platform: stm32l562e_dk: add level 3 isolation support
Change-Id: I65a121536829e2cc80a392f85fbe18e2304189d6
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
diff --git a/config/check_config.cmake b/config/check_config.cmake
index 470898a..de3bb5d 100644
--- a/config/check_config.cmake
+++ b/config/check_config.cmake
@@ -21,7 +21,7 @@
tfm_invalid_config(CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS "7.3.1")
-set (TFM_L3_PLATFORM_LISTS mps2/an521 musca_b1/sse_200)
+set (TFM_L3_PLATFORM_LISTS mps2/an521 musca_b1/sse_200 stm/stm32l562e_dk)
tfm_invalid_config(TFM_ISOLATION_LEVEL LESS 1 OR TFM_ISOLATION_LEVEL GREATER 3)
tfm_invalid_config(TFM_ISOLATION_LEVEL EQUAL 3 AND NOT TFM_PLATFORM IN_LIST TFM_L3_PLATFORM_LISTS)
diff --git a/platform/ext/target/stm/common/generated_file_list.yaml b/platform/ext/target/stm/common/generated_file_list.yaml
new file mode 100644
index 0000000..7b32b81
--- /dev/null
+++ b/platform/ext/target/stm/common/generated_file_list.yaml
@@ -0,0 +1,31 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+# The path of "template" can be relative path to TF-M root or absolute path
+# The path of "output" must be relative path to the root for generated files
+# Both can contain environment variables
+
+{
+ "name": "stm generated file list",
+ "type": "generated_file_list",
+ "version_major": 0,
+ "version_minor": 1,
+ "file_list": [
+ {
+ "name": "isolation l3 scatter file",
+ "short_name": "isolation_l3_sct",
+ "template": "platform/ext/common/armclang/tfm_isolation_l3.sct.template",
+ "output": "platform/ext/common/armclang/tfm_isolation_l3.sct"
+ },
+ {
+ "name": "isolation l3 linker script",
+ "short_name": "isolation_l3_ld",
+ "template": "platform/ext/common/gcc/tfm_isolation_l3.ld.template",
+ "output": "platform/ext/common/gcc/tfm_isolation_l3.ld"
+ }
+ ]
+}
diff --git a/platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt b/platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt
index 6e6950d..c1b63f0 100644
--- a/platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt
+++ b/platform/ext/target/stm/common/stm32l5xx/CMakeLists.txt
@@ -24,9 +24,11 @@
#========================= Platform common defs ===============================#
target_add_scatter_file(tfm_s
- $<$<C_COMPILER_ID:GNU>:${CMAKE_SOURCE_DIR}/platform/ext/common/gcc/tfm_common_s.ld>
- $<$<C_COMPILER_ID:ARMClang>:${CMAKE_SOURCE_DIR}/platform/ext/common/armclang/tfm_common_s.sct>
- $<$<C_COMPILER_ID:IAR>:${CMAKE_SOURCE_DIR}/platform/ext/common/iar/tfm_common_s.icf>
+ $<$<AND:$<VERSION_LESS:${TFM_ISOLATION_LEVEL},3>,$<C_COMPILER_ID:ARMClang>>:${CMAKE_SOURCE_DIR}/platform/ext/common/armclang/tfm_common_s.sct>
+ $<$<AND:$<VERSION_LESS:${TFM_ISOLATION_LEVEL},3>,$<C_COMPILER_ID:GNU>>:${CMAKE_SOURCE_DIR}/platform/ext/common/gcc/tfm_common_s.ld>
+ $<$<AND:$<VERSION_LESS:${TFM_ISOLATION_LEVEL},3>,$<C_COMPILER_ID:IAR>>:${CMAKE_SOURCE_DIR}/platform/ext/common/iar/tfm_common_s.icf>
+ $<$<AND:$<VERSION_EQUAL:${TFM_ISOLATION_LEVEL},3>,$<C_COMPILER_ID:ARMClang>>:${CMAKE_BINARY_DIR}/generated/platform/ext/common/armclang/tfm_isolation_l3.sct>
+ $<$<AND:$<VERSION_EQUAL:${TFM_ISOLATION_LEVEL},3>,$<C_COMPILER_ID:GNU>>:${CMAKE_BINARY_DIR}/generated/platform/ext/common/gcc/tfm_isolation_l3.ld>
)
if(NS)
diff --git a/platform/ext/target/stm/common/stm32l5xx/secure/tfm_hal_isolation.c b/platform/ext/target/stm/common/stm32l5xx/secure/tfm_hal_isolation.c
index 17245b5..c011cf3 100644
--- a/platform/ext/target/stm/common/stm32l5xx/secure/tfm_hal_isolation.c
+++ b/platform/ext/target/stm/common/stm32l5xx/secure/tfm_hal_isolation.c
@@ -12,102 +12,141 @@
#include "target_cfg.h"
#include "tfm_hal_isolation.h"
#include "tfm_plat_defs.h"
