I have an STM32 application with two levels of secure code. A bootloader at “LEVEL2” and an application at “LEVEL3”. I am unclear if I should run FreeRTOS in NTZ mode, or in TZ-Secure. I will not have a non-secure element, nor will I have NSC obviously.
To head off the “why use TZ on chip at all then?” questions, some of the features we need only work when the chip is running TrustZone.
Hi @SRA, yes you need to tell FreeRTOS if the CM33 is running in secure mode. Add this line to FreeRTOSConfig.h:
#define configRUN_FREERTOS_SECURE_ONLY 1
And you should be all set. You’ll stick with the NTZ port – meaning the portable files come from e.g. portable/GCC/ARM_CM33_NTZ/non_secure/.
That makes sense except…
Does it? Or rather, how would I know this without asking?
I saw the SECURE_ONLY field and figured this would be for me which is great, but has someone plainly broken this down somewhere?
I think this post by @aggarg on the FreeRTOS blog is excellent. Unfortunately it looks like that particular blog post has aged out of the main blog page. However it is still the first hit when you google “freertos armv8-m”, and it is the second hit when you google “freertos m33 secure”, with the first hit now being this forum thread 
If I had a dollar for every time that happened on my stupid questions… I wouldn’t need to post questions anymore.
Thanks.