Skip to content

Commit 22fbc78

Browse files
danielinuxdanielinux
committed
Simplified/fixed SAU setup
1 parent 5ac5191 commit 22fbc78

1 file changed

Lines changed: 9 additions & 24 deletions

File tree

hal/stm32_tz.c

Lines changed: 9 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -268,39 +268,24 @@ void hal_gtzc_init(void)
268268

269269
void hal_tz_sau_init(void)
270270
{
271-
/* SAU is set up before staging. Set up all areas as secure. */
271+
/* SAU is set up before staging. Define non-secure windows only. */
272272

273273
/* Non-secure callable: NSC functions area */
274274
sau_init_region(0, WOLFBOOT_NSC_ADDRESS,
275275
WOLFBOOT_NSC_ADDRESS + WOLFBOOT_NSC_SIZE - 1, 1);
276276

277-
/* Non-secure flash alias (entire NS flash window) */
278-
sau_init_region(1, 0x08000000, FLASH_TOP, 0);
279-
280-
/* Secure: update partition in secure alias (use matching FLASH_TOP base) */
281-
uint32_t flash_top_secure = FLASH_TOP;
282-
if ((WOLFBOOT_PARTITION_UPDATE_ADDRESS & 0xFF000000u) !=
283-
(FLASH_TOP & 0xFF000000u)) {
284-
flash_top_secure =
285-
(WOLFBOOT_PARTITION_UPDATE_ADDRESS & 0xFF000000u) |
286-
(FLASH_TOP & 0x00FFFFFFu);
287-
}
288-
sau_init_region(2, WOLFBOOT_PARTITION_UPDATE_ADDRESS, flash_top_secure, 1);
289-
290-
/* Secure RAM regions in SRAM1/SRAM2 */
291-
sau_init_region(3, 0x30000000, 0x3004FFFF, 1);
277+
/* Non-secure flash alias (boot partition only) */
278+
sau_init_region(1, WOLFBOOT_PARTITION_BOOT_ADDRESS,
279+
WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE - 1, 0);
292280

293281
/* Non-secure RAM region in SRAM1/SRAM2 (STM32L5x2: 0x2000_0000..0x2003_FFFF) */
294-
sau_init_region(4, 0x20000000, 0x2003FFFF, 0);
282+
sau_init_region(2, 0x20000000, 0x2003FFFF, 0);
295283

296284
/* Non-secure: internal peripherals */
297-
sau_init_region(5, 0x40000000, 0x4FFFFFFF, 0);
298-
299-
/* Secure mapped peripherals */
300-
sau_init_region(6, 0x50000000, 0x5FFFFFFF, 1);
285+
sau_init_region(3, 0x40000000, 0x4FFFFFFF, 0);
301286

302287
/* Set as non-secure: OTP + RO area */
303-
sau_init_region(7, 0x08FFF000, 0x08FFFFFF, 0);
288+
sau_init_region(4, 0x08FFF000, 0x08FFFFFF, 0);
304289

305290
/* Enable SAU */
306291
SAU_CTRL = SAU_INIT_CTRL_ENABLE;
@@ -316,9 +301,9 @@ void hal_tz_sau_init(void)
316301
sau_init_region(0, WOLFBOOT_NSC_ADDRESS,
317302
WOLFBOOT_NSC_ADDRESS + WOLFBOOT_NSC_SIZE - 1, 1);
318303

319-
/* Non-secure: application flash area */
304+
/* Non-secure: application flash area (boot partition only) */
320305
sau_init_region(1, WOLFBOOT_PARTITION_BOOT_ADDRESS,
321-
WOLFBOOT_PARTITION_BOOT_ADDRESS + 2 * WOLFBOOT_PARTITION_SIZE - 1,
306+
WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE - 1,
322307
0);
323308

324309
/* Non-secure RAM region in SRAM1/SRAM2 */

0 commit comments

Comments
 (0)