diff --git a/boards/st/nucleo_u5a5zj_q/Kconfig.defconfig b/boards/st/nucleo_u5a5zj_q/Kconfig.defconfig
new file mode 100644
index 0000000000000..5630e5930471c
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/Kconfig.defconfig
@@ -0,0 +1,24 @@
+# Copyright (c) 2025
+# SPDX-License-Identifier: Apache-2.0
+
+if BOARD_NUCLEO_U5A5ZJ_Q
+
+config TFM_BOARD
+ default "${ZEPHYR_BASE}/boards/st/nucleo_u5a5zj_q/tfm"
+
+if BUILD_WITH_TFM
+
+config USE_DT_CODE_PARTITION
+ default y if TRUSTED_EXECUTION_NONSECURE
+
+config TFM_INITIAL_ATTESTATION_KEY
+ default y
+
+# Disabled to show how to define custom keys,
+# see nucleo_u5a5zj_q_stm32u5a5xx_ns_defconfig
+config TFM_DUMMY_PROVISIONING
+ default n
+
+endif # BUILD_WITH_TFM
+
+endif # BOARD_NUCLEO_U5A5ZJ_Q
diff --git a/boards/st/nucleo_u5a5zj_q/Kconfig.nucleo_u5a5zj_q b/boards/st/nucleo_u5a5zj_q/Kconfig.nucleo_u5a5zj_q
index 58256af223f38..8f850f91db02a 100644
--- a/boards/st/nucleo_u5a5zj_q/Kconfig.nucleo_u5a5zj_q
+++ b/boards/st/nucleo_u5a5zj_q/Kconfig.nucleo_u5a5zj_q
@@ -1,4 +1,4 @@
-# Copyright (c) 2023 STMicroelectronics
+# Copyright (c) 2025 STMicroelectronics
# SPDX-License-Identifier: Apache-2.0
config BOARD_NUCLEO_U5A5ZJ_Q
diff --git a/boards/st/nucleo_u5a5zj_q/board.cmake b/boards/st/nucleo_u5a5zj_q/board.cmake
index e846f79f3817b..0d02c605b67c1 100644
--- a/boards/st/nucleo_u5a5zj_q/board.cmake
+++ b/boards/st/nucleo_u5a5zj_q/board.cmake
@@ -1,3 +1,18 @@
+# SPDX-License-Identifier: Apache-2.0
+
+if(CONFIG_BUILD_WITH_TFM)
+ set(TFM_FLASH_BASE_ADDRESS 0x0C000000)
+
+ # Flash merged TF-M + Zephyr binary
+ set_property(TARGET runners_yaml_props_target PROPERTY hex_file tfm_merged.hex)
+
+ if (CONFIG_HAS_FLASH_LOAD_OFFSET)
+ MATH(EXPR TFM_HEX_BASE_ADDRESS_NS "${TFM_FLASH_BASE_ADDRESS}+${CONFIG_FLASH_LOAD_OFFSET}")
+ else()
+ set(TFM_HEX_BASE_ADDRESS_NS ${TFM_TFM_FLASH_BASE_ADDRESS})
+ endif()
+endif()
+
# keep first
board_runner_args(stm32cubeprogrammer "--port=swd" "--reset-mode=hw")
diff --git a/boards/st/nucleo_u5a5zj_q/board.yml b/boards/st/nucleo_u5a5zj_q/board.yml
index d5376588b215f..96cdbf94e8e81 100644
--- a/boards/st/nucleo_u5a5zj_q/board.yml
+++ b/boards/st/nucleo_u5a5zj_q/board.yml
@@ -4,3 +4,5 @@ board:
vendor: st
socs:
- name: stm32u5a5xx
+ variants:
+ - name: ns
diff --git a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q-common.dtsi b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q-common.dtsi
index 269b112069fbb..52d3954cb2472 100644
--- a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q-common.dtsi
+++ b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q-common.dtsi
@@ -171,10 +171,6 @@
status = "okay";
};
-&rng {
- status = "okay";
-};
-
&fdcan1 {
clocks = <&rcc STM32_CLOCK(APB1_2, 9)>,
<&rcc STM32_SRC_PLL1_Q FDCAN1_SEL(1)>;
@@ -196,3 +192,17 @@
&vbat4 {
status = "okay";
};
+
+&gpdma1 {
+ status = "okay";
+};
+
+zephyr_udc0: &usbotg_hs {
+ pinctrl-0 = <&usb_otg_hs_dm_pa11 &usb_otg_hs_dp_pa12>;
+ pinctrl-names = "default";
+ status = "okay";
+};
+
+&otghs_phy {
+ clock-reference = "SYSCFG_OTG_HS_PHY_CLK_16MHz";
+};
diff --git a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts
index 993d55370159c..4760ab5c361d4 100644
--- a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts
+++ b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q.dts
@@ -21,6 +21,7 @@
zephyr,flash = &flash0;
zephyr,canbus = &fdcan1;
zephyr,code-partition = &slot0_partition;
+ zephyr,entropy = &rng;
};
aliases {
@@ -74,16 +75,6 @@
status = "okay";
};
-&gpdma1 {
+&rng {
status = "okay";
};
-
-zephyr_udc0: &usbotg_hs {
- pinctrl-0 = <&usb_otg_hs_dm_pa11 &usb_otg_hs_dp_pa12>;
- pinctrl-names = "default";
- status = "okay";
-};
-
-&otghs_phy {
- clock-reference = "SYSCFG_OTG_HS_PHY_CLK_16MHz";
-};
diff --git a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.dts b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.dts
