Skip to main content
A
antonello-one
Visitor II
April 7, 2025
Question

Configuring LTDC with TrustZone enabled

  • April 7, 2025
  • 1 reply
  • 498 views

Hello,

I'm trying to write an application with TrustZone enabled that uses the LTDC peripheral.

My application:

  • boots into secure world
  • configures the LTDC peripheral and its interrupt, as well as the relevant GPIO pins, as non-secure
  • switches to the non-secure world.

In the non-secure world, I configure the LTDC, passing a buffer placed in non-secure SRAM and start drawing. However, the screen stays black.

I'm able to access the LTDC registers from the non-secure world, so it seems that the permission settings for the MCU are correct. My guess is that for some reason the LTDC peripheral itself does not have permission to access the SRAM, am I missing some other settings?

    This topic has been closed for replies.

    1 reply

    C
    Ch_JE
    ST Employee
    April 10, 2025

    Hello ,

    Try to configure the TrustZone Security Controller (TZSC) for a specific peripheral (in your case, the LTDC).

    (Through HAL GTZC driver)

    • Secure and non-secure attributes can only be configured from the secure state.
    • Security and privilege attributes can be set independently.
    • By default, access is non-secure and unprivileged.

    Regards

    A
    antonello-oneAuthor
    Visitor II
    April 10, 2025

    Hello,

    Thanks for your response. I've already configured the GTZC, I have applied the following configuration:

    Set the LTDC peripheral as non-secure:

    if (HAL_GTZC_TZSC_ConfigPeriphAttributes(GTZC_PERIPH_LTDCUSB, GTZC_TZSC_PERIPH_NSEC | GTZC_TZSC_PERIPH_NPRIV) != HAL_OK) {
 Error_Handler();
}

     

    Set the LTDC global interrupt and LTDC global error interrupt as non-secure by configuring the NVIC->ITNS register:

    #define NVIC_INIT_ITNS4_VAL 0x00001FFF

#if defined (NVIC_INIT_ITNS4) && (NVIC_INIT_ITNS4 == 1U)
 NVIC->ITNS[4] = NVIC_INIT_ITNS4_VAL;
#endif

     

    Set the GPIOs used by the LTDC as non-secure:

    /*IO attributes management functions */
 HAL_GPIO_ConfigPinAttributes(GPIOE, GPIO_PIN_2|GPIO_PIN_3|LCD_ON_Pin|TP_IRQ_Pin
 |BL_CTRL_Pin|GPIO_PIN_7|GPIO_PIN_8|GPIO_PIN_9
 |GPIO_PIN_10|GPIO_PIN_11|GPIO_PIN_12|GPIO_PIN_13
 |GPIO_PIN_14|GPIO_PIN_15|GPIO_PIN_0, GPIO_PIN_NSEC);

 /*IO attributes management functions */
 HAL_GPIO_ConfigPinAttributes(GPIOF, GPIO_PIN_0|GPIO_PIN_1|GPIO_PIN_2, GPIO_PIN_NSEC);

 /*IO attributes management functions */
 HAL_GPIO_ConfigPinAttributes(GPIOC, GPIO_PIN_0|GPIO_PIN_1|GPIO_PIN_6|GPIO_PIN_7
 |GPIO_PIN_8|GPIO_PIN_9|GPIO_PIN_10|GPIO_PIN_11
 |GPIO_PIN_12, GPIO_PIN_NSEC);

 /*IO attributes management functions */
 HAL_GPIO_ConfigPinAttributes(GPIOA, GPIO_PIN_1|GPIO_PIN_3|USB_FAULT_Pin|GPIO_PIN_9
 |GPIO_PIN_10|GPIO_PIN_11|GPIO_PIN_12, GPIO_PIN_NSEC);

 /*IO attributes management functions */
 HAL_GPIO_ConfigPinAttributes(GPIOB, GPIO_PIN_1|GPIO_PIN_2|GPIO_PIN_13|GPIO_PIN_15
 |GPIO_PIN_9, GPIO_PIN_NSEC);

 /*IO attributes management functions */
 HAL_GPIO_ConfigPinAttributes(GPIOD, GPIO_PIN_8|GPIO_PIN_9|GPIO_PIN_10|GPIO_PIN_11
 |GPIO_PIN_12|GPIO_PIN_13|GPIO_PIN_14|GPIO_PIN_15
 |GPIO_PIN_0|GPIO_PIN_1|RED_LED_Pin|GPIO_PIN_3
 |GREEN_LED_Pin|GPIO_PIN_6, GPIO_PIN_NSEC);

 /*IO attributes management functions */
 HAL_GPIO_ConfigPinAttributes(GPIOH, GPIO_PIN_9|GPIO_PIN_10|GPIO_PIN_11|GPIO_PIN_12
 |GPIO_PIN_13|GPIO_PIN_14|GPIO_PIN_15, GPIO_PIN_NSEC);

 /*IO attributes management functions */
 HAL_GPIO_ConfigPinAttributes(GPIOI, GPIO_PIN_0|GPIO_PIN_1|GPIO_PIN_2|GPIO_PIN_3, GPIO_PIN_NSEC);

 /*IO attributes management functions */
 HAL_GPIO_ConfigPinAttributes(GPIOG, GPIO_PIN_9|GPIO_PIN_10|GPIO_PIN_15, GPIO_PIN_NSEC);

     

    Maybe I misconfigured something or I need some other device?

    Thanks

    Terms & ConditionsAccessibility statement