1# TrustZone setup: partition_<Device>.h {#partition_h_pg} 2 3The TrustZone header file contains the initial setup of the TrustZone hardware in an Armv8-M system. 4 5This file implements the function \ref TZ_SAU_Setup that is called from \ref SystemInit. It uses settings in these files: 6 7 - \ref partition_h_pg "partition_<Device>.h" that defines the initial system configuration and during SystemInit in Secure state. 8 - \ref partition_gen_h_pg "partition_gen.h" that contains SAU region and interrupt target assignments. This file may be generated using [CMSIS-Zone](../Zone/index.html). 9 10> **Note** 11> - \ref partition_gen_h_pg "partition_gen.h" is optional and can be generated using [CMSIS-Zone](../Zone/index.html). In previous versions of CMSIS-Core(M) this settings were part of \ref partition_h_pg "partition_<Device>.h". 12 13The \ref partition_h_pg "partition_<Device>.h" file contains the following configuration settings for: 14 15 - \ref sau_ctrlregister_sec provides settings for the SAU CTRL register. 16 - \ref sau_sleepexception_sec provides device-specific deep-sleep and exception settings. 17 - \ref sau_fpu_sec defines the usage of the Floating Point Unit in secure and non-secure state. 18 19The \ref partition_h_pg "partition_<Device>.h" file includes the \ref partition_gen_h_pg "partition_gen.h" file with configuration settings for: 20 21 - \ref sau_regions_sect provides configuration of the SAU Address Regions. 22 - \ref sau_interrupttarget_sec provides device-specific interrupt target settings. 23 24## SAU CTRL register settings {#sau_ctrlregister_sec} 25 26<table class="cmtable"> 27 <tr> 28 <th>\#define</th> 29 <th>Value Range</th> 30 <th>Default</th> 31 <th>Description</th> 32 </tr> 33 <tr> 34 <td>SAU_INIT_CTRL</td> 35 <td>0 .. 1</td> 36 <td>0</td> 37 <td>Initialize SAU CTRL register or not 38 - 0: do not initialize SAU CTRL register 39 - 1: initialize SAU CTRL register</td> 40 </tr> 41 <tr> 42 <td>SAU_INIT_CTRL_ENABLE</td> 43 <td>0 .. 1</td> 44 <td>0</td> 45 <td>enable/disable the SAU 46 - 0: disable SAU 47 - 1: enable SAU</td> 48 </tr> 49 <tr> 50 <td>SAU_INIT_CTRL_ALLNS</td> 51 <td>0 .. 1</td> 52 <td>0</td> 53 <td>value for SAU_CTRL register bit ALLNS 54 - 0: all Memory is Secure 55 - 1: all Memory is Non-Secure</td> 56 </tr> 57</table> 58 59## Configuration of Sleep and Exception behaviour {#sau_sleepexception_sec} 60 61<table class="cmtable"> 62 <tr> 63 <th>\#define</th> 64 <th>Value Range</th> 65 <th>Default</th> 66 <th>Description</th> 67 </tr> 68 <tr> 69 <td>SCB_CSR_AIRCR_INIT</td> 70 <td>0 .. 1</td> 71 <td>1</td> 72 <td>Setup behaviour of Sleep and Exception Handling 73 - 0: not setup of CSR and AIRCR registers; the values below are not relevant 74 - 1: setup of CSR and AIRCR registers with values below</td> 75 </tr> 76 <tr> 77 <td>CSR_INIT_DEEPSLEEPS_VAL</td> 78 <td>0 .. 1</td> 79 <td>1</td> 80 <td>value for SCB_CSR register bit DEEPSLEEPS 81 - 0: Deep Sleep can be enabled by Secure and Non-Secure state 82 - 1: Deep Sleep can be enabled by Secure state only</td> 83 </tr> 84 <tr> 85 <td>AIRCR_INIT_SYSRESETREQS_VAL</td> 86 <td>0 .. 1</td> 87 <td>1</td> 88 <td>value for SCB_AIRCR register bit SYSRESETREQS 89 - 0: System reset request accessible from Secure and Non-Secure state 90 - 1: System reset request accessible from Secure state only</td> 91 </tr> 92 <tr> 93 <td>AIRCR_INIT_PRIS_VAL</td> 94 <td>0 .. 