-
#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
-#define MPU_REGION_VENEERS 0
-#define MPU_REGION_TFM_UNPRIV_CODE 1
-#define PARTITION_REGION_RO 3
-#define PARTITION_REGION_RW_STACK 4
-#define PARTITION_REGION_PERIPH 5
-#define PARTITION_REGION_SHARE 6
+#if TFM_LVL == 3
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base);
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit);
+REGION_DECLARE(Image$$, PT_RO_START, $$Base);
+REGION_DECLARE(Image$$, PT_RO_END, $$Base);
+REGION_DECLARE(Image$$, PT_PRIV_RWZI_START, $$Base);
+REGION_DECLARE(Image$$, PT_PRIV_RWZI_END, $$Base);
-#if TFM_LVL == 2
-#define MPU_REGION_NS_STACK 2
-#elif TFM_LVL == 3
-#define MPU_REGION_NS_DATA 2
-#endif
+static uint32_t g_static_region_cnt;
+static struct mpu_armv8m_region_cfg_t isolation_regions[] = {
+ {
+ 0, /* will be updated before using */
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Base),
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Limit),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE,
+ },
+ {
+ 0, /* will be updated before using */
+ (uint32_t)®ION_NAME(Image$$, PT_RO_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, PT_RO_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE,
+ },
+ /* For isolation Level 3, set up static isolation for privileged data.
+ * Unprivileged data is dynamically set during Partition sheduling.
+ */
+ {
+ 0, /* will be updated before using */
+ (uint32_t)®ION_NAME(Image$$, PT_PRIV_RWZI_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, PT_PRIV_RWZI_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_ONLY,
+ MPU_ARMV8M_SH_NONE,
+ },
+};
+#else /* TFM_LVL == 3 */
+#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0]))
+
+#define MPU_REGION_VENEERS 0
+#define MPU_REGION_TFM_UNPRIV_CODE 1
+#define MPU_REGION_NS_STACK 2
+#define PARTITION_REGION_RO 3
+#define PARTITION_REGION_RW_STACK 4
#ifdef TFM_SP_META_PTR_ENABLE
-#define MPU_REGION_SP_META_PTR 7
+#define MPU_REGION_SP_META_PTR 7
#endif /* TFM_SP_META_PTR_ENABLE */
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base);
+REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit);
REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
-#ifdef TFM_SP_META_PTR_ENABLE
-REGION_DECLARE(Image$$, TFM_SP_META_PTR, $$RW$$Base);
-REGION_DECLARE(Image$$, TFM_SP_META_PTR, $$RW$$Limit);
-#endif
-#ifndef TFM_PSA_API
-REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base);
-REGION_DECLARE(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit);
-#endif
-#if TFM_LVL == 2
REGION_DECLARE(Image$$, TFM_APP_CODE_START, $$Base);
REGION_DECLARE(Image$$, TFM_APP_CODE_END, $$Base);
REGION_DECLARE(Image$$, TFM_APP_RW_STACK_START, $$Base);
REGION_DECLARE(Image$$, TFM_APP_RW_STACK_END, $$Base);
REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Base);
REGION_DECLARE(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
-#endif
+#ifdef TFM_SP_META_PTR_ENABLE
+REGION_DECLARE(Image$$, TFM_SP_META_PTR, $$RW$$Base);
+REGION_DECLARE(Image$$, TFM_SP_META_PTR, $$RW$$Limit);
+#endif /* TFM_SP_META_PTR_ENABLE */
-/* Get address of memory regions to configure MPU */
-extern const struct memory_region_limits memory_regions;
-
-#if !defined(TFM_PSA_API)
-/**
- * Set share region to which the partition needs access
- */
-enum tfm_plat_err_t tfm_spm_hal_set_share_region(
- enum tfm_buffer_share_region_e share)
-{
- struct mpu_armv8m_region_cfg_t region_cfg;
- enum tfm_plat_err_t res = TFM_PLAT_ERR_SYSTEM_ERR;
- uint32_t scratch_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Base);
- uint32_t scratch_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_SCRATCH, $$ZI$$Limit);
-
- mpu_armv8m_disable(&dev_mpu_s);
-
