 Hello, and welcome to this presentation of the STM32-MP1 Security Architecture Overview. The STM32-MP1 Security Architecture is based on ARM Trust Zone technology. ARM Trust Zone splits resources between two execution environments, namely secure and normal non-secure worlds. Cortex A7 supports ARM V7A architecture with the security extension. It is at the root of the split environment. SOC Interconnect features security gates, also known as STUBS, checked for permissions at various levels of the SOC Interconnect at AHB bus and AHB2 APB bridge level and block any unauthorized access to security-sensitive resources. Trust Zone Memory Adapters, or TZMAs, support division of on-chip RAM and RAM memories in secure and non-secure regions with a granularity of 4 kilobytes. Trust Zone Address-Based Controller, or TZC, supports classification of DDR address ranges into regions with secure or non-secure access. Security-sensitive resources, Trust Zone Aware, have local access control. The security properties of components can be enumerated as Trust Zone-capable IP, Cortex A7 subsystem, including L1 and L2 cache, MMU and GIC with security extension, MDMA implements security per channel, DAP, Debug access port to secure debug via authentication interface, secure IPs, unconditionally secure or right-secure, secureable IPs, peripherals and on-chip memories which can be programmed via ETZ PC to be secure, right-secure or non-secure. Trust Zone Aware IPs, peripherals sensitive to security with some local features to become secure, non-secure IPs, memory adapters, TZMA. To segment SysRAM and ROM memories into secure and non-secure regions, TZC or DDR. To segment DDR memory in multiple regions with secure non-secure rights, note non-secure regions may be filtered per master according to its NSAID. This is the block diagram of the STM32MP1 security architecture. The key components are secure IPs which are unconditionally secure, these are ETZPC, ETZC and AXIMC. TZMA0 and TZMA1 use to define secure regions in ROM and SysRAM. Securable IPs, the security of these IPs is defined by ETZPC. Trust Zone Aware IPs, BSEC, RTC TEMP, MDAM, PWR, RCC, EXTI and GPIOZ. Access to non-secure resources by the secure world is always possible. Access is illegal when the non-secure world attempts to access secure resources. Secure behavior for illegal access are illegal accesses are always denied. A right access is ignored and a read access returned with zero. The options to flag errors can be either a silent fail, bus errors or interrupts. Default Settings There are no unique rules, but IPs are mostly non-secure by default. For TZ Aware IPs, please refer to IP description. Securable IPs and TZMA are secure by default with bus error response on illegal access. Securable peripherals are controlled by ETZPC DeckProt bits. DeckProt 1 to 0 bits are encoded as 0B00 secure, 0B01 right secure, 0B11 non-secure. Note, 0B10 is either reserved or used to control MCU. The DeckProt bits associated to secureable peripherals and to MCU RAMs are listed in this table. Securable IPs are Service Peripherals for Secure Application, USART-1, SPI-6, I2C-4 and I2C-6, Cryptographic Accelerators, Crip-1, Hash-1, RNG-1, System Peripherals, Sten-C, IWDG-1, BKPS RAM which is secureable with Erase on Tamper. And DDRCTRL and DDRPPHYC are made secureable if concerned by Trust Zone Address Space Controller or TZC. BSEC is used to control the device lifecycle, debug authentication, and to store secrets in OTP. BSEC is Trust Zone Aware, C-BSEC Training. BSEC is composed of three regions. Control Interface Registers, Lower OTP Shadow Registers, Upper OTP Shadow Registers. Read and write permissions are set according to OTP modes. Clock gating and reset control of a secure IP can only be modified by secure access. RCC provides a dedicated secure interrupt about clock security. RCC security is controlled by two bits. TZEN and MCK PROTS which are write secure. For more details see the Product Reference Manual RCC section. Power mode control of a secure IP must be modified only by secure access. PWR security is controlled by the bit TZEN from RCC. PWR security consists of preventing a non-secure write to change settings of VBAT and Temp Monitor, PVD, and AVD. Change the low power deep sleep and RAM low power settings. Change the backup domain write protection. Change the backup regulator, retention regulator, 1V8 regulator, 1V1 regulator, and USB 3.3V voltage level detector settings. Change the backup battery charging settings. Change MPU power control register settings and change the standby wakeup settings and flags. For more details see the Product Reference Manual PWR section. EXTI can protect sensitive events by restricting the access to control and configuration bits related to these events. Security can be activated per input with bit EXTI TZENR. Security prevents non-secure write access to change settings or mask and clear status of secure inputs. For more details see the Product Reference Manual EXTI section. Security is applicable only to GPIOZ. After reset all GPIOZ IO pins are secure. GPIOZ IO pins can be individually set as secure with the GPIOZ SECCFGR register. When an IO pin is secure all its IO configuration bits are write secure. Input to a secure pin cannot be redirected to a non-secure IO whatever its configuration. Output data from a secure pin cannot be replaced by output from another peripheral. Secure IO data cannot be redirected to non-secure IO. Non-secure IO data cannot be redirected to secure IO. For RTC functions alarm A, alarm B, wake up timer and timestamp can be individually configured as secure. RTC can be configured globally secure. RTC initialization and calibration control can be configured secure. Write secure RTC SCMR is used to control RTC security settings. A silent fail results from a non-secure access to RTC SCMR bits. Inheritance of RCC clock and reset control is attached to a resource. RTC is non-secure by default. Security settings are persistent in low power. The settings are reset only by backup domain POR and not affected by system reset. Interrupts control, masking and clearing inherits the security properties of the features the interrupt is attached to. The tamper control can be configured as secure. The 128 backup registers are organized in three zones. Zone 1 secure read and write only by secure. Zone 2 secure write only by secure. Zone 3 non-secure. TAMP can be configured as secure. Write secure TAMP SCMR register is used to control TAMP security settings. The backup registers zone size are programmable. Inheritance of TAMP clock and reset control is attached to a resource. TAMP is non-secure by default. Security settings are persistent in low power. The settings are reset only by backup domain POR and not affected by system reset. Interrupts control, masking and clearing inherits the security properties of the features the interrupt is attached to. MDMA supports 32 channels. A channel can be secured by setting the SM bit from MDMA CXCR register where X is the channel number 0231. The SM bit can only be modified by secure write secure bit. MDMA is a routing interrupt to secure and normal lines according to channel security attributes. When a channel is secure all its associated registers are write secure. The MDMA AXI Masterport propagates the security attribute of the corresponding channel. The debug access port or DAP is a non-secure bus master. The access to debug resources is controlled by the debug authentication interface issued from BSEC. For more details see the product reference manual debug section.