1</td> 95 <td>1</td> 96 <td>value for SCB_AIRCR register bit PRIS 97 - 0: Priority of Non-Secure exceptions is Not altered 98 - 1: Priority of Non-Secure exceptions is Lowered to 0x80-0xFF</td> 99 </tr> 100 <tr> 101 <td>AIRCR_INIT_BFHFNMINS_VAL</td> 102 <td>0 .. 1</td> 103 <td>0</td> 104 <td>value for SCB_AIRCR register bit BFHFNMINS 105 - 0: BusFault, HardFault, and NMI target are Secure state 106 - 1: BusFault, HardFault, and NMI target are Non-Secure state</td> 107 </tr> 108</table> 109 110 111## Configuration of Floating Point Unit {#sau_fpu_sec} 112 113<table class="cmtable"> 114 <tr> 115 <th>\#define</th> 116 <th>Value Range</th> 117 <th>Default</th> 118 <th>Description</th> 119 </tr> 120 <tr> 121 <td>TZ_FPU_NS_USAGE</td> 122 <td>0 .. 1</td> 123 <td>1</td> 124 <td>Setup behaviour of Floating Point Unit 125 - 0: not setup of NSACR and FPCCR registers; the values below are not relevant 126 - 1: setup of NSACR and FPCCR registers with values below</td> 127 </tr> 128 <tr> 129 <td>SCB_NSACR_CP10_11_VAL</td> 130 <td>0 or 3</td> 131 <td>3</td> 132 <td>Floating Point Unit usage (Value for SCB->NSACR register bits CP10, CP11) 133 - 0: Secure state only 134 - 3: Secure and Non-Secure state</td> 135 </tr> 136 <tr> 137 <td>FPU_FPCCR_TS_VAL</td> 138 <td>0 .. 1</td> 139 <td>0</td> 140 <td>Treat floating-point registers as Secure (value for FPU->FPCCR register bit TS) 141 - 0: Disable 142 - 1: Enabled</td> 143 </tr> 144 <tr> 145 <td>FPU_FPCCR_CLRONRETS_VAL</td> 146 <td>0 .. 1</td> 147 <td>0</td> 148 <td>Clear on return (CLRONRET) accessibility (Value for FPU->FPCCR register bit CLRONRETS) 149 - 0: Secure and Non-Secure state 150 - 1: Secure state only</td> 151 </tr> 152 <tr> 153 <td>FPU_FPCCR_CLRONRET_VAL</td> 154 <td>0 .. 1</td> 155 <td>1</td> 156 <td>Clear floating-point caller saved registers on exception return (Value for FPU->FPCCR register bit CLRONRET) 157 - 0: Disabled 158 - 1: Enabled</td> 159 </tr> 160</table> 161 162## Region/ISR setup: partition_gen.h {#partition_gen_h_pg} 163 164The \ref partition_gen_h_pg "partition_gen.h" header file can be generated using [CMSIS-Zone](../Zone/index.html). 165 166The \ref partition_h_pg "partition_<Device>.h" file includes the \ref partition_h_pg "partition_gen.h" file with configuration settings for: 167 168 - \ref sau_regions_sect provides configuration of the SAU Address Regions. 169 - \ref sau_interrupttarget_sec provides device-specific interrupt target settings. 170 171> **Note** 172> - In previous versions of CMSIS-Core(M) the above settings were part of \ref partition_h_pg "partition_<Device>.h" 173 174### Configuration of the SAU Address Regions {#sau_regions_sect} 175 176<table class="cmtable"> 177 <tr> 178 <th>\#define</th> 179 <th>Value Range</th> 180 <th>Default</th> 181 <th>Description</th> 182 </tr> 183 <tr> 184 <td>SAU_REGIONS_MAX</td> 185 <td>0 .. tbd</td> 186 <td>8</td> 187 <td>maximum number of SAU regions</td> 188 </tr> 189 <tr> 190 <td>SAU_INIT_REGION<number></td> 191 <td>0 .. 1</td> 192 <td>0</td> 193 <td>initialize SAU region or not 194 - 0: do not initialize SAU region 195 - 1: initialize SAU region</td> 196 </tr> 197 <tr> 198 <td>SAU_INIT_START<number></td> 199 <td>0x00000000 .. 