- if (share == TFM_BUFFER_SHARE_DISABLE) {
- mpu_armv8m_region_disable(&dev_mpu_s, PARTITION_REGION_SHARE);
- } else {
-
- region_cfg.region_nr = PARTITION_REGION_SHARE;
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- switch (share) {
- case TFM_BUFFER_SHARE_SCRATCH:
- /* Use scratch area for SP-to-SP data sharing */
- region_cfg.region_base = scratch_base;
- region_cfg.region_limit = scratch_limit;
- res = TFM_PLAT_ERR_SUCCESS;
- break;
- case TFM_BUFFER_SHARE_NS_CODE:
- region_cfg.region_base = memory_regions.non_secure_partition_base;
- region_cfg.region_limit = memory_regions.non_secure_partition_limit;
- /* Only allow read access to NS code region and keep
- * exec.never attribute
- */
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- res = TFM_PLAT_ERR_SUCCESS;
- break;
- default:
- /* Leave res to be set to SPM_ERR_INVALID_CONFIG */
- break;
- }
- if (res == TFM_PLAT_ERR_SUCCESS) {
- mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg);
- }
+const struct mpu_armv8m_region_cfg_t region_cfg[] = {
+ /* Veneer region */
+ {
+ MPU_REGION_VENEERS,
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Base),
+ (uint32_t)®ION_NAME(Load$$LR$$, LR_VENEER, $$Limit),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* TFM Core unprivileged code region */
+ {
+ MPU_REGION_TFM_UNPRIV_CODE,
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* NSPM PSP */
+ {
+ MPU_REGION_NS_STACK,
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base),
+ (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* RO region */
+ {
+ PARTITION_REGION_RO,
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_CODE_IDX,
+ MPU_ARMV8M_XN_EXEC_OK,
+ MPU_ARMV8M_AP_RO_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+ /* RW, ZI and stack as one region */
+ {
+ PARTITION_REGION_RW_STACK,
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
+ },
+#ifdef TFM_SP_META_PTR_ENABLE
+ /* TFM partition metadata pointer region */
+ {
+ MPU_REGION_SP_META_PTR,
+ (uint32_t)®ION_NAME(Image$$, TFM_SP_META_PTR, $$RW$$Base),
+ (uint32_t)®ION_NAME(Image$$, TFM_SP_META_PTR, $$RW$$Limit),
+ MPU_ARMV8M_MAIR_ATTR_DATA_IDX,
+ MPU_ARMV8M_XN_EXEC_NEVER,
+ MPU_ARMV8M_AP_RW_PRIV_UNPRIV,
+ MPU_ARMV8M_SH_NONE
}
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
-
- return res;
-}
-#endif /* !defined(TFM_PSA_API) */
+#endif
+};
+#endif /* TFM_LVL == 3 */
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(void)
@@ -119,114 +158,67 @@
/* Set up static isolation boundaries inside SPE */
#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
- struct mpu_armv8m_region_cfg_t region_cfg;
+ int32_t i;
struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
mpu_armv8m_clean(&dev_mpu_s);
- /* Veneer region */
- region_cfg.region_nr = MPU_REGION_VENEERS;
- region_cfg.region_base = memory_regions.veneer_base;
- region_cfg.region_limit = memory_regions.veneer_limit;
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_HAL_ERROR_GENERIC;
- }
-
- /* TFM Core unprivileged code region */
- region_cfg.region_nr = MPU_REGION_TFM_UNPRIV_CODE;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_HAL_ERROR_GENERIC;
- }
-
-#ifdef TFM_SP_META_PTR_ENABLE
- /* TFM partition metadata pointer region */
- region_cfg.region_nr = MPU_REGION_SP_META_PTR;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_SP_META_PTR, $$RW$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_SP_META_PTR, $$RW$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_HAL_ERROR_GENERIC;
- }
-#endif
-
#if TFM_LVL == 3
- /* TFM Core unprivileged non-secure data region */
- region_cfg.region_nr = MPU_REGION_NS_DATA;
- region_cfg.region_base = NS_DATA_START;
- region_cfg.region_limit = NS_DATA_LIMIT;
