efa2a95163
- Update TrustedFirmare-M instructions to latest version of STM32CubeL5 - Increase idle thread stack size to not overflow during system init - Select ARCH_HAVE_TRUSTZONE for STM32L5 - Set CONFIG_ARCH_TRUSTZONE_NONSECURE for stm32l562e-dk:nsh, since NuttX is running in the Non-secure world. See https://github.com/apache/nuttx/issues/9316 Signed-off-by: Michael Jung <michael.jung@secore.ly>
264 lines
9.8 KiB
Plaintext
264 lines
9.8 KiB
Plaintext
STM32L562E-DK README
|
|
====================
|
|
|
|
This README file discusses the port of NuttX to the STMicro STM32L562E-DK
|
|
board. That board features the STM32L562QEI6QU MCU with 512KiB of FLASH
|
|
and 256KiB of SRAM.
|
|
|
|
This port is a proof-of-concept to demonstrate running NuttX in the Non-
|
|
Secure TrustZone domain as a companion to TrustedFirmware-M (TFM). Running
|
|
NuttX on the STM32L562E-DK without TFM is currently not supported.
|
|
|
|
Contents
|
|
========
|
|
|
|
- Status
|
|
- LEDs
|
|
- Buttons
|
|
- Serial Console
|
|
- TrustedFirmware-M
|
|
- Configurations
|
|
|
|
Status
|
|
======
|
|
2021-03-03: The board now boots and the basic NSH configuration works
|
|
without problem.
|
|
|
|
LEDs
|
|
====
|
|
|
|
The Board provides a 2 user LEDs, LD9 and LD10
|
|
LED9 (Red) PD_3
|
|
LED10 (Green) PG_12
|
|
|
|
- When the I/O is LOW value, the LEDs are on.
|
|
- When the I/O is HIGH value, the LEDs are off.
|
|
|
|
These LEDs are not used by the board port unless CONFIG_ARCH_LEDS is
|
|
defined. In that case, the usage by the board port is defined in
|
|
include/board.h and src/stm32_autoleds.c. The LEDs are used to encode OS
|
|
related events as follows when the LEDs are available:
|
|
|
|
SYMBOL Meaning RED GREEN
|
|
------------------- ----------------------- --- -----
|
|
|
|
LED_STARTED NuttX has been started OFF OFF
|
|
LED_HEAPALLOCATE Heap has been allocated ON OFF
|
|
LED_IRQSENABLED Interrupts enabled ON ON
|
|
LED_STACKCREATED Idle stack created OFF ON
|
|
LED_INIRQ In an interrupt GLOW NC (momentary)
|
|
LED_SIGNAL In a signal handler GLOW NC (momentary)
|
|
LED_ASSERTION An assertion failed GLOW NC (momentary)
|
|
LED_PANIC The system has crashed ON OFF (flashing 2Hz)
|
|
LED_IDLE MCU is is sleep mode NC ON
|
|
|
|
OFF - means that the OS is still initializing. Initialization is very fast
|
|
so if you see this at all, it probably means that the system is
|
|
hanging up somewhere in the initialization phases.
|
|
|
|
GREEN - This means that the OS completed initialization.
|
|
|
|
Flashing RED - In the event of a fatal crash, all other LEDs will be
|
|
extinguished and RED LED will FLASH at a 2Hz rate.
|
|
|
|
Thus if the GREEN LED is lit, NuttX has successfully booted and is,
|
|
apparently, idleing normally. If the RED LED is flashing at
|
|
approximately 2Hz, then a fatal error has been detected and the system has
|
|
halted.
|
|
|
|
Buttons
|
|
=======
|
|
|
|
B1 USER: the user button is connected to the I/O PC13 (pin 2) of the STM32
|
|
microcontroller.
|
|
|
|
Serial Consoles
|
|
===============
|
|
|
|
USART1 - Virtual COM Port
|
|
-------------------------
|
|
|
|
Default board is configured to use USART1 as console, which is wired to
|
|
the STLINK Virtual COM Port.
|
|
|
|
FUNC GPIO
|
|
---- ----
|
|
TXD: PA9
|
|
RXD: PA10
|
|
---- ----
|
|
|
|
Use make menuconfig to configure USART1 as the console:
|
|
|
|
CONFIG_STM32L5_USART1=y
|
|
CONFIG_USART1_SERIALDRIVER=y
|
|
CONFIG_USART1_SERIAL_CONSOLE=y
|
|
CONFIG_USART1_RXBUFSIZE=256
|
|
CONFIG_USART1_TXBUFSIZE=256
|
|
CONFIG_USART1_BAUD=115200
|
|
CONFIG_USART1_BITS=8
|
|
CONFIG_USART1_PARITY=0
|
|
CONFIG_USART1_2STOP=0
|
|
|
|
Default
|
|
-------
|
|
As shipped, the virtual COM port is enabled.