0xFFFFFFE0\n 200 [in steps of 32]</td> 201 <td>0x00000000</td> 202 <td>region start address</td> 203 </tr> 204 <tr> 205 <td>SAU_INIT_END<number></td> 206 <td>0x00000000 .. 0xFFFFFFE0\n 207 [in steps of 32]</td> 208 <td>0x00000000</td> 209 <td>region start address</td> 210 </tr> 211 <tr> 212 <td>SAU_INIT_NSC<number></td> 213 <td>0 .. 1</td> 214 <td>0</td> 215 <td>SAU region attribute 216 - 0: Non-Secure 217 - 1: Secure, Non-Secure callable</td> 218 </tr> 219</table> 220 221The range of \<number\> is from 0 .. SAU_REGIONS_MAX. 222A set of these macros must exist for each \<number\>. 223 224The following example shows a set of SAU region macros. 225 226```c 227#define SAU_REGIONS_MAX 8 /* Max. number of SAU regions */ 228 229#define SAU_INIT_REGION0 1 230#define SAU_INIT_START0 0x00000000 /* start address of SAU region 0 */ 231#define SAU_INIT_END0 0x001FFFE0 /* end address of SAU region 0 */ 232#define SAU_INIT_NSC0 1 233 234#define SAU_INIT_REGION1 1 235#define SAU_INIT_START1 0x00200000 /* start address of SAU region 1 */ 236#define SAU_INIT_END1 0x003FFFE0 /* end address of SAU region 1 */ 237#define SAU_INIT_NSC1 0 238 239#define SAU_INIT_REGION2 1 240#define SAU_INIT_START2 0x20200000 /* start address of SAU region 2 */ 241#define SAU_INIT_END2 0x203FFFE0 /* end address of SAU region 2 */ 242#define SAU_INIT_NSC2 0 243 244#define SAU_INIT_REGION3 1 245#define SAU_INIT_START3 0x40000000 /* start address of SAU region 3 */ 246#define SAU_INIT_END3 0x40040000 /* end address of SAU region 3 */ 247#define SAU_INIT_NSC3 0 248 249#define SAU_INIT_REGION4 0 250#define SAU_INIT_START4 0x00000000 /* start address of SAU region 4 */ 251#define SAU_INIT_END4 0x00000000 /* end address of SAU region 4 */ 252#define SAU_INIT_NSC4 0 253 254#define SAU_INIT_REGION5 0 255#define SAU_INIT_START5 0x00000000 /* start address of SAU region 5 */ 256#define SAU_INIT_END5 0x00000000 /* end address of SAU region 5 */ 257#define SAU_INIT_NSC5 0 258 259#define SAU_INIT_REGION6 0 260#define SAU_INIT_START6 0x00000000 /* start address of SAU region 6 */ 261#define SAU_INIT_END6 0x00000000 /* end address of SAU region 6 */ 262#define SAU_INIT_NSC6 0 263 264#define SAU_INIT_REGION7 0 265#define SAU_INIT_START7 0x00000000 /* start address of SAU region 7 */ 266#define SAU_INIT_END7 0x00000000 /* end address of SAU region 7 */ 267#define SAU_INIT_NSC7 0 268``` 269 270 271### Configuration of Interrupt Target settings {#sau_interrupttarget_sec} 272 273Each interrupt has a configuration bit that defines the execution in Secure or Non-secure state. The Non-Secure interrupts have a separate vector table. Refer to \ref Model_TrustZone for more information. 274 275<table class="cmtable"> 276 <tr> 277 <th>\#define</th> 278 <th>Value Range</th> 279 <th>Default</th> 280 <th>Description</th> 281 </tr> 282 <tr> 283 <td>NVIC_INIT_ITNS<number></td> 284 <td>0x00000000 .. 0xFFFFFFFF\n 285 [each bit represents an interrupt]</td> 286 <td>0x00000000</td> 287 <td>Interrupt vector target 288 - 0: Secure state 289 - 1: Non-Secure state</td> 290 </tr> 291</table> 292 293The range of \<number\> is 0 .. (\<number of external interrupts\> + 31) / 32. 294 295The following example shows the configuration for a maximum of 64 external interrupts. 296 297```c 298#define NVIC_INIT_ITNS0 0x0000122B 299#define NVIC_INIT_ITNS1 0x0000003A 300``` 301
