diff --git a/core/embed/boardloader/main.c b/core/embed/boardloader/main.c
index 1708dcf98..21abe992f 100644
--- a/core/embed/boardloader/main.c
+++ b/core/embed/boardloader/main.c
@@ -247,6 +247,8 @@ int main(void) {
delete_secrets();
NVIC_SystemReset();
}
+
+ trustzone_init_boardloader();
#endif
#ifdef STM32F4
@@ -259,11 +261,6 @@ int main(void) {
sdram_init();
#endif
-#ifdef STM32U5
- trustzone_init();
- trustzone_run();
-#endif
-
display_init();
display_clear();
diff --git a/core/embed/trezorhal/stm32u5/lowlevel.c b/core/embed/trezorhal/stm32u5/lowlevel.c
index 3e10cd462..8aa1e29b5 100644
--- a/core/embed/trezorhal/stm32u5/lowlevel.c
+++ b/core/embed/trezorhal/stm32u5/lowlevel.c
@@ -50,15 +50,15 @@
#if defined STM32U5A9xx | defined STM32U5G9xx
#define SEC_AREA_1_PAGE_START 0
#define HDP_AREA_1_PAGE_END 1
-#define SEC_AREA_1_PAGE_END 0xFF
-#define SEC_AREA_2_PAGE_START 0
-#define SEC_AREA_2_PAGE_END 0xFF
+#define SEC_AREA_1_PAGE_END 0x07
+#define SEC_AREA_2_PAGE_START 0xFF
+#define SEC_AREA_2_PAGE_END 0x00
#elif define STM32U585xx
#define SEC_AREA_1_PAGE_START 0
#define HDP_AREA_1_PAGE_END 1
-#define SEC_AREA_1_PAGE_END 0x7F
-#define SEC_AREA_2_PAGE_START 0
-#define SEC_AREA_2_PAGE_END 0x7F
+#define SEC_AREA_1_PAGE_END 0x07
+#define SEC_AREA_2_PAGE_START 0x7F
+#define SEC_AREA_2_PAGE_END 0x00
#else
#error Unknown MCU
#endif
diff --git a/core/embed/trezorhal/stm32u5/mpu.c b/core/embed/trezorhal/stm32u5/mpu.c
index eee1463d9..1cffe7dbb 100644
--- a/core/embed/trezorhal/stm32u5/mpu.c
+++ b/core/embed/trezorhal/stm32u5/mpu.c
@@ -122,21 +122,20 @@ static void mpu_set_attributes() {
#define SIZE_4M (4 * 1024 * 1024)
#define SIZE_16M (16 * 1024 * 1024)
#define SIZE_256M (256 * 1024 * 1024)
-#define SIZE_512M (512 * 1024 * 1024)
void mpu_config_boardloader() {
HAL_MPU_Disable();
mpu_set_attributes();
// clang-format off
// REGION ADDRESS SIZE TYPE WRITE UNPRIV
- SET_REGION( 0, FLASH_BASE_S, SIZE_16K, FLASH_DATA, YES, YES ); // Secret
- SET_REGION( 1, FLASH_BASE_S + SIZE_16K, SIZE_48K, FLASH_CODE, NO, YES ); // Boardloader code
- SET_REGION( 2, FLASH_BASE_S + SIZE_64K, SIZE_4032K, FLASH_DATA, YES, YES ); // Bootloader + Storage + Firmware
- SET_REGION( 3, SRAM1_BASE_S, SIZE_768K, SRAM, YES, YES ); // SRAM1
- SET_REGION( 4, SRAM2_BASE_S + 0x100, SIZE_1728K - 0x100, SRAM, YES, YES ); // SRAM2/3/5 + stack guard
- SET_REGION( 5, GFXMMU_BUFFERS_S, SIZE_16M, SRAM, YES, YES ); // Frame buffer
- SET_REGION( 6, PERIPH_BASE_S, SIZE_256M, PERIPHERAL, YES, YES ); // Peripherals
- SET_REGION( 7, FLASH_BASE_NS, SIZE_4M, FLASH_DATA, YES, YES ); //
+ SET_REGION( 0, FLASH_BASE_S, SIZE_16K, FLASH_DATA, YES, NO ); // Secret
+ SET_REGION( 1, FLASH_BASE_S + SIZE_16K, SIZE_48K, FLASH_CODE, NO, NO ); // Boardloader code
+ SET_REGION( 2, FLASH_BASE_S + SIZE_64K, SIZE_4032K, FLASH_DATA, YES, NO ); // Bootloader + Storage + Firmware
+ SET_REGION( 3, SRAM1_BASE_S, SIZE_768K, SRAM, YES, NO ); // SRAM1
+ SET_REGION( 4, SRAM2_BASE_S + 0x100, SIZE_1728K - 0x100, SRAM, YES, NO ); // SRAM2/3/5 + stack guard
+ SET_REGION( 5, GFXMMU_BUFFERS_S, SIZE_16M, SRAM, YES, NO ); // Frame buffer
+ SET_REGION( 6, PERIPH_BASE_S, SIZE_256M, PERIPHERAL, YES, NO ); // Peripherals
+ DIS_REGION( 7 );
// clang-format on
HAL_MPU_Enable(LL_MPU_CTRL_HARDFAULT_NMI);
}
@@ -146,14 +145,14 @@ void mpu_config_bootloader() {
mpu_set_attributes();
// clang-format off
// REGION ADDRESS SIZE TYPE WRITE UNPRIV
- SET_REGION( 0, FLASH_BASE_S, SIZE_64K, FLASH_DATA, YES, YES ); // Secret + Boardloader
- SET_REGION( 1, FLASH_BASE_S + SIZE_64K, SIZE_128K, FLASH_CODE, NO, YES ); // Bootloader code
- SET_REGION( 2, FLASH_BASE_S + SIZE_192K, SIZE_3904K, FLASH_DATA, YES, YES ); // Storage + Firmware
- SET_REGION( 3, SRAM1_BASE_S, SIZE_768K, SRAM, YES, YES ); // SRAM1
- SET_REGION( 4, SRAM2_BASE_S + 0x100, SIZE_1728K - 0x100, SRAM, YES, YES ); // SRAM2/3/5 + stack guard
