-secure by block based using the MPCBB (memory protection
controller block based) in GTZC controller. The granularity of SRAM secure block based is a
page of 256 bytes.
3.6 Boot modes
At startup, a BOOT0 pin, nBOOT0 and NSBOOTADDx[24:0] / SECBOOTADD0[24:0] option
bytes are used to select the boot memory address which includes:
•Boot from any address in user Flash
•Boot from system memory bootloader
•Boot from any address in embedded SRAM
•Boot from Root Security service (RSS)
The BOOT0 value may come from the PH3-BOOT0 pin or from an option bit depending on
the value of a user option bit to free the GPIO pad if needed.
The boot loader is located in the system memory. It is used to reprogram the Flash memory
by using USART, I2C, SPI, FDCAN or USB FS in device mode through the DFU (device
firmware upgrade).
The bootloader is available on all devices. Refer to the application note STM32 microcontroller system memory boot mode (AN2606) for more details.
The root secure services (RSS) are embedded in a Flash memory area named secure
information block, programmed during ST production.
The RSS enables for example the secure firmware installation (SFI) thanks to the RSS
extension firmware (RSSe SFI).
This feature allows the customers to protect the confidentiality of the firmware to be
provisioned into the STM32 device when the production is subcontracted to a third party.
DS12736 Rev 223/323
79
Functional overviewSTM32L562xx
The RSS is available on all devices, after enabling the TrustZone through the TZEN option
bit.
Refer to the application note Overview secure firmware install (SFI) (AN4992) for more
details.
Refer to Tab le 3 and Tab le 4 for boot modes when TrustZone is disabled and enabled
respectively.
Table 3. Boot modes when TrustZone is disabled (TZEN=0)
nBOOT0
FLASH_
OPTR[27]
BOOT0
pin PH3
nSWBOOT0
FLASH_
OPTR[26]
Boot address option-
bytes selection
-01NSBOOTADD0[24:0]
-11NSBOOTADD1[24:0]
1-0NSBOOTADD0[24:0]
0-0NSBOOTADD1[24:0]
When TrustZone is enabled by setting the TZEN option bit, the boot space must be in
secure area. The SECBOOTADD0[24:0] option bytes are used to select the boot secure
memory address.
A unique boot entry option can be selected by setting the BOOT_LOCK option bit, allowing
to boot always at the address selected by SECBOOTADD0[24:0] option bytes. All other boot
options are ignored.
Boot area
Boot address defined by
user option bytes
NSBOOTADD0[24:0]
Boot address defined by
user option bytes
NSBOOTADD1[24:0]
Boot address defined by
user option bytes
NSBOOTADD0[24:0]
Boot address defined by
user option bytes
NSBOOTADD1[24:0]
ST programmed
default value
Flash: 0x0800 0000
System bootloader:
0x0BF9 0000
Flash: 0x0800 0000
System bootloader:
0x0BF9 0000
24/323DS12736 Rev 2
STM32L562xxFunctional overview
Table 4. Boot modes when TrustZone is enabled (TZEN=1)
BOOT_
LOCK
nBOOT0
FLASH_
OPTR[27]
BOOT0
PH3
pin
nSWBOOT0
FLASH_
OPTR[26]
RSS
command
-0 1 0
-110N/ARSS: 0x0FF8 0000
0
1- 0 0
0- 0 0 N/A
-- -
≠ 0N/A
1- - --
Boot address
option-bytes
selection
SECBOOTAD
D0[24:0]
SECBOOTAD
D0[24:0]
SECBOOTAD
D0[24:0]
Boot area
Secure boot address
defined by user option
bytes
SECBOOTADD0[24:0]
Secure boot address
defined by user option
bytes
SECBOOTADD0[24:0]
RSS: RSS:
0x0FF8 0000
RSS: RSS:
0x0FF8 0000
Secure boot address
defined by user option
bytes
SECBOOTADD0[24:0]
ST
programmed
default value
Flash:
0x0C00 0000
RSS:
0x0FF8 0000
Flash:
0x0C00 0000
RSS:
0x0FF8 0000
RSS:
0x0FF8 0000
Flash:
0x0C00 0000
The boot address option bytes enables the possibility to program any boot memory address.
However, the allowed address space depends on Flash read protection RDP level.
If the programmed boot memory address is out of the allowed memory mapped area when
RDP level is 0.5 or more, the default boot fetch address is forced to:
•0x0800 0000 (when TZEN = 0)
•RSS (when TZEN = 1)
Refer to Tab le 5.
RDPTZEN = 1TZEN = 0
0Any boot addressAny boot address
Table 5. Boot space versus RDP protection
DS12736 Rev 225/323
79
Functional overviewSTM32L562xx
Table 5. Boot space versus RDP protection (continued)
RDPTZEN = 1TZEN = 0
0.5
1Any boot address
Boot address only in:
– RSS
– or secure Flash: 0x0C00 0000 -
0x0C07 FFFF
2
Otherwise boot address forced to RSS
N/A
If boot is configured for NSBOOTADD0 and
NSBOOTADD0 in the range 0x0800 0000 0x0807 FFFF: boot at the address stored in
NSBOOTADD0
If boot is configured for NSBOOTADD1 and
NSBOOTADD1 in the range 0x0800 0000 0x0807 FFFF: boot at the address stored in
NSBOOTADD1
Otherwise boot address is forced at
0x0800 0000
3.7 Global TrustZone controller (GTZC)
The GTZC includes three different sub-blocks:
•TZSC: TrustZone® security controller
This sub-block defines the secure/privilege state of slave/master peripherals. It also
controls the non-secure area size for the watermark memory peripheral controller
(MPCWM). The TZSC block informs some peripherals (such as RCC or GPIOs) about
the secure status of each securable peripheral, by sharing with RCC and I/O logic.