new file mode 100644
index 0000000000000..b78639e79214a
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.dts
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2025 Leica Geosystems AG
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/dts-v1/;
+#include "nucleo_u5a5zj_q-common.dtsi"
+
+/ {
+ model = "STMicroelectronics STM32U5A5ZJ-NUCLEO-Q board";
+ compatible = "st,stm32u5a5zj-nucleo-q";
+
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ chosen {
+ zephyr,console = &usart1;
+ zephyr,shell-uart = &usart1;
+ zephyr,sram = &sram0;
+ zephyr,flash = &flash0;
+ zephyr,code-partition = &slot0_ns_partition;
+ zephyr,entropy = &psa_rng;
+ };
+
+ aliases {
+ led0 = &blue_led_1;
+ sw0 = &user_button;
+ };
+
+ /* SRAM3 + SRAM5 (832 kiB + 832kiB)*/
+ /delete-node/ memory@20000000;
+ sram0: memory@200d0000 {
+ compatible = "mmio-sram";
+ reg = <0x200d0000 DT_SIZE_K(1664)>;
+ };
+
+ psa_rng: psa-rng {
+ compatible = "zephyr,psa-crypto-rng";
+ status = "okay";
+ };
+};
+
+&flash0 {
+ partitions {
+ compatible = "fixed-partitions";
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ /*
+ * Following flash partition is compatible with requirements
+ * given in TFM configuration given for current board.
+ * It might require adjustment depending on evolutions on TFM.
+ */
+ boot_partition: partition@0 {
+ label = "mcuboot";
+ reg = <0x00000000 DT_SIZE_K(384)>;
+ read-only;
+ };
+
+ /* Secure image primary slot */
+ slot0_partition: partition@60000 {
+ label = "image-0";
+ reg = <0x00060000 DT_SIZE_K(512)>;
+ };
+
+ /* Non-secure image primary slot */
+ slot0_ns_partition: partition@e0000 {
+ label = "image-0-nonsecure";
+ reg = <0x000e0000 DT_SIZE_K(1280)>;
+ };
+
+ /* Secure image secondary slot */
+ slot1_partition: partition@220000 {
+ label = "image-1";
+ reg = <0x00220000 DT_SIZE_K(512)>;
+ };
+
+ /* Non-secure image secondary slot */
+ slot1_ns_partition: partition@2a0000 {
+ label = "image-1-nonsecure";
+ reg = <0x002a0000 DT_SIZE_K(1280)>;
+ };
+
+ /* Applicative Non Volatile Storage */
+ storage_partition: partition@3e0000 {
+ label = "storage";
+ reg = <0x003e0000 DT_SIZE_K(128)>;
+ };
+ };
+};
+
+&usart1 {
+ pinctrl-0 = <&usart1_tx_pa9 &usart1_rx_pa10>;
+ pinctrl-names = "default";
+ current-speed = <115200>;
+ status = "okay";
+};
diff --git a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.yaml b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.yaml
new file mode 100644
index 0000000000000..02dbd5211c27a
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns.yaml
@@ -0,0 +1,27 @@
+#
+# Copyright (c) 2025 Leica Geosystems AG
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+identifier: nucleo_u5a5zj_q/stm32u5a5xx/ns
+name: ST Nucleo U5A5ZJ Q
+type: mcu
+arch: arm
+toolchain:
+ - zephyr
+supported:
+ - backup_sram
+ - can
+ - dac
+ - dma
+ - gpio
+ - i2c
+ - rtc
+ - spi
+ - trusted-firmware-m
+ - usart
+ - usbd
+ - watchdog
+ram: 1664
+flash: 1280
diff --git a/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns_defconfig b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns_defconfig
new file mode 100644
index 0000000000000..e16562f776d5b
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/nucleo_u5a5zj_q_stm32u5a5xx_ns_defconfig
@@ -0,0 +1,31 @@
+#
+# Copyright (c) 2025 Leica Geosystems AG
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# enable uart driver
+CONFIG_SERIAL=y
+
+# enable GPIO
+CONFIG_GPIO=y
+
+# console
+CONFIG_CONSOLE=y
+CONFIG_UART_CONSOLE=y
+
+# Enable MPU
+CONFIG_ARM_MPU=y
+
+# Enable HW stack protection
+CONFIG_HW_STACK_PROTECTION=y
+
+# TF-M
+CONFIG_ARM_TRUSTZONE_M=y
+CONFIG_RUNTIME_NMI=y
+CONFIG_TRUSTED_EXECUTION_NONSECURE=y
+
+# Keys - These are for development purposes only and should be changed.