- SET_REGION( 5, GFXMMU_BUFFERS_S, SIZE_16M, SRAM, YES, YES ); // Frame buffer
- SET_REGION( 6, PERIPH_BASE_S, SIZE_256M, PERIPHERAL, YES, YES ); // Peripherals
- SET_REGION( 7, FLASH_OTP_BASE, FLASH_OTP_SIZE, FLASH_DATA, YES, YES ); // OTP
+ SET_REGION( 0, FLASH_BASE_S, SIZE_64K, FLASH_DATA, YES, NO ); // Secret + Boardloader
+ SET_REGION( 1, FLASH_BASE_S + SIZE_64K, SIZE_128K, FLASH_CODE, NO, NO ); // Bootloader code
+ SET_REGION( 2, FLASH_BASE_S + SIZE_192K, SIZE_3904K, FLASH_DATA, YES, NO ); // Storage + Firmware
+ SET_REGION( 3, SRAM1_BASE_S, SIZE_768K, SRAM, YES, NO ); // SRAM1
+ SET_REGION( 4, SRAM2_BASE_S + 0x100, SIZE_1728K - 0x100, SRAM, YES, NO ); // SRAM2/3/5 + stack guard
+ SET_REGION( 5, GFXMMU_BUFFERS_S, SIZE_16M, SRAM, YES, NO ); // Frame buffer
+ SET_REGION( 6, PERIPH_BASE_S, SIZE_256M, PERIPHERAL, YES, NO ); // Peripherals
+ SET_REGION( 7, FLASH_OTP_BASE, FLASH_OTP_SIZE, FLASH_DATA, YES, NO ); // OTP
// clang-format on
HAL_MPU_Enable(LL_MPU_CTRL_HARDFAULT_NMI);
}
diff --git a/core/embed/trezorhal/stm32u5/trustzone.c b/core/embed/trezorhal/stm32u5/trustzone.c
index 01556a3f0..1989eb872 100644
--- a/core/embed/trezorhal/stm32u5/trustzone.c
+++ b/core/embed/trezorhal/stm32u5/trustzone.c
@@ -1,200 +1,114 @@
-#include "trustzone.h"
-
-#ifdef BOARDLOADER
+/*
+ * This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+#include
#include STM32_HAL_H
-void trustzone_init(void) {
-#if defined(__SAUREGION_PRESENT) && (__SAUREGION_PRESENT == 1U)
-
-#if defined(SAU_INIT_REGION0) && (SAU_INIT_REGION0 == 1U)
- SAU_INIT_REGION(0);
-#endif
-
-#if defined(SAU_INIT_REGION1) && (SAU_INIT_REGION1 == 1U)
- SAU_INIT_REGION(1);
-#endif
-
-#if defined(SAU_INIT_REGION2) && (SAU_INIT_REGION2 == 1U)
- SAU_INIT_REGION(2);
-#endif
-
-#if defined(SAU_INIT_REGION3) && (SAU_INIT_REGION3 == 1U)
- SAU_INIT_REGION(3);
-#endif
-
-#if defined(SAU_INIT_REGION4) && (SAU_INIT_REGION4 == 1U)
- SAU_INIT_REGION(4);
-#endif
-
-#if defined(SAU_INIT_REGION5) && (SAU_INIT_REGION5 == 1U)
- SAU_INIT_REGION(5);
-#endif
-
-#if defined(SAU_INIT_REGION6) && (SAU_INIT_REGION6 == 1U)
- SAU_INIT_REGION(6);
-#endif
-
-#if defined(SAU_INIT_REGION7) && (SAU_INIT_REGION7 == 1U)
- SAU_INIT_REGION(7);
-#endif
-
- /* repeat this for all possible SAU regions */
-
-#endif /* defined (__SAUREGION_PRESENT) && (__SAUREGION_PRESENT == 1U) */
-
-#if defined(SAU_INIT_CTRL) && (SAU_INIT_CTRL == 1U)
- SAU->CTRL =
- ((SAU_INIT_CTRL_ENABLE << SAU_CTRL_ENABLE_Pos) & SAU_CTRL_ENABLE_Msk) |
- ((SAU_INIT_CTRL_ALLNS << SAU_CTRL_ALLNS_Pos) & SAU_CTRL_ALLNS_Msk);
-#endif
-
-#if defined(SCB_CSR_AIRCR_INIT) && (SCB_CSR_AIRCR_INIT == 1U)
- SCB->SCR = (SCB->SCR & ~(SCB_SCR_SLEEPDEEPS_Msk)) |
- ((SCB_CSR_DEEPSLEEPS_VAL << SCB_SCR_SLEEPDEEPS_Pos) &
- SCB_SCR_SLEEPDEEPS_Msk);
-
- SCB->AIRCR =
- (SCB->AIRCR & ~(SCB_AIRCR_VECTKEY_Msk | SCB_AIRCR_SYSRESETREQS_Msk |
- SCB_AIRCR_BFHFNMINS_Msk | SCB_AIRCR_PRIS_Msk)) |
- ((0x05FAU << SCB_AIRCR_VECTKEY_Pos) & SCB_AIRCR_VECTKEY_Msk) |
- ((SCB_AIRCR_SYSRESETREQS_VAL << SCB_AIRCR_SYSRESETREQS_Pos) &
- SCB_AIRCR_SYSRESETREQS_Msk) |
- ((SCB_AIRCR_PRIS_VAL << SCB_AIRCR_PRIS_Pos) & SCB_AIRCR_PRIS_Msk) |
- ((SCB_AIRCR_BFHFNMINS_VAL << SCB_AIRCR_BFHFNMINS_Pos) &
- SCB_AIRCR_BFHFNMINS_Msk);
-#endif /* defined (SCB_CSR_AIRCR_INIT) && (SCB_CSR_AIRCR_INIT == 1U) */
-
-#if defined(__FPU_USED) && (__FPU_USED == 1U) && defined(TZ_FPU_NS_USAGE) && \
- (TZ_FPU_NS_USAGE == 1U)
-
- SCB->NSACR = (SCB->NSACR & ~(SCB_NSACR_CP10_Msk | SCB_NSACR_CP11_Msk)) |
- ((SCB_NSACR_CP10_11_VAL << SCB_NSACR_CP10_Pos) &
- (SCB_NSACR_CP10_Msk | SCB_NSACR_CP11_Msk));
-
- FPU->FPCCR = (FPU->FPCCR & ~(FPU_FPCCR_TS_Msk | FPU_FPCCR_CLRONRETS_Msk |
- FPU_FPCCR_CLRONRET_Msk)) |
- ((FPU_FPCCR_TS_VAL << FPU_FPCCR_TS_Pos) & FPU_FPCCR_TS_Msk) |
- ((FPU_FPCCR_CLRONRETS_VAL << FPU_FPCCR_CLRONRETS_Pos) &
- FPU_FPCCR_CLRONRETS_Msk) |
