The Trusted Firmware-A (TF-A), sometimes called ARM Trusted Firmware (ATF), is an open source reference implementation of secure-world software for Armv7-A and Armv8-A class processors.

Source code

The source code for ConnectCore MP15 TF-A is available at

This is forked from the SoC vendor (STMicroelectronics) repo, which is itself a fork of the original repo, hosted by Linaro. This repo contains the SoC customizations by STMicroelectronics as well as Digi customizations for the SOM.

Current supported version is v2.6.


The ROM loader reads the TF-A from the boot media. If security is enabled, the ROM loader is also in charge of authenticating the TF-A image before running it.

When TF-A runs, it configures some basic clocks and the external RAM controller. It also initializes a few peripherals such as the debug UART and the PMIC.

Finally, it is responsible for loading boot stage 3 firmware (BL3):

  • BL32: Secure Monitor (OP-TEE)

  • BL33: Non-secure firmware (U-Boot)

These two items come packed on a Firmware Image Program (FIP) image file. When security is enabled, TF-A authenticates the FIP image.

Once loaded, it runs BL32 (OP-TEE).

Device tree configuration

The TF-A can manage its configuration with a device tree. This is a reduced device tree with only the hardware required for the TF-A to work.

Digi Embedded Yocto recipe

The recipe that builds the Trusted Firmware-A is called tf-a-stm32mp. The original recipe belongs to meta-st-stm32mp layer. Digi Embedded Yocto appends the recipe in meta-digi-arm/dynamic-layers/stm-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_%.bbappend.

To build the TF-A from within a Digi Embedded Yocto project:

$ bitbake tf-a-stm32mp

Read more

You can read more on TF-A implementation for the STM32MP15 at