+CONFIG_TFM_MCUBOOT_SIGNATURE_TYPE="RSA-3072"
+CONFIG_TFM_KEY_FILE_S="${BOARD_DIR}/tfm/keys/rsa-3072-private-s.pem"
+CONFIG_TFM_KEY_FILE_NS="${BOARD_DIR}/tfm/keys/rsa-3072-private-ns.pem"
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/CMakeLists.txt b/boards/st/nucleo_u5a5zj_q/tfm/CMakeLists.txt
new file mode 100644
index 0000000000000..bfaa7857ff2fd
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/CMakeLists.txt
@@ -0,0 +1,80 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+set(NUCLEO_U5A5ZJ_Q_DIR ${CMAKE_CURRENT_LIST_DIR})
+set(STM_COMMON_DIR ${PLATFORM_DIR}/ext/target/stm/common)
+
+include(${STM_COMMON_DIR}/stm32u5xx/CMakeLists.txt)
+
+#========================= Platform defs ===============================#
+
+# Specify the location of platform specific build dependencies.
+target_sources(tfm_s
+ PRIVATE
+ ${STM_COMMON_DIR}/stm32u5xx/Device/Source/startup_stm32u5xx_s.c
+)
+
+# cpuarch.cmake is used to set things that related to the platform that are both
+install(FILES
+ ${TARGET_PLATFORM_PATH}/cpuarch.cmake
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+)
+
+install(FILES
+ ${STM_COMMON_DIR}/stm32u5xx/Device/Source/startup_stm32u5xx_ns.c
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/Device/Source
+)
+
+install(DIRECTORY
+ ${TARGET_PLATFORM_PATH}/ns/
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+)
+
+install(DIRECTORY
+ ${TARGET_PLATFORM_PATH}/include
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}
+)
+
+install(FILES
+ ${TARGET_PLATFORM_PATH}/accelerator/crypto_accelerator_config.h
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/include
+)
+
+install(DIRECTORY
+ ${STM_COMMON_DIR}/hal/accelerator/
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/include
+ FILES_MATCHING PATTERN "*.h"
+)
+
+install(FILES
+ ${NUCLEO_U5A5ZJ_Q_DIR}/partition/flash_layout.h
+ ${NUCLEO_U5A5ZJ_Q_DIR}/partition/region_defs.h
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/partition
+)
+
+if(BL2)
+ target_sources(bl2
+ PRIVATE
+ ${STM_COMMON_DIR}/stm32u5xx/Device/Source/startup_stm32u5xx_bl2.c
+ ${STM_COMMON_DIR}/hal/provision/nvm_init.c
+ ${STM_COMMON_DIR}/hal/provision/nvmcnt_init.c
+ ${NUCLEO_U5A5ZJ_Q_DIR}/keys/otp_provision.c
+ )
+endif()
+#install flash layout for postbuild.sh
+install(FILES
+ ${NUCLEO_U5A5ZJ_Q_DIR}/partition/flash_layout.h
+ ${NUCLEO_U5A5ZJ_Q_DIR}/partition/region_defs.h
+ DESTINATION ${CMAKE_INSTALL_PREFIX}
+)
+set (BL2_FILE_TO_PREPROCESS ${CMAKE_CURRENT_BINARY_DIR}/image_macros_to_preprocess_bl2.c)
+file(WRITE ${BL2_FILE_TO_PREPROCESS} ${BL2_PREPROCESSING})
+
+install(FILES
+ ${BL2_FILE_TO_PREPROCESS}
+ DESTINATION ${CMAKE_INSTALL_PREFIX}
+)
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/accelerator/CMakeLists.txt b/boards/st/nucleo_u5a5zj_q/tfm/accelerator/CMakeLists.txt
new file mode 100644
index 0000000000000..c15ed89e19621
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/accelerator/CMakeLists.txt
@@ -0,0 +1,79 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2024, Arm Limited. All rights reserved.