- ((FPU_FPCCR_CLRONRET_VAL << FPU_FPCCR_CLRONRET_Pos) &
- FPU_FPCCR_CLRONRET_Msk);
-#endif
-
-#if defined(NVIC_INIT_ITNS0) && (NVIC_INIT_ITNS0 == 1U)
- NVIC->ITNS[0] = NVIC_INIT_ITNS0_VAL;
-#endif
-
-#if defined(NVIC_INIT_ITNS1) && (NVIC_INIT_ITNS1 == 1U)
- NVIC->ITNS[1] = NVIC_INIT_ITNS1_VAL;
-#endif
-
-#if defined(NVIC_INIT_ITNS2) && (NVIC_INIT_ITNS2 == 1U)
- NVIC->ITNS[2] = NVIC_INIT_ITNS2_VAL;
-#endif
-
-#if defined(NVIC_INIT_ITNS3) && (NVIC_INIT_ITNS3 == 1U)
- NVIC->ITNS[3] = NVIC_INIT_ITNS3_VAL;
-#endif
+#ifdef BOARDLOADER
-#if defined(NVIC_INIT_ITNS4) && (NVIC_INIT_ITNS4 == 1U)
- NVIC->ITNS[4] = NVIC_INIT_ITNS4_VAL;
-#endif
+// Configure ARMCortex-M33 SCB and FPU security
+static void trustzone_configure_arm(void) {
+ // Enable FPU in both secure and non-secure modes
+ SCB->NSACR |= SCB_NSACR_CP10_Msk | SCB_NSACR_CP11_Msk;
+
+ // Treat FPU registers as non-secure
+ FPU->FPCCR &= ~FPU_FPCCR_TS_Msk;
+ // CLRONRET field is accessible from both security states
+ FPU->FPCCR &= ~FPU_FPCCR_CLRONRETS_Msk;
+ // FPU registers are cleared on exception return
+ FPU->FPCCR |= FPU_FPCCR_CLRONRET_Msk;
}
-void trustzone_run(void) {
- uint32_t index;
- MPCBB_ConfigTypeDef MPCBB_desc;
-
- /* Enable GTZC peripheral clock */
- __HAL_RCC_GTZC1_CLK_ENABLE();
- __HAL_RCC_GTZC2_CLK_ENABLE();
-
- /* -------------------------------------------------------------------------*/
- /* Memory isolation configuration */
- /* Initializes the memory that secure application books for non secure */
- /* -------------------------------------------------------------------------*/
-
- /* -------------------------------------------------------------------------*/
- /* Internal RAM : */
- /* The booking is done through GTZC MPCBB. */
- /* Internal SRAMs are secured by default and configured by block */
- /* of 512 bytes. */
-
- MPCBB_desc.SecureRWIllegalMode = GTZC_MPCBB_SRWILADIS_DISABLE;
- MPCBB_desc.InvertSecureState = GTZC_MPCBB_INVSECSTATE_NOT_INVERTED;
- MPCBB_desc.AttributeConfig.MPCBB_LockConfig_array[0] =
- 0x00000000U; /* Unlocked configuration */
-
- for (index = 0; index < 52; index++) {
- MPCBB_desc.AttributeConfig.MPCBB_SecConfig_array[index] = 0xFFFFFFFFU;
- MPCBB_desc.AttributeConfig.MPCBB_PrivConfig_array[index] = 0x00000000U;
+// Configure SRAM security
+static void trustzone_configure_sram(void) {
+ MPCBB_ConfigTypeDef mpcbb = {0};
+
+ // No exceptions on illegal access
+ mpcbb.SecureRWIllegalMode = GTZC_MPCBB_SRWILADIS_DISABLE;
+ // Settings of SRAM clock in RCC is secure
+ mpcbb.InvertSecureState = GTZC_MPCBB_INVSECSTATE_NOT_INVERTED;
+ // Set configuration as unlocked
+ mpcbb.AttributeConfig.MPCBB_LockConfig_array[0] = 0x00000000U;
+
+ // Set all blocks secured & unprivileged
+ for (int index = 0; index < 52; index++) {
+ mpcbb.AttributeConfig.MPCBB_SecConfig_array[index] = 0xFFFFFFFFU;
+ mpcbb.AttributeConfig.MPCBB_PrivConfig_array[index] = 0x00000000U;
}
- HAL_GTZC_MPCBB_ConfigMem(SRAM1_BASE, &MPCBB_desc);
- HAL_GTZC_MPCBB_ConfigMem(SRAM2_BASE, &MPCBB_desc);
- HAL_GTZC_MPCBB_ConfigMem(SRAM3_BASE, &MPCBB_desc);
- HAL_GTZC_MPCBB_ConfigMem(SRAM4_BASE, &MPCBB_desc);
+ HAL_GTZC_MPCBB_ConfigMem(SRAM1_BASE, &mpcbb);
+ HAL_GTZC_MPCBB_ConfigMem(SRAM2_BASE, &mpcbb);
+ HAL_GTZC_MPCBB_ConfigMem(SRAM3_BASE, &mpcbb);
+ HAL_GTZC_MPCBB_ConfigMem(SRAM4_BASE, &mpcbb);
#if defined STM32U5A9xx | defined STM32U5G9xx
- HAL_GTZC_MPCBB_ConfigMem(SRAM5_BASE, &MPCBB_desc);
+ HAL_GTZC_MPCBB_ConfigMem(SRAM5_BASE, &mpcbb);
#endif
#if defined STM32U5G9xx
- HAL_GTZC_MPCBB_ConfigMem(SRAM6_BASE, &MPCBB_desc);
+ HAL_GTZC_MPCBB_ConfigMem(SRAM6_BASE, &mpcbb);
#endif
+}
- /* -------------------------------------------------------------------------*/
- /* Internal Flash */
- /* The booking is done in both IDAU/SAU and FLASH interface */
-
- /* Flash memory is secured by default and modified with Option Byte Loading */