1. MPCBB: block-based memory protection controller
This sub-block controls secure states of all blocks (256-byte pages) of the associated
SRAM.
2. TZIC: TrustZone illegal access controller
This sub-block gathers all illegal access events in the system and generates a secure
interrupt towards NVIC.
These sub-blocks are used to configure TrustZone and privileged attributes within the full
system.
The GTZC main features are:
•3 independent 32-bit AHB interface for TZSC, MPCBB and TZIC
•MPCBB and TZIC accessible only with secure transactions
•Secure and non-secure access supported for priv/non-priv part of TZSC
•Register set to define security settings:
–Secure blocks for internal SRAM
–Non-secure regions for external memories
–Secure/privilege access mode for securable and TZ-aware peripherals
•Secure/privilege access mode for securable legacy masters.
3.8 TrustZone security architecture
The security architecture is based on Arm® TrustZone® with the ARMv8-M Main Extension.
26/323DS12736 Rev 2
STM32L562xxFunctional overview
The TrustZone security is activated by the TZEN option bit in the FLASH_OPTR register.
When the TrustZone is enabled, the SAU (security attribution unit) and IDAU
(implementation defined attribution unit) defines the access permissions based on secure
and non-secure state.
•SAU: Up to 8 SAU configurable regions are available for security attribution.
•IDAU: It provides a first memory partition as non-secure or non-secure callable
attributes. It is then combined with the results from the SAU security attribution and the
higher security state is selected.
Based on IDAU security attribution, the Flash, system SRAMs and peripherals memory
space is aliased twice for secure and non-secure state. However, the external memories
space is not aliased.
Tab le 6 shows an example of typical SAU regions configuration based on IDAU regions.
The user can split and choose the secure, non-secure or NSC regions for external
memories as needed.
Table 6. Example of memory map security attribution vs SAU configuration regions
(1) (2)
Region
description
Code - external
memories
Code - Flash and
SRAM
Code - external
memories
SRAM
Peripherals
External memories
1. NSC = non-secure callable.
2. Different colors highlights the different configurations
Pink: Non-secure
Green: NSC (non-secure callable)
Lighter green: Secure or non-secure or NSC
Address range
0x0000_0000
0x07FF_FFFF
0x0800_0000
0x0BFF_FFFF
0x0C00_0000
0x0FFF_FFFF
0x1000_0000
0x17FF_FFFF
0x1800_0000
0x1FFF_FFFF
0x2000_0000
0x2FFF_FFFF
0x3000_0000
0x3FFF_FFFF
0x4000_0000
0x4FFF_FFFF
0x5000_0000
0x5FFF_FFFF
0x6000_0000
0xDFFF_FFFF
IDAU security
attribution
Non-secure
Non-secureNon-secureNon-secure
NSCSecure or NSCSecure or NSC
Non-secure
Non-secure
NSCSecure or NSCSecure or NSC
Non-secureNon-secureNon-secure
NSCSecure or NSCSecure or NSC
Non-secure
SAU security
attribution typical
configuration
Secure or non-
secure or NSC
Non-secure
Secure or non-
secure or NSC
Final security
attribution
Secure or non-
secure or NSC
Secure or non-
secure or NSC
DS12736 Rev 227/323
79
Functional overviewSTM32L562xx
3.8.1 TrustZone peripheral classification
When the TrustZone security is active, a peripheral can be either Securable or TrustZoneaware type as follows:
•Securable: a peripheral is protected by an AHB/APB firewall gate that is controlled from
TZSC controller to define security properties.
•TrustZone-aware: a peripheral connected directly to AHB or APB bus and is
implementing a specific TrustZone behavior such as a subset of registers being secure.
The tables below summarize the list of Securable and TrustZone aware peripherals within
the system.
Table 7. Securable peripherals by TZSC
BusPeripheral
AHB3
AHB 2
AHB1
APB2
OCTOSPI1 registers
FMC registers
SDMMC1
RNG
HASH
AES
ADC
ICACHE registers
TSC
CRC
DFSDM1
SAI2
SAI1
TIM17
TIM16
TIM15
USART1
TIM8
SPI1
TIM1
COMP
VREFBUF
28/323DS12736 Rev 2
STM32L562xxFunctional overview
Table 7. Securable peripherals by TZSC (continued)
BusPeripheral
UCPD1
USB FS
FDCAN1
LPTIM3
LPTIM2
I2C4
LPUART1
LPTIM1
OPAMP
DAC1
CRS
I2C3
I2C2
APB1
I2C1
UART5
UART4
USART3
USART2
SPI3
SPI2
IWDG
WWDG
TIM7
TIM6
TIM5
TIM4
TIM3
TIM2
DS12736 Rev 229/323
79
Functional overviewSTM32L562xx
Table 8. TrustZone-aware peripherals
BusPeripheral
GPIOH
GPIOG
GPIOF
AHB2
AHB2OTFDEC1
AHB1
GPIOE
GPIOD
GPIOC
GPIOB
GPIOA
MPCBB2
MPCBB1
MPCWM2
MPCWM1
TZIC
TZSC
EXTI
Flash memory
RCC
DMAMUX1
DMA2
DMA1
APB2SYSCFG
APB1
PWR
RTC
30/323DS12736 Rev 2
Loading...
+ 293 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.