+# Copyright (c) 2021 STMicroelectronics. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+############################ Crypto Service ####################################
+
+if (TFM_PARTITION_CRYPTO)
+ target_sources(crypto_service_crypto_hw
+ PRIVATE
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/rsa_alt.c
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ecdsa_alt.c
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/gcm_alt.c
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/aes_alt.c
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ccm_alt.c
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ecp_alt.c
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/ecp_curves_alt.c
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/sha1_alt.c
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/sha256_alt.c
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/stm.c
+ )
+
+ target_include_directories(crypto_service_crypto_hw
+ PRIVATE
+ ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/accelerator/
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/
+ ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/include/
+ ${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/hal/Inc/
+ ${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/Device/Include/
+ ${PLATFORM_DIR}/include
+ ${CMAKE_BINARY_DIR}/generated
+ ${CMAKE_SOURCE_DIR}/interface/include
+ )
+ target_include_directories(crypto_service_mbedcrypto
+ PUBLIC
+ ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/accelerator/
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/
+ ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/include/
+ ${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/hal/Inc/
+ ${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/Device/Include/
+ )
+
+ target_include_directories(psa_crypto_config
+ INTERFACE
+ $
+ )
+
+ target_compile_definitions(crypto_service_crypto_hw
+ PRIVATE
+ ST_HW_CONTEXT_SAVING
+ $<$,$>:BUILD_CRYPTO_TFM>
+ INTERFACE
+ $<$,$>:PSA_WANT_ALG_GCM>
+ )
+
+ target_link_libraries(crypto_service_crypto_hw
+ PRIVATE
+ crypto_service_mbedcrypto
+ platform_s
+ cmsis
+ )
+
+ target_link_libraries(crypto_service_mbedcrypto
+ PUBLIC
+ cmsis
+ )
+
+ target_link_libraries(platform_s
+ PRIVATE
+ crypto_service_crypto_hw
+ )
+ target_link_libraries(crypto_service_crypto_hw
+ INTERFACE
+ tfm_config
+ )
+endif()
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/accelerator/crypto_accelerator_config.h b/boards/st/nucleo_u5a5zj_q/tfm/accelerator/crypto_accelerator_config.h
new file mode 100644
index 0000000000000..199e150f67473
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/accelerator/crypto_accelerator_config.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021 STMicroelectronics. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef CRYPTO_ACCELERATOR_CONF_H
+#define CRYPTO_ACCELERATOR_CONF_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/****************************************************************/
+/* Require built-in implementations based on PSA requirements */
+/****************************************************************/
+#ifdef PSA_USE_SE_ST
+/* secure element define */
+#define PSA_WANT_KEY_TYPE_AES
+#ifdef MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_CRYPTO_SE_C
+#define MBEDTLS_CMAC_C
+#define MBEDTLS_CIPHER_MODE_CBC
+#endif
+
+#ifdef PSA_WANT_ALG_SHA_1
+#define MBEDTLS_SHA1_ALT
+#endif /* PSA_WANT_ALG_SHA_1 */
+
+#ifdef PSA_WANT_ALG_SHA_256
+#define MBEDTLS_SHA256_ALT
+#endif /* PSA_WANT_ALG_SHA_256 */
+
+#if defined(PSA_WANT_ALG_RSA_OAEP) || \
+ defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) || \
+ defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(PSA_WANT_ALG_RSA_PSS) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
+ defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+#define MBEDTLS_RSA_ALT
+#endif
+
+#if defined(PSA_WANT_ALG_ECDH) || \
+ defined(PSA_WANT_ALG_ECDSA) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
+ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#define MBEDTLS_ECP_ALT
+#undef MBEDTLS_ECP_NIST_OPTIM
+#endif
+
+#ifdef PSA_WANT_ALG_CCM
+#define MBEDTLS_CCM_ALT
+#endif /* PSA_WANT_ALG_CCM */
+
+#ifdef PSA_WANT_KEY_TYPE_AES
+#define MBEDTLS_AES_ALT
+#endif /* PSA_WANT_KEY_TYPE_AES */
+
+#ifdef PSA_WANT_ALG_GCM
+#define MBEDTLS_GCM_ALT
+#endif /* PSA_WANT_ALG_GCM */
+
+#if defined(PSA_WANT_ALG_ECDSA) || \
+ defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
+#define MBEDTLS_ECDSA_VERIFY_ALT
+#define MBEDTLS_ECDSA_SIGN_ALT
+#endif
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* CRYPTO_ACCELERATOR_CONF_H */