- /* Insure SECWM2_PSTRT > SECWM2_PEND in order to have all Bank2 non-secure */
+// Configure FLASH security
+static void trustzone_configure_flash(void) {
+ FLASH_BBAttributesTypeDef flash_bb = {0};
- /* -------------------------------------------------------------------------*/
- /* External OctoSPI memory */
- /* The booking is done in both IDAU/SAU and GTZC MPCWM interface */
+ // Set all blocks as secured
+ for (int index = 0; index < FLASH_BLOCKBASED_NB_REG; index++) {
+ flash_bb.BBAttributes_array[index] = 0xFFFFFFFF;
+ }
- /* Default secure configuration */
- /* Else need to use HAL_GTZC_TZSC_MPCWM_ConfigMemAttributes() */
+ flash_bb.Bank = FLASH_BANK_1;
+ flash_bb.BBAttributesType = FLASH_BB_SEC;
+ HAL_FLASHEx_ConfigBBAttributes(&flash_bb);
- /* -------------------------------------------------------------------------*/
- /* External NOR/FMC memory */
- /* The booking is done in both IDAU/SAU and GTZC MPCWM interface */
+ flash_bb.Bank = FLASH_BANK_2;
+ flash_bb.BBAttributesType = FLASH_BB_SEC;
+ HAL_FLASHEx_ConfigBBAttributes(&flash_bb);
+}
- /* Default secure configuration */
- /* Else need to use HAL_GTZC_TZSC_MPCWM_ConfigMemAttributes() */
+void trustzone_init_boardloader(void) {
+ // Configure ARM SCB/FBU security
+ trustzone_configure_arm();
- /* -------------------------------------------------------------------------*/
- /* External NAND/FMC memory */
- /* The booking is done in both IDAU/SAU and GTZC MPCWM interface */
+ // Enable GTZC (Global Trust-Zone Controller) peripheral clock
+ __HAL_RCC_GTZC1_CLK_ENABLE();
+ __HAL_RCC_GTZC2_CLK_ENABLE();
- /* Default secure configuration */
- /* Else need to use HAL_GTZC_TZSC_MPCWM_ConfigMemAttributes() */
+ // Configure SRAM security attributes
+ trustzone_configure_sram();
- /* -------------------------------------------------------------------------*/
- /* Peripheral isolation configuration */
- /* Initializes the peripherals and features that secure application books */
- /* for secure (RCC, PWR, RTC, EXTI, DMA, OTFDEC, etc..) or leave them to */
- /* non-secure (GPIO (secured by default)) */
- /* -------------------------------------------------------------------------*/
+ // Configure FLASH security attributes
+ trustzone_configure_flash();
-#if defined STM32U5A9xx | defined STM32U5G9xx
- HAL_GTZC_TZSC_ConfigPeriphAttributes(GTZC_PERIPH_LTDC, GTZC_TZSC_PERIPH_SEC);
- HAL_GTZC_TZSC_ConfigPeriphAttributes(GTZC_PERIPH_DSI, GTZC_TZSC_PERIPH_SEC);
- HAL_GTZC_TZSC_ConfigPeriphAttributes(GTZC_PERIPH_GFXMMU,
- GTZC_TZSC_PERIPH_SEC);
- HAL_GTZC_TZSC_ConfigPeriphAttributes(GTZC_PERIPH_GFXMMU_REG,
- GTZC_TZSC_PERIPH_SEC);
-#endif
- HAL_GTZC_TZSC_ConfigPeriphAttributes(GTZC_PERIPH_DMA2D, GTZC_TZSC_PERIPH_SEC);
+ // Make all peripherals secure
+ HAL_GTZC_TZSC_ConfigPeriphAttributes(GTZC_PERIPH_ALL, GTZC_TZSC_PERIPH_SEC);
- /* Clear all illegal access flags in GTZC TZIC */
+ // Clear all illegal access flags in GTZC TZIC
HAL_GTZC_TZIC_ClearFlag(GTZC_PERIPH_ALL);
- /* Enable all illegal access interrupts in GTZC TZIC */
+ // Enable all illegal access interrupts in GTZC TZIC
HAL_GTZC_TZIC_EnableIT(GTZC_PERIPH_ALL);
- /* Enable GTZC secure interrupt */
- HAL_NVIC_SetPriority(GTZC_IRQn, 0, 0); /* Highest priority level */
+ // Enable GTZC secure interrupt
+ HAL_NVIC_SetPriority(GTZC_IRQn, 0, 0); // Highest priority level
HAL_NVIC_EnableIRQ(GTZC_IRQn);
}
-#endif
+
+#endif // BOARDLOADER
diff --git a/core/embed/trezorhal/trustzone.h b/core/embed/trezorhal/trustzone.h
index b0ceaeb2e..a132bcb6b 100644
--- a/core/embed/trezorhal/trustzone.h
+++ b/core/embed/trezorhal/trustzone.h
@@ -1,574 +1,31 @@
+/*
+ * This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
#ifndef __TREZORHAL_TRUSTZONE__
#define __TREZORHAL_TRUSTZONE__
#ifdef BOARDLOADER
-#define CMSE_NS_CALL __attribute((cmse_nonsecure_call))