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
+ uint32_t cnt;
+
+ /* Update MPU region numbers. The numbers start from 0 and are continuous */
+ cnt = sizeof(isolation_regions) / sizeof(isolation_regions[0]);
+ g_static_region_cnt = cnt;
+ for (i = 0; i < cnt; i++) {
+ /* Update region number */
+ isolation_regions[i].region_nr = i;
+ /* Enable regions */
+ if (mpu_armv8m_region_enable(&dev_mpu_s, &isolation_regions[i])
+ != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+ }
+#else /* TFM_LVL == 3 */
+ for (i = 0; i < ARRAY_SIZE(region_cfg); i++) {
+ if (mpu_armv8m_region_enable(&dev_mpu_s,
+ (struct mpu_armv8m_region_cfg_t *)®ion_cfg[i])
+ != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+ }
+#endif /* TFM_LVL == 3 */
+
+ /* Enable MPU */
+ if (mpu_armv8m_enable(&dev_mpu_s,
+ PRIVILEGED_DEFAULT_ENABLE,
+ HARDFAULT_NMI_ENABLE) != MPU_ARMV8M_OK) {
return TFM_HAL_ERROR_GENERIC;
}
-#endif
-
-#if TFM_LVL == 2
- /* NSPM PSP */
- region_cfg.region_nr = MPU_REGION_NS_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, ARM_LIB_STACK, $$ZI$$Limit);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_HAL_ERROR_GENERIC;
- }
-
- /* RO region */
- region_cfg.region_nr = PARTITION_REGION_RO;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_CODE_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RO_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_OK;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_HAL_ERROR_GENERIC;
- }
-
- /* RW, ZI and stack as one region */
- region_cfg.region_nr = PARTITION_REGION_RW_STACK;
- region_cfg.region_base =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
- region_cfg.region_limit =
- (uint32_t)®ION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
- region_cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
- region_cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
- region_cfg.attr_sh = MPU_ARMV8M_SH_NONE;
- region_cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
- if (mpu_armv8m_region_enable(&dev_mpu_s, ®ion_cfg) != MPU_ARMV8M_OK) {
- return TFM_HAL_ERROR_GENERIC;
- }
-#endif
-
- mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
- HARDFAULT_NMI_ENABLE);
#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
return TFM_HAL_SUCCESS;
}
+
+#if TFM_LVL == 3
+enum tfm_hal_status_t tfm_hal_mpu_update_partition_boundary(uintptr_t start,
+ uintptr_t end)
+{
+ struct mpu_armv8m_region_cfg_t cfg;
+ enum mpu_armv8m_error_t mpu_err;
+ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
+
+ /* Partition boundary regions is right after static regions */
+ cfg.region_nr = g_static_region_cnt;
+ cfg.region_base = start;
+ cfg.region_limit = end;
+ cfg.region_attridx = MPU_ARMV8M_MAIR_ATTR_DATA_IDX;
+ cfg.attr_access = MPU_ARMV8M_AP_RW_PRIV_UNPRIV;
+ cfg.attr_exec = MPU_ARMV8M_XN_EXEC_NEVER;
+ cfg.attr_sh = MPU_ARMV8M_SH_NONE;
+ mpu_err = mpu_armv8m_region_enable(&dev_mpu_s, &cfg);
+ if (mpu_err != MPU_ARMV8M_OK) {
+ return TFM_HAL_ERROR_GENERIC;
+ }
+ return TFM_HAL_SUCCESS;
+}
+#endif /* TFM_LVL == 3 */
diff --git a/platform/ext/target/stm/stm32l562e_dk/config.cmake b/platform/ext/target/stm/stm32l562e_dk/config.cmake
index 74c5a80..1f43c21 100644
--- a/platform/ext/target/stm/stm32l562e_dk/config.cmake
+++ b/platform/ext/target/stm/stm32l562e_dk/config.cmake
@@ -13,3 +13,4 @@
################################## Dependencies ################################
set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
set(MBEDCRYPTO_BUILD_TYPE minsizerel CACHE STRING "Build type of Mbed Crypto library")
+set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/stm/common/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE)
\ No newline at end of file