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/accelerator/mbedtls_accelerator_config.h b/boards/st/nucleo_u5a5zj_q/tfm/accelerator/mbedtls_accelerator_config.h
new file mode 100644
index 0000000000000..af0ce3857a55a
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/accelerator/mbedtls_accelerator_config.h
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021 STMicroelectronics. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef MBEDTLS_ACCELERATOR_CONF_H
+#define MBEDTLS_ACCELERATOR_CONF_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/* RNG Config */
+#undef MBEDTLS_ENTROPY_NV_SEED
+#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_ENTROPY_HARDWARE_ALT
+
+#undef MBEDTLS_AES_SETKEY_DEC_ALT
+#undef MBEDTLS_AES_DECRYPT_ALT
+
+/* specific Define for platform hardware accelerator */
+#define GENERATOR_HW_PKA_EXTENDED_API
+#define GENERATOR_HW_CRYPTO_DPA_SUPPORTED
+#define HW_CRYPTO_DPA_AES
+#define HW_CRYPTO_DPA_GCM
+
+/****************************************************************/
+/* Infer PSA requirements from Mbed TLS capabilities */
+/****************************************************************/
+#ifndef MBEDTLS_PSA_CRYPTO_CONFIG
+
+#ifdef MBEDTLS_SHA1_C
+#define MBEDTLS_SHA1_ALT
+#endif /* MBEDTLS_SHA1_C */
+
+#ifdef MBEDTLS_SHA256_C
+#define MBEDTLS_SHA256_ALT
+#endif /* MBEDTLS_SHA256_C */
+
+#ifdef MBEDTLS_RSA_C
+#define MBEDTLS_RSA_ALT
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_ECP_C)
+#define MBEDTLS_ECP_ALT
+#undef MBEDTLS_ECP_NIST_OPTIM
+/*#define MBEDTLS_MD5_ALT*/
+#endif /* MBEDTLS_ECP_C && MBEDTLS_MD_C */
+
+#ifdef MBEDTLS_CCM_C
+#define MBEDTLS_CCM_ALT
+#endif /* MBEDTLS_CCM_C */
+
+#ifdef MBEDTLS_AES_C
+#define MBEDTLS_AES_ALT
+#endif /* MBEDTLS_AES_C */
+
+#ifdef MBEDTLS_GCM_C
+#define MBEDTLS_GCM_ALT
+#endif /* MBEDTLS_GCM_C */
+
+#ifdef MBEDTLS_ECDSA_C
+#define MBEDTLS_ECDSA_VERIFY_ALT
+#define MBEDTLS_ECDSA_SIGN_ALT
+#endif /* MBEDTLS_ECDSA_C */
+
+/* secure element define */
+#ifdef MBEDTLS_PSA_CRYPTO_C
+#ifdef PSA_USE_SE_ST
+#define MBEDTLS_PSA_CRYPTO_SE_C
+#define MBEDTLS_CMAC_C
+#define MBEDTLS_CIPHER_MODE_CBC
+#endif
+#endif
+
+#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* MBEDTLS_ACCELERATOR_CONF_H */
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/config.cmake b/boards/st/nucleo_u5a5zj_q/tfm/config.cmake
new file mode 100644
index 0000000000000..5cb19cdd7ed2d
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/config.cmake
@@ -0,0 +1,53 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+# Copyright (c) 2021 STMicroelectronics. All rights reserved.
+# Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon company)
+# or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+################################## BL2 #########################################################################################################
+set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately")
+set(BL2_TRAILER_SIZE 0x9000 CACHE STRING "Trailer size")
+set(MCUBOOT_ALIGN_VAL 16 CACHE STRING "Align option to build image with imgtool")
+set(MCUBOOT_UPGRADE_STRATEGY "SWAP_USING_SCRATCH" CACHE STRING "Upgrade strategy for images")
+set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable platform partition")
+set(MCUBOOT_CONFIRM_IMAGE ON CACHE BOOL "Whether to confirm the image if REVERT is supported in MCUboot")
+set(MCUBOOT_BOOTSTRAP ON CACHE BOOL "Allow initial state with images in secondary slots(empty primary slots)")
+set(MCUBOOT_ENC_IMAGES ON CACHE BOOL "Enable encrypted image upgrade support")
+set(MCUBOOT_ENCRYPT_RSA ON CACHE BOOL "Use RSA for encrypted image upgrade support")
+set(MCUBOOT_DATA_SHARING ON CACHE BOOL "Enable Data Sharing")
+cmake_path(NORMAL_PATH MCUBOOT_KEY_S)
+cmake_path(NORMAL_PATH MCUBOOT_KEY_NS)
+cmake_path(GET MCUBOOT_KEY_S PARENT_PATH MCUBOOT_KEY_PATH)
+set(MCUBOOT_KEY_ENC "${MCUBOOT_KEY_PATH}/rsa-2048-public-bl2.pem" CACHE FILEPATH "Path to key with which to encrypt binary")
+
+################################## Dependencies ################################################################################################
+set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON CACHE BOOL "Enable Internal Trusted Storage partition")
+set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Crypto partition")
+set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
+set(MBEDCRYPTO_BUILD_TYPE minsizerel CACHE STRING "Build type of Mbed Crypto library")
+set(TFM_DUMMY_PROVISIONING OFF CACHE BOOL "Provision with dummy values. NOT to be used in production")
+set(PLATFORM_DEFAULT_OTP_WRITEABLE OFF CACHE BOOL "Use on chip flash with write support")
+set(PLATFORM_DEFAULT_NV_COUNTERS OFF CACHE BOOL "Use default nv counter implementation.")