-#define CMSE_NS_ENTRY __attribute((cmse_nonsecure_entry))
-
-typedef void CMSE_NS_CALL (*funcptr)(void);
-
-/* typedef for non-secure callback functions */
-typedef funcptr funcptr_NS;
-
-#include STM32_HAL_H
-
-/*
-//-------- <<< Use Configuration Wizard in Context Menu >>> -----------------
-*/
-
-/*
-// Initialize Security Attribution Unit (SAU) CTRL register
-*/
-#define SAU_INIT_CTRL 1
-
-/*
-// Enable SAU
-// Value for SAU->CTRL register bit ENABLE
-*/
-#define SAU_INIT_CTRL_ENABLE 0
-
-/*
-// When SAU is disabled
-// <0=> All Memory is Secure
-// <1=> All Memory is Non-Secure
-// Value for SAU->CTRL register bit ALLNS
-// When all Memory is Non-Secure (ALLNS is 1), IDAU can override memory
-map configuration.
-*/
-#define SAU_INIT_CTRL_ALLNS 1
-
-/*
-//
-*/
-
-/*
-// Initialize Security Attribution Unit (SAU) Address Regions
-// SAU configuration specifies regions to be one of:
-// - Secure and Non-Secure Callable
-// - Non-Secure
-// Note: All memory regions not configured by SAU are Secure
-*/
-#define SAU_REGIONS_MAX 8 /* Max. number of SAU regions */
-
-/*
-// Initialize SAU Region 0
-// Setup SAU Region 0 memory attributes
-*/
-#define SAU_INIT_REGION0 0
-
-/*
-// Start Address <0-0xFFFFFFE0>
-*/
-#define SAU_INIT_START0 0x0C1FE000 /* start address of SAU region 0 */
-
-/*
-// End Address <0x1F-0xFFFFFFFF>
-*/
-#define SAU_INIT_END0 0x0C1FFFFF /* end address of SAU region 0 */
-
-/*
-// Region is
-// <0=>Non-Secure
-// <1=>Secure, Non-Secure Callable
-*/
-#define SAU_INIT_NSC0 1
-/*
-//
-*/
-
-/*
-// Initialize SAU Region 1
-// Setup SAU Region 1 memory attributes
-*/
-#define SAU_INIT_REGION1 0
-
-/*
-// Start Address <0-0xFFFFFFE0>
-*/
-#define SAU_INIT_START1 0x08200000 /* start address of SAU region 1 */
-
-/*
-// End Address <0x1F-0xFFFFFFFF>
-*/
-#define SAU_INIT_END1 0x083FFFFF /* end address of SAU region 1 */
-
-/*
-// Region is
-// <0=>Non-Secure
-// <1=>Secure, Non-Secure Callable
-*/
-#define SAU_INIT_NSC1 0
-/*
-//
-*/
-
-/*
-// Initialize SAU Region 2
-// Setup SAU Region 2 memory attributes
-*/
-#define SAU_INIT_REGION2 0
-
-/*
-// Start Address <0-0xFFFFFFE0>
-*/
-#define SAU_INIT_START2 0x200D0000 /* start address of SAU region 2 */
-
-/*
-// End Address <0x1F-0xFFFFFFFF>
-*/
-#define SAU_INIT_END2 0x2026FFFF /* end address of SAU region 2 */
-
-/*
-// Region is
-// <0=>Non-Secure
-// <1=>Secure, Non-Secure Callable
-*/
-#define SAU_INIT_NSC2 0
-/*
-//
-*/
-
-/*
-// Initialize SAU Region 3
-// Setup SAU Region 3 memory attributes
-*/
-#define SAU_INIT_REGION3 0
-
-/*
-// Start Address <0-0xFFFFFFE0>
-*/
-#define SAU_INIT_START3 0x40000000 /* start address of SAU region 3 */
-/*
-// End Address <0x1F-0xFFFFFFFF>
-*/
-#define SAU_INIT_END3 0x4FFFFFFF /* end address of SAU region 3 */
-
-/*
-// Region is
-// <0=>Non-Secure
-// <1=>Secure, Non-Secure Callable
-*/
-#define SAU_INIT_NSC3 0
-/*
-//
-*/
-
-/*
-// Initialize SAU Region 4
-// Setup SAU Region 4 memory attributes
-*/
-#define SAU_INIT_REGION4 0
+// Provides initial security configuration of CPU and GTZC
+// in the board-loader
+void trustzone_init_boardloader(void);
-/*
-// Start Address <0-0xFFFFFFE0>
-*/
-#define SAU_INIT_START4 0x60000000 /* start address of SAU region 4 */
+#endif // BOARDLOADER
-/*
-// End Address <0x1F-0xFFFFFFFF>
-*/
-#define SAU_INIT_END4 0xAFFFFFFF /* end address of SAU region 4 */
-
-/*
-// Region is
-// <0=>Non-Secure
-// <1=>Secure, Non-Secure Callable
-*/
-#define SAU_INIT_NSC4 0
-/*
-//
-*/
-
-/*
-// Initialize SAU Region 5
-// Setup SAU Region 5 memory attributes
-*/
-#define SAU_INIT_REGION5 0
-
-/*
-// Start Address <0-0xFFFFFFE0>
-*/
-#define SAU_INIT_START5 0x0BF90000 /* start address of SAU region 5 */
-
-/*
-// End Address <0x1F-0xFFFFFFFF>
-*/
-#define SAU_INIT_END5 0x0BFA8FFF /* end address of SAU region 5 */
-
-/*
-// Region is
-// <0=>Non-Secure