|
|
|
|
TrustedFirmware-M
|
|
=================
|
|
|
|
You should study [UM2671] STMicroelectronics. UM2671: Getting started with
|
|
STM32CubeL5 TFM application, 3rd edition, June 2021.
|
|
|
|
I was using STM32CubeL5 v1.5.0
|
|
(https://github.com/STMicroelectronics/STM32CubeL5/tree/v1.5.0).
|
|
|
|
Changes required to STM32CubeL5's TFM
|
|
-------------------------------------
|
|
|
|
The following three changes to TFM have to be applied to be able to run NuttX.
|
|
|
|
The first one is required since NuttX issues SVC instructions while interrupts
|
|
are disabled, which causes HardFaults. NuttX then detects this situation in
|
|
the HardFault handler. Per default HardFaults are taken to the secure domain,
|
|
though. Thus, this change:
|
|
|
|
--- a/Projects/STM32L562E-DK/Applications/TFM/TFM_SBSFU_Boot/Src/boot_hal.c
|
|
+++ b/Projects/STM32L562E-DK/Applications/TFM/TFM_SBSFU_Boot/Src/boot_hal.c
|
|
@@ -306,6 +306,9 @@ void jumper(struct arm_vector_table *vector)
|
|
/* set the secure vector */
|
|
SCB->VTOR = (uint32_t)vector;
|
|
|
|
+ /* Stay in Non-Secure mode for BusFault, HardFault, and NMI exceptions */
|
|
+ SCB->AIRCR = (SCB->AIRCR & 0x0000FFFF) | 0x05FA0000 | SCB_AIRCR_BFHFNMINS_Msk;
|
|
+
|
|
vt = (struct arm_vector_table *)vector;
|
|
|
|
The second change is required to ensure all interrupts are taken to the
|
|
non-secure domain:
|
|
|
|
--- a/Projects/STM32L562E-DK/Applications/TFM/TFM_Appli/Secure/Src/spm_hal.c
|
|
+++ b/Projects/STM32L562E-DK/Applications/TFM/TFM_Appli/Secure/Src/spm_hal.c
|
|
@@ -535,6 +535,7 @@ enum tfm_plat_err_t tfm_spm_hal_system_reset_cfg(void)
|
|
enum tfm_plat_err_t tfm_spm_hal_nvic_interrupt_target_state_cfg(void)
|
|
{
|
|
/* return nvic_interrupt_target_state_cfg();*/
|
|
+ nvic_interrupt_target_state_cfg();
|
|
return TFM_PLAT_ERR_SUCCESS;
|
|
}
|
|
|
|
The third chage is required, since current NuttX does not support lazy FPU
|
|
register stacking any longer. Thus, this must be disabled for the TF-M secure
|
|
code as well:
|
|
|
|
--- a/Projects/STM32L562E-DK/Applications/TFM/TFM_Appli/Secure/Src/target_cfg.c
|
|
+++ b/Projects/STM32L562E-DK/Applications/TFM/TFM_Appli/Secure/Src/target_cfg.c
|
|
@@ -134,7 +134,7 @@ void sau_and_idau_cfg(void)
|
|
SCB->NSACR = (SCB->NSACR & ~(SCB_NSACR_CP10_Msk | SCB_NSACR_CP11_Msk)) |
|
|
((SCB_NSACR_CP10_11_VAL << SCB_NSACR_CP10_Pos) & (SCB_NSACR_CP10_Msk | SCB_NSACR_CP11_Msk));
|
|
|
|
- FPU->FPCCR = (FPU->FPCCR & ~(FPU_FPCCR_TS_Msk | FPU_FPCCR_CLRONRETS_Msk | FPU_FPCCR_CLRONRET_Msk)) |
|
|
+ FPU->FPCCR = (FPU->FPCCR & ~(FPU_FPCCR_TS_Msk | FPU_FPCCR_CLRONRETS_Msk | FPU_FPCCR_CLRONRET_Msk | FPU_FPCCR_LSPEN_Msk)) |
|
|
((FPU_FPCCR_TS_VAL << FPU_FPCCR_TS_Pos) & FPU_FPCCR_TS_Msk) |
|
|
((FPU_FPCCR_CLRONRETS_VAL << FPU_FPCCR_CLRONRETS_Pos) & FPU_FPCCR_CLRONRETS_Msk) |
|
|
((FPU_FPCCR_CLRONRET_VAL << FPU_FPCCR_CLRONRET_Pos) & FPU_FPCCR_CLRONRET_Msk);
|
|
|
|
Encrypting and Signing the NuttX Binary
|
|
---------------------------------------
|
|
|
|
According to Figure 24 of [UM2671] and since we use the 'external flash
|
|
configuration', we must create the 'tfm_ns_enc_sign.bin' image from
|
|
'nuttx.bin'. This is done with mcuboot's imgtool.py.
