Chapter 11 Core Concepts and Terms

11.1 STM32L5: GTZC and subcomponents

TrustZone Security Controller (TZSC)

STM32CubeL5 HAL for TZSC

STM32L5: TrustZone Illegal Access Controller (TZIC)

STM32CubeL5 HAL for TZIC

STM32L5: SRAM

11.2 Bluepill

STM32 “Bluepill” STM32F103C8T6

Logic Analyzer: UART

Firmware Extraction via UART (FTDI)

Find I2C address

Serial EEPROM simulation

Monodon Firmware

11.3 Embedded Hacker Tools

Bus Pirate

Logic Analyzer

PulseView

Tigard

11.4 Embedded Protocol Analysis

Serial Communication

Parallel Communication

Asynchronous Communication

Synchronous Communication

Duplex

Baud Rate

Bit Rate

TTL

RS-232

UART

USART

I2C

Embedded Protocols

UART

I2C

11.5 Lifecycle Configurations

STM32 Product Life Cycle

11.6 SRAM Protections

System Design: Security Gates and System Security Controllers

STM32L5: SRAM

11.7 Flash Protections

System Design: Security Gates and System Security Controllers

STM32L5: Flash

STM32F103: Read out and write protections

11.8 System Security Components

System Security Controller

Security wrapper

Block-based Gate

Watermark-based Gate

Select-based Gate

Lite-IDAU

STM32L5: TrustZone Illegal Access Controller (TZIC)

Example STM32L5: GTZC Configuration (Example 1)

11.9 System Security Design

System Design: Security Gates and System Security Controllers

STM32L5: TrustZone Illegal Access Controller (TZIC)

11.10 Heap

CMSIS: Heap and Stack

11.11 Stack

stack frame

stack layout

CMSIS: Heap and Stack

Arm Architecture: Execution Modes and Privilege Levels

Arm Architecture: General-Purpose registers, special-purpose registers

AAPCS: Subroutine Call

11.12 Trustzone: Periphery

transaction

bus master

bus slave

security gate

TrustZone-aware

system security controller

Security Gate

System Design: Security Gates and System Security Controllers

11.13 Implementation Defined Attribution Unit

IDAU and SAU: Security attribution

STM32L5: Memory Map

11.14 Security Attribution Unit

IDAU and SAU: Security attribution

CMSIS: ROM segment and Boot Process

SAU Initialization

STM32L5: Memory Map

11.15 TrustZone-M core components

Security Extensions

Security Level

Security Attribute

secure security attribute

non-secure security attribute

non-secure callable security attribute

SAU

IDAU

Attribution Unit

Basics: TrustZone-M

Two worlds: Secure and non-secure

IDAU and SAU: Security attribution

11.16 Nonsecure function calls

non-secure function call

__gnu_cmse_nonsecure_call

AAPCS: Subroutine Call

Banked Registers

Overview: Non-Secure function call

Details: Non-secure function call

11.17 Secure function calls

secure function call

SG instruction

entry function

secure gateway veneer

SG veneer

CSME import library

CMSIS: Non-Secure Callable segment

AAPCS: Subroutine Call

Banked Registers

Details: Secure function call

Overview: Secure function call

11.18 CMSIS

cmsis

CMSIS: ROM segment and Boot Process

SAU Initialization

11.19 Interworking

Excursus: Arm-Thumb interworking and .glue_7 and .glue_7t

AAPCS: IP register for Interworking

11.20 Arm Registers

General-Purpose Register

Special-Purpose Register

variable registers

argument registers

Link Register

Stack Pointer

Banked Register

AAPCS: Subroutine Call

Banked Registers

Arm Architecture: General-Purpose registers, special-purpose registers

11.21 Arm ABI

procedure call standard

application binary interface

calling convention

Procedure Call Standard for Arm Architecture

composite type

fundamental type

maschine type

parameter

argument

caller-saved register

callee-saved register

AAPCS Arm ABI and Runtime view

AAPCS: Data Types

AAPCS: Subroutine Call

11.22 Interrupts

Arm Architecture:NVIC

Arm Architecture: Masking

11.23 Arm Privilege Levels

Shadowed Stack Pointer

Process Stack Pointer

Main Stack Pointer

Execution Modes and Privilege Levels (with TrustZone)

Arm Architecture: Execution Modes and Privilege Levels

11.24 Arm Memory System

System Control Block

System Control Space

System Address Map

STM32L5: Memory Map

Arm Architecture: Memory System

11.25 Vector Table

Arm Architecture:Exceptions, Interrupts, Faults

CMSIS: ROM segment and Boot Process

11.26 Arm Exception System

Execution Mode

Privilege Level

Handler Mode

Thread Mode

Exceptions

System Exceptions

Interrupts

Faults

Vector Table

Interrupt Service Routine

Fault handlers

System handlers

Exception Masking

NVIC

Masking

exception entry

exeption phases

state context

additional state context

additional floating point context

Arm Architecture:NVIC

Arm Architecture: Masking

Exception Entry and Return

STM32L5: TrustZone Illegal Access Controller (TZIC)

Arm Architecture: Execution Modes and Privilege Levels

Arm Architecture:Exceptions, Interrupts, Faults

Secure and non-secure exceptions

11.27 Arm Architecture Basics

Arm Architecutre

Arm Profile

Architectures and Core Implementations

Arm -M profile (Armv6-M, Armv7-M, Armv8-M)

11.28 ELF

section

symbol

symbol table

input section

output section

execution view

linking view

Compiler, Assembler and Linker: Terms and concepts

ELF

11.29 Assembler Instrutions

.word

.weak

CMSIS: ROM segment and Boot Process

11.30 Assembler Terms

directive

(assembly) instruction

label

statement

Assembler Terms

11.31 Linker Script

ENTRY command

MEMORY command

location counter

Linker Script

CMSIS: Memory segments

CMSIS: Heap and Stack

11.32 Veneers

Veneers

Overview: Secure function call

11.33 Linking

relocation

relocation table

veneer

linker script

linker command

(memory) region

segment

relocatable unit

Load Memory Address (LMA)

Virtual Memory Address (VMA)

Relocation

Veneers

Linker Script

CMSIS: ROM segment and Boot Process

11.34 Section

section

.data

.bss

literal pool

Sections

.data section

.bss section

Literal Pool

11.35 Symbol

visibility

storage duration

extern specifier

static specifier

symbol

C objects and identifiers: Terms and Concepts

Symbols

11.36 C Basics

compile

assemble

link

translation unit

object file

relocatable object file

executable object file

ELF

C language: General terms and concepts

11.37 C object

object

scope

visibility

identifier

declaration

definition

initialization

storage class

linkage

storage duration

extern specifier

static specifier

C objects and identifiers: Terms and Concepts