-// <1=>Secure, Non-Secure Callable
-*/
-#define SAU_INIT_NSC5 0
-/*
-//
-*/
-
-/*
-// Initialize SAU Region 6
-// Setup SAU Region 6 memory attributes
-*/
-#define SAU_INIT_REGION6 0
-
-/*
-// Start Address <0-0xFFFFFFE0>
-*/
-#define SAU_INIT_START6 0x00000000 /* start address of SAU region 6 */
-
-/*
-// End Address <0x1F-0xFFFFFFFF>
-*/
-#define SAU_INIT_END6 0x00000000 /* end address of SAU region 6 */
-
-/*
-// Region is
-// <0=>Non-Secure
-// <1=>Secure, Non-Secure Callable
-*/
-#define SAU_INIT_NSC6 0
-/*
-//
-*/
-
-/*
-// Initialize SAU Region 7
-// Setup SAU Region 7 memory attributes
-*/
-#define SAU_INIT_REGION7 0
-
-/*
-// Start Address <0-0xFFFFFFE0>
-*/
-#define SAU_INIT_START7 0x00000000 /* start address of SAU region 7 */
-
-/*
-// End Address <0x1F-0xFFFFFFFF>
-*/
-#define SAU_INIT_END7 0x00000000 /* end address of SAU region 7 */
-
-/*
-// Region is
-// <0=>Non-Secure
-// <1=>Secure, Non-Secure Callable
-*/
-#define SAU_INIT_NSC7 0
-/*
-//
-*/
-
-/*
-//
-*/
-
-/*
-// Setup behaviour of Sleep and Exception Handling
-*/
-#define SCB_CSR_AIRCR_INIT 0
-
-/*
-// Deep Sleep can be enabled by
-// <0=>Secure and Non-Secure state
-// <1=>Secure state only
-// Value for SCB->CSR register bit DEEPSLEEPS
-*/
-#define SCB_CSR_DEEPSLEEPS_VAL 0
-
-/*
-// System reset request accessible from
-// <0=> Secure and Non-Secure state
-// <1=> Secure state only
-// Value for SCB->AIRCR register bit SYSRESETREQS
-*/
-#define SCB_AIRCR_SYSRESETREQS_VAL 0
-
-/*
-// Priority of Non-Secure exceptions is
-// <0=> Not altered
-// <1=> Lowered to 0x04-0x07
-// Value for SCB->AIRCR register bit PRIS
-*/
-#define SCB_AIRCR_PRIS_VAL 0
-
-/*
-// BusFault, HardFault, and NMI target
-// <0=> Secure state
-// <1=> Non-Secure state
-// Value for SCB->AIRCR register bit BFHFNMINS
-*/
-#define SCB_AIRCR_BFHFNMINS_VAL 0
-
-/*
-//
-*/
-
-/*
-// Setup behaviour of Floating Point Unit
-*/
-#define TZ_FPU_NS_USAGE 1
-
-/*
-// Floating Point Unit usage
-// <0=> Secure state only
-// <3=> Secure and Non-Secure state
-// Value for SCB->NSACR register bits CP10, CP11
-*/
-#define SCB_NSACR_CP10_11_VAL 3
-
-/*
-// Treat floating-point registers as Secure
-// <0=> Disabled
-// <1=> Enabled
-// Value for FPU->FPCCR register bit TS
-*/
-#define FPU_FPCCR_TS_VAL 0
-
-/*
-// Clear on return (CLRONRET) accessibility
-// <0=> Secure and Non-Secure state
-// <1=> Secure state only
-// Value for FPU->FPCCR register bit CLRONRETS
-*/
-#define FPU_FPCCR_CLRONRETS_VAL 0
-
-/*
-// Clear floating-point caller saved registers on exception return
-// <0=> Disabled
-// <1=> Enabled
-// Value for FPU->FPCCR register bit CLRONRET
-*/
-#define FPU_FPCCR_CLRONRET_VAL 1
-
-/*
-//
-*/
-
-/*
-// Setup Interrupt Target
-*/
-
-/*
-// Initialize ITNS 0 (Interrupts 0..31)
-*/
-#define NVIC_INIT_ITNS0 1
-
-/*
-// Interrupts 0..31
-// WWDG_IRQn <0=> Secure state <1=> Non-Secure state
-// PVD_PVM_IRQn <0=> Secure state <1=> Non-Secure state
-// RTC_IRQn <0=> Secure state <1=> Non-Secure state
-// RTC_S_IRQn <0=> Secure state <1=> Non-Secure state
-// TAMP_IRQn <0=> Secure state <1=> Non-Secure state
-// RAMCFG_IRQn <0=> Secure state <1=> Non-Secure state
-// FLASH_IRQn <0=> Secure state <1=> Non-Secure state
-// FLASH_S_IRQn <0=> Secure state <1=> Non-Secure state
-// GTZC_IRQn <0=> Secure state <1=> Non-Secure state
-// RCC_IRQn <0=> Secure state <1=> Non-Secure state
-// RCC_S_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI0_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI1_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI2_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI3_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI4_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI5_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI6_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI7_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI8_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI9_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI10_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI11_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI12_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI13_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI14_IRQn <0=> Secure state <1=> Non-Secure state