+set(PS_CRYPTO_AEAD_ALG PSA_ALG_GCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in Protected Storage")
+set(MCUBOOT_FIH_PROFILE LOW CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]")
+
+################################## Platform-specific configurations ############################################################################
+set(CONFIG_TFM_USE_TRUSTZONE ON CACHE BOOL "Use TrustZone")
+set(TFM_MULTI_CORE_TOPOLOGY OFF CACHE BOOL "Platform has multi core")
+set(PLATFORM_HAS_FIRMWARE_UPDATE_SUPPORT ON CACHE BOOL "Whether the platform has firmware update support")
+set(STSAFEA OFF CACHE BOOL "Activate ST SAFE SUPPORT")
+
+################################## FIRMWARE_UPDATE #############################################################################################
+set(TFM_PARTITION_FIRMWARE_UPDATE ON CACHE BOOL "Enable firmware update partition")
+set(MCUBOOT_HW_ROLLBACK_PROT ON CACHE BOOL "Security counter validation against non-volatile HW counters")
+set(TFM_FWU_BOOTLOADER_LIB "mcuboot" CACHE STRING "Bootloader configure file for Firmware Update partition")
+set(TFM_CONFIG_FWU_MAX_WRITE_SIZE 8192 CACHE STRING "The maximum permitted size for block in psa_fwu_write, in bytes.")
+set(TFM_CONFIG_FWU_MAX_MANIFEST_SIZE 0 CACHE STRING "The maximum permitted size for manifest in psa_fwu_start(), in bytes.")
+set(FWU_DEVICE_CONFIG_FILE "" CACHE STRING "The device configuration file for Firmware Update partition")
+set(FWU_SUPPORT_TRIAL_STATE ON CACHE BOOL "Device support TRIAL component state.")
+set(DMCUBOOT_UPGRADE_STRATEGY SWAP_USING_MOVE)
+set(DEFAULT_MCUBOOT_FLASH_MAP ON CACHE BOOL "Whether to use the default flash map defined by TF-M project")
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/config_tfm_target.h b/boards/st/nucleo_u5a5zj_q/tfm/config_tfm_target.h
new file mode 100644
index 0000000000000..3284bed452ef1
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/config_tfm_target.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_TFM_TARGET_H__
+#define __CONFIG_TFM_TARGET_H__
+
+/* Use stored NV seed to provide entropy */
+#define CRYPTO_NV_SEED 0
+
+/* Use external RNG to provide entropy */
+#define CRYPTO_EXT_RNG 1
+
+/* Partition size 112kB in flash_layout.h */
+#undef ITS_NUM_ASSETS
+#define ITS_NUM_ASSETS 32
+#undef ITS_MAX_ASSET_SIZE
+#define ITS_MAX_ASSET_SIZE 2048
+
+/* Partition size 16kB in flash_layout.h */
+#undef PS_NUM_ASSETS
+#define PS_NUM_ASSETS 32
+#undef PS_MAX_ASSET_SIZE
+#define PS_MAX_ASSET_SIZE 2048
+
+#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/cpuarch.cmake b/boards/st/nucleo_u5a5zj_q/tfm/cpuarch.cmake
new file mode 100644
index 0000000000000..be6bfb92fdbbc
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/cpuarch.cmake
@@ -0,0 +1,21 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020, Arm Limited. All rights reserved.
+# Copyright (c) 2021 STMicroelectronics. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+# preload.cmake is used to set things that related to the platform that are both
+# immutable and global, which is to say they should apply to any kind of project
+# that uses this platform. In practise this is normally compiler definitions and
+# variables related to hardware.
+
+# Set architecture and CPU
+set(TFM_SYSTEM_PROCESSOR cortex-m33)
+set(TFM_SYSTEM_ARCHITECTURE armv8-m.main)
+set(CRYPTO_HW_ACCELERATOR_TYPE stm)
+add_compile_definitions(
+ STM32U5A5xx
+ USE_HAL_DRIVER
+)
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/board.h b/boards/st/nucleo_u5a5zj_q/tfm/include/board.h
new file mode 100644
index 0000000000000..c3c53e12e6c63
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/include/board.h
@@ -0,0 +1,44 @@
+/**
+ ******************************************************************************
+ * @file board.h
+ * @author MCD Application Team
+ * @brief board header file for catfish_beluga_b2.
