Figure 82. Flash Memory Protection Overview When Leaving Tfm_Sbsfu_Boot Application To Secure And Nonsecure Local; Loader Application - ST STM32CubeU5 TFM User Manual

When leaving the TFM_SBSFU_Boot application for jumping to the secure and nonsecure local loader application
(primary only slot configuration), all flash memory areas dedicated to TFM_SBSFU_Boot execution are hidden,
the SAU/MPU configurations are locked, and the flash memory area corresponding to the secure part of the local
loader is configured as secure.
Figure 82. Flash memory protection overview when leaving TFM_SBSFU_Boot application to secure and nonsecure
Legend:
Nonsecure / Privileged
Secure / Privileged
Immutable application
Flash memory layout
Local loader
Nonsecure data secondary slot
Area 7
Secure data secondary slot
Area 6
Nonsecure image secondary slot
Area 3
Secure image secondary slot
Area 2
Nonsecure data primary slot
Area 5
Nonsecure image primary slot
Area 1
Secure image primary slot
Area 0
Secure data primary slot
Area 4
ITS area
PS area
Fixed
NV COUNTER
entry point
after reset
HDP activation code
TFM_SBSFU_Boot
Integrator perso data
SCRATCH
BL2 NVCNT
HASH REF
UM2851 - Rev 4
local loader application
PSA architecture mapping
PSA immutable RoT code
Nonsecure application
Application updatable RoT code
PSA updatable RoT code
PSA updatable RoT data
PSA immutable RoT code
Hidden by HDP
PSA immutable RoT data
TFM applications
mapping
TFM loader
Secure / Privileged area
Nonsecure / Privileged area
Nonsecure data
Nonsecure application
Secure application
Secure data
Secure / Privileged area
TFM_SBSFU_Boot
UM2851
Flash memory protections
Privileges
page 90/117