-// EXTI15_IRQn <0=> Secure state <1=> Non-Secure state
-// IWDG_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel0_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel1_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel2_IRQn <0=> Secure state <1=> Non-Secure state
-*/
-#define NVIC_INIT_ITNS0_VAL 0x00000000
-
-/*
-//
-*/
-
-/*
-// Initialize ITNS 1 (Interrupts 32..63)
-*/
-#define NVIC_INIT_ITNS1 1
-
-/*
-// Interrupts 32..63
-// GPDMA1_Channel3_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel4_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel5_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel6_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel7_IRQn <0=> Secure state <1=> Non-Secure state
-// ADC1_IRQn <0=> Secure state <1=> Non-Secure state
-// DAC1_IRQn <0=> Secure state <1=> Non-Secure state
-// FDCAN1_IT0_IRQn <0=> Secure state <1=> Non-Secure state
-// FDCAN1_IT1_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM1_BRK_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM1_UP_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM1_TRG_COM_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM1_CC_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM2_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM3_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM4_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM5_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM6_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM7_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM8_BRK_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM8_UP_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM8_TRG_COM_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM8_CC_IRQn <0=> Secure state <1=> Non-Secure state
-// I2C1_EV_IRQn <0=> Secure state <1=> Non-Secure state
-// I2C1_ER_IRQn <0=> Secure state <1=> Non-Secure state
-// I2C2_EV_IRQn <0=> Secure state <1=> Non-Secure state
-// I2C2_ER_IRQn <0=> Secure state <1=> Non-Secure state
-// SPI1_IRQn <0=> Secure state <1=> Non-Secure state
-// SPI2_IRQn <0=> Secure state <1=> Non-Secure state
-// USART1_IRQn <0=> Secure state <1=> Non-Secure state
-// USART2_IRQn <0=> Secure state <1=> Non-Secure state
-// USART3_IRQn <0=> Secure state <1=> Non-Secure state
-*/
-#define NVIC_INIT_ITNS1_VAL 0x00000000
-
-/*
-//
-*/
-
-/*
-// Initialize ITNS 2 (Interrupts 64..95)
-*/
-#define NVIC_INIT_ITNS2 1
-
-/*
-// Interrupts 64..95
-// UART4_IRQn <0=> Secure state <1=> Non-Secure state
-// UART5_IRQn <0=> Secure state <1=> Non-Secure state
-// LPUART1_IRQn <0=> Secure state <1=> Non-Secure state
-// LPTIM1_IRQn <0=> Secure state <1=> Non-Secure state
-// LPTIM2_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM15_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM16_IRQn <0=> Secure state <1=> Non-Secure state
-// TIM17_IRQn <0=> Secure state <1=> Non-Secure state
-// COMP_IRQn <0=> Secure state <1=> Non-Secure state
-// OTG_HS_IRQn <0=> Secure state <1=> Non-Secure state
-// CRS_IRQn <0=> Secure state <1=> Non-Secure state
-// FMC_IRQn <0=> Secure state <1=> Non-Secure state
-// OCTOSPI1_IRQn <0=> Secure state <1=> Non-Secure state
-// PWR_S3WU_IRQn <0=> Secure state <1=> Non-Secure state
-// SDMMC1_IRQn <0=> Secure state <1=> Non-Secure state