+ ******************************************************************************
+ * @attention
+ *
+ * © Copyright (c) 2020 STMicroelectronics.
+ * All rights reserved.
+ *
+ * This software component is licensed by ST under BSD 3-Clause license,
+ * the "License"; You may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ * opensource.org/licenses/BSD-3-Clause
+ *
+ ******************************************************************************
+ */
+#ifndef __BOARD_H__
+#define __BOARD_H__
+
+/* config for usart */
+#define COM_INSTANCE USART1
+#define COM_CLK_ENABLE() __HAL_RCC_USART1_CLK_ENABLE()
+#define COM_CLK_DISABLE() __HAL_RCC_USART1_CLK_DISABLE()
+
+#define COM_TX_GPIO_PORT GPIOA
+#define COM_TX_GPIO_CLK_ENABLE() __HAL_RCC_GPIOA_CLK_ENABLE()
+#define COM_TX_PIN GPIO_PIN_9
+#define COM_TX_AF GPIO_AF7_USART1
+
+#define COM_RX_GPIO_PORT GPIOA
+#define COM_RX_GPIO_CLK_ENABLE() __HAL_RCC_GPIOA_CLK_ENABLE()
+#define COM_RX_PIN GPIO_PIN_10
+#define COM_RX_AF GPIO_AF7_USART1
+
+/* config for flash driver */
+#define FLASH0_SECTOR_SIZE 0x2000
+#define FLASH0_PAGE_SIZE 0x2000
+#define FLASH0_PROG_UNIT 0x10
+#define FLASH0_ERASED_VAL 0xff
+
+#endif /* __BOARD_H__ */
+/************************ (C) COPYRIGHT STMicroelectronics *****END OF FILE****/
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/boot_hal_cfg.h b/boards/st/nucleo_u5a5zj_q/tfm/include/boot_hal_cfg.h
new file mode 100644
index 0000000000000..fdc293ba84432
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/include/boot_hal_cfg.h
@@ -0,0 +1,56 @@
+/* Define to prevent recursive inclusion -------------------------------------*/
+#ifndef BOOT_HAL_CFG_H
+#define BOOT_HAL_CFG_H
+
+/* Includes ------------------------------------------------------------------*/
+#include "stm32u5xx_hal.h"
+
+/* RTC clock */
+#define RTC_CLOCK_SOURCE_LSI
+#ifdef RTC_CLOCK_SOURCE_LSI
+#define RTC_ASYNCH_PREDIV 0x7F
+#define RTC_SYNCH_PREDIV 0x00F9
+#endif
+#ifdef RTC_CLOCK_SOURCE_LSE
+#define RTC_ASYNCH_PREDIV 0x7F
+#define RTC_SYNCH_PREDIV 0x00FF
+#endif
+
+/* ICache */
+#define TFM_ICACHE_ENABLE /*!< Instruction cache enable */
+
+/* Static protections */
+#define TFM_WRP_PROTECT_ENABLE /*!< Write Protection */
+#define TFM_HDP_PROTECT_ENABLE /*!< HDP protection */
+#define TFM_SECURE_USER_SRAM2_ERASE_AT_RESET /*!< SRAM2 clear at Reset */
+
+
+#define TFM_OB_RDP_LEVEL_VALUE OB_RDP_LEVEL_0 /*!< RDP level */
+
+
+#define NO_TAMPER (0)
+#define INTERNAL_TAMPER_ONLY (1)
+#define ALL_TAMPER (2)
+#define TFM_TAMPER_ENABLE NO_TAMPER
+
+#define TFM_OB_BOOT_LOCK 0
+#define TFM_ENABLE_SET_OB
+#define TFM_ERROR_HANDLER_NON_SECURE
+
+/* Run time protections */
+#define TFM_FLASH_PRIVONLY_ENABLE
+#define TFM_BOOT_MPU_PROTECTION
+
+/* Exported types ------------------------------------------------------------*/
+typedef enum {
+ TFM_SUCCESS = 0U,
+ TFM_FAILED
+} TFM_ErrorStatus;
+
+void Error_Handler(void);
+#ifndef TFM_ERROR_HANDLER_NON_SECURE
+void Error_Handler_rdp(void);
+#else
+#define Error_Handler_rdp Error_Handler
+#endif
+#endif /* GENERATOR_RDP_PASSWORD_AVAILABLE */
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/device_cfg.h b/boards/st/nucleo_u5a5zj_q/tfm/include/device_cfg.h
new file mode 100644
index 0000000000000..9087961968689
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/include/device_cfg.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2017-2019 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __DEVICE_CFG_H__
+#define __DEVICE_CFG_H__
+
+/**
+ * \file device_cfg.h
+ * \brief Configuration file native driver re-targeting
+ *
+ * \details This file can be used to add native driver specific macro
+ * definitions to select which peripherals are available in the build.