|
|
|
|
imgtool.py sign \
|
|
-k root-rsa-2048_1.pem \ Key used for signing
|
|
-E enc-rsa2048-pub.pem \ Encrypt image using the provided public key
|
|
-o 0x90000400 \ OTFDEC
|
|
-e little \ Little Endian
|
|
-S 0x100000 \ Size of Flash Slot
|
|
-H 0x400 \ Header Size
|
|
--pad-header \ Pad header with zeroes
|
|
-v $version \ Version (TEXT)
|
|
-s auto \ Security Counter - auto: Create from Version
|
|
--align 8 \ 8 byte alignment
|
|
nuttx.bin \ input file
|
|
tfm_ns_enc_sign.bin output file
|
|
|
|
On my system the full command is as follows:
|
|
|
|
$ python3 ~/compile/STM32CubeL5/Middlewares/Third_Party/mcuboot/scripts/imgtool.py sign -k ~/compile/STM32CubeL5/Middlewares/Third_Party/trustedfirmware/bl2/ext/mcuboot/root-rsa-2048_1.pem -E ~/compile/STM32CubeL5/Middlewares/Third_Party/trustedfirmware/bl2/ext/mcuboot/enc-rsa2048-pub.pem -o 0x90000400 -e little -S 0x100000 -H 0x400 --pad-header -v 1 -s auto --align 8 nuttx.bin tfm_ns_enc_sign.bin
|
|
|
|
Configurations
|
|
==============
|
|
|
|
Information Common to All Configurations
|
|
----------------------------------------
|
|
Each configuration is maintained in a sub-directory and can be
|
|
selected as follow:
|
|
|
|
tools/configure.sh nucleo-l552ze:<subdir>
|
|
|
|
Before building, make sure the PATH environment variable includes the
|
|
correct path to the directory than holds your toolchain binaries.
|
|
|
|
And then build NuttX by simply typing the following. At the conclusion of
|
|
the make, the nuttx binary will reside in an ELF file called, simply, nuttx.
|
|
|
|
make oldconfig
|
|
make
|
|
|
|
The <subdir> that is provided above as an argument to the tools/configure.sh
|
|
must be is one of the following.
|
|
|
|
NOTES:
|
|
|
|
1. These configurations use the mconf-based configuration tool. To
|
|
change any of these configurations using that tool, you should:
|
|
|
|
a. Build and install the kconfig-mconf tool. See nuttx/README.txt
|
|
see additional README.txt files in the NuttX tools repository.
|
|
|
|
b. Execute 'make menuconfig' in nuttx/ in order to start the
|
|
reconfiguration process.
|
|
|
|
2. Unless stated otherwise, all configurations generate console
|
|
output on USART1, as described above under "Serial Console". The
|
|
elevant configuration settings are listed below:
|
|
|
|
CONFIG_STM32L5_USART1=y
|
|
CONFIG_STM32L5_USART1_SERIALDRIVER=y
|
|
CONFIG_STM32L5_USART=y
|
|
|
|
CONFIG_USART1_SERIALDRIVER=y
|
|
CONFIG_USART1_SERIAL_CONSOLE=y
|
|
|
|
CONFIG_USART1_RXBUFSIZE=256
|
|
CONFIG_USART1_TXBUFSIZE=256
|
|
CONFIG_USART1_BAUD=115200
|
|
CONFIG_USART1_BITS=8
|
|
CONFIG_USART1_PARITY=0
|
|
CONFIG_USART1_2STOP=0
|
|
|
|
3. All of these configurations are set up to build under Linux using the
|
|
"GNU Tools for ARM Embedded Processors" that is maintained by ARM
|
|
(unless stated otherwise in the description of the configuration).
|
|
|
|
https://developer.arm.com/open-source/gnu-toolchain/gnu-rm
|
|
|
|
That toolchain selection can easily be reconfigured using
|
|
'make menuconfig'. Here are the relevant current settings:
|
|
|
|
Build Setup:
|
|
CONFIG_HOST_LINUX=y : Linux environment
|
|
|
|
System Type -> Toolchain:
|
|
CONFIG_ARM_TOOLCHAIN_GNU_EABI=y : GNU ARM EABI toolchain
|
|
|
|
Configuration sub-directories
|
|
-----------------------------
|
|
|
|
nsh:
|
|
|
|
Configures the NuttShell (nsh) located at examples/nsh. This
|
|
configuration is focused on low level, command-line driver testing.
|
|
|