-// SDMMC2_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel8_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel9_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel10_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel11_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel12_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel13_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel14_IRQn <0=> Secure state <1=> Non-Secure state
-// GPDMA1_Channel15_IRQn <0=> Secure state <1=> Non-Secure state
-// I2C3_EV_IRQn <0=> Secure state <1=> Non-Secure state
-// I2C3_ER_IRQn <0=> Secure state <1=> Non-Secure state
-// SAI1_IRQn <0=> Secure state <1=> Non-Secure state
-// SAI2_IRQn <0=> Secure state <1=> Non-Secure state
-// TSC_IRQn <0=> Secure state <1=> Non-Secure state
-// RNG_IRQn <0=> Secure state <1=> Non-Secure state
-// FPU_IRQn <0=> Secure state <1=> Non-Secure state
-*/
-#define NVIC_INIT_ITNS2_VAL 0x00000000
-
-/*
-//
-*/
-
-/*
-// Initialize ITNS 3 (Interrupts 96..127)
-*/
-#define NVIC_INIT_ITNS3 1
-
-/*
-// Interrupts 96..127
-// HASH_IRQn <0=> Secure state <1=> Non-Secure state
-// LPTIM3_IRQn <0=> Secure state <1=> Non-Secure state
-// SPI3_IRQn <0=> Secure state <1=> Non-Secure state
-// I2C4_ER_IRQn <0=> Secure state <1=> Non-Secure state
-// I2C4_EV_IRQn <0=> Secure state <1=> Non-Secure state
-// MDF1_FLT0_IRQn <0=> Secure state <1=> Non-Secure state
-// MDF1_FLT1_IRQn <0=> Secure state <1=> Non-Secure state
-// MDF1_FLT2_IRQn <0=> Secure state <1=> Non-Secure state
-// MDF1_FLT3_IRQn <0=> Secure state <1=> Non-Secure state
-// UCPD1_IRQn <0=> Secure state <1=> Non-Secure state
-// ICACHE_IRQn <0=> Secure state <1=> Non-Secure state
-// LPTIM4_IRQn <0=> Secure state <1=> Non-Secure state
-// DCACHE1_IRQn <0=> Secure state <1=> Non-Secure state
-// ADF1_IRQn <0=> Secure state <1=> Non-Secure state
-// ADC4_IRQn <0=> Secure state <1=> Non-Secure state
-// LPDMA1_Channel0_IRQn <0=> Secure state <1=> Non-Secure state
-// LPDMA1_Channel1_IRQn <0=> Secure state <1=> Non-Secure state
-// LPDMA1_Channel2_IRQn <0=> Secure state <1=> Non-Secure state
-// LPDMA1_Channel3_IRQn <0=> Secure state <1=> Non-Secure state
-// DMA2D_IRQn <0=> Secure state <1=> Non-Secure state
-// DCMI_PSSI_IRQn <0=> Secure state <1=> Non-Secure state
-// OCTOSPI2_IRQn <0=> Secure state <1=> Non-Secure state
-// MDF1_FLT4_IRQn <0=> Secure state <1=> Non-Secure state
-// MDF1_FLT5_IRQn <0=> Secure state <1=> Non-Secure state
-// CORDIC_IRQn <0=> Secure state <1=> Non-Secure state
-// FMAC_IRQn <0=> Secure state <1=> Non-Secure state
-// USART6_IRQn <0=> Secure state <1=> Non-Secure state
-// I2C5_ER_IRQn <0=> Secure state <1=> Non-Secure state
-*/
-#define NVIC_INIT_ITNS3_VAL 0x00000000
-
-/*
-//
-*/
-
-/*
-// Initialize ITNS 4 (Interrupts 109..138)
-*/
-#define NVIC_INIT_ITNS4 1
-
-/*
-// Interrupts 96..138
-// I2C5_EV_IRQn <0=> Secure state <1=> Non-Secure state
-// I2C6_ER_IRQn <0=> Secure state <1=> Non-Secure state
-// I2C6_EV_IRQn <0=> Secure state <1=> Non-Secure state
-// HSPI1_IRQn <0=> Secure state <1=> Non-Secure state
-// GPU2D_IRQn <0=> Secure state <1=> Non-Secure state
-// GPU2D_ER_IRQn <0=> Secure state <1=> Non-Secure state
-// GFXMMU_IRQn <0=> Secure state <1=> Non-Secure state
-// LTDC_IRQn <0=> Secure state <1=> Non-Secure state
-// LTDC_ER_IRQn <0=> Secure state <1=> Non-Secure state
-// DSI_IRQn <0=> Secure state <1=> Non-Secure state
-// DCACHE2_IRQn <0=> Secure state <1=> Non-Secure state
-*/
-#define NVIC_INIT_ITNS4_VAL 0x00000000
-
-/*
-//
-*/
-
-/*
-//
-*/
-
-/*
- max 8 SAU regions.
- SAU regions are defined in partition.h
- */
-
-#define SAU_INIT_REGION(n) \
- SAU->RNR = (n & SAU_RNR_REGION_Msk); \
- SAU->RBAR = (SAU_INIT_START##n & SAU_RBAR_BADDR_Msk); \
- SAU->RLAR = (SAU_INIT_END##n & SAU_RLAR_LADDR_Msk) | \
- ((SAU_INIT_NSC##n << SAU_RLAR_NSC_Pos) & SAU_RLAR_NSC_Msk) | 1U
-
-extern void trustzone_init(void);
-
-extern void trustzone_run(void);
-
-#endif
#endif