+ *
+ * This is a default device configuration file with all peripherals enabled.
+ */
+
+
+#define DEFAULT_UART_CONTROL 0
+/* Default UART baud rate */
+#define DEFAULT_UART_BAUDRATE 115200
+
+#endif /* __DEVICE_CFG_H__ */
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/flash_layout_test.h b/boards/st/nucleo_u5a5zj_q/tfm/include/flash_layout_test.h
new file mode 100644
index 0000000000000..4ebabe5895d81
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/include/flash_layout_test.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2018 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __FLASH_LAYOUT_TEST_H__
+#define __FLASH_LAYOUT_TEST_H__
+
+
+#define FLASH_LAYOUT_FOR_TEST
+#include "flash_layout.h"
+#endif /* __FLASH_LAYOUT_TEST_H__*/
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/platform_nv_counters_ids.h b/boards/st/nucleo_u5a5zj_q/tfm/include/platform_nv_counters_ids.h
new file mode 100644
index 0000000000000..b047a50f618e7
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/include/platform_nv_counters_ids.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2023 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __PLATFORM_NV_COUNTERS_IDS_H__
+#define __PLATFORM_NV_COUNTERS_IDS_H__
+#include
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum tfm_nv_counter_t {
+ PLAT_NV_COUNTER_PS_0, /* Used by PS service */
+ PLAT_NV_COUNTER_PS_1, /* Used by PS service */
+ PLAT_NV_COUNTER_PS_2, /* Used by PS service */
+
+ PLAT_NV_COUNTER_BL2_0, /* Used by bootloader */
+ PLAT_NV_COUNTER_BL2_1, /* Used by bootloader */
+ PLAT_NV_COUNTER_BL2_2, /* Used by bootloader */
+ PLAT_NV_COUNTER_BL2_3, /* Used by bootloader */
+
+ PLAT_NV_COUNTER_BL1_0, /* Used by bootloader */
+
+ /* NS counters must be contiguous */
+ PLAT_NV_COUNTER_NS_0, /* Used by NS */
+ PLAT_NV_COUNTER_NS_1, /* Used by NS */
+ PLAT_NV_COUNTER_NS_2, /* Used by NS */
+
+ PLAT_NV_COUNTER_MAX,
+ PLAT_NV_COUNTER_BOUNDARY = UINT32_MAX /* tfm_nv_counter_t size to 4 bytes */
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __PLATFORM_NV_COUNTERS_IDS_H__ */
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/stm32hal.h b/boards/st/nucleo_u5a5zj_q/tfm/include/stm32hal.h
new file mode 100644
index 0000000000000..b64969fe9f9d7
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/include/stm32hal.h
@@ -0,0 +1,33 @@
+/**
+ ******************************************************************************
+ * @file stm32hal.h
+ * @author MCD Application Team
+ * @brief HAL Generic Include file.
+ *
+ ******************************************************************************
+ * @attention
+ *
+ * © Copyright (c) 2021 STMicroelectronics.
+ * All rights reserved.
+ *
+ * This software component is licensed by ST under BSD 3-Clause license,
+ * the "License"; You may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ * opensource.org/licenses/BSD-3-Clause
+ *
+ ******************************************************************************
+ */
+
+/* Define to prevent recursive inclusion -------------------------------------*/
+#ifndef STM32HAL_H
+#define STM32HAL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+#include "stm32u5xx_hal.h"
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* STM32HAL_H */
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/include/stm32u5xx_hal_conf.h b/boards/st/nucleo_u5a5zj_q/tfm/include/stm32u5xx_hal_conf.h
new file mode 100644
index 0000000000000..70c19234251a7
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/include/stm32u5xx_hal_conf.h
@@ -0,0 +1,456 @@
+/* Define to prevent recursive inclusion -------------------------------------*/
+#ifndef STM32U5xx_HAL_CONF_H
+#define STM32U5xx_HAL_CONF_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Exported types ------------------------------------------------------------*/
+/* Exported constants --------------------------------------------------------*/
+
+/* ########################## Module Selection ############################## */
+/**
+ * @brief This is the list of modules to be used in the HAL driver
+ */
+#define HAL_MODULE_ENABLED
+/* #define HAL_ADC_MODULE_ENABLED */
+/* #define HAL_COMP_MODULE_ENABLED */
+/* #define HAL_CORDIC_MODULE_ENABLED */
+#define HAL_CORTEX_MODULE_ENABLED
+/* #define HAL_CRC_MODULE_ENABLED */
+#define HAL_CRYP_MODULE_ENABLED
+/* #define HAL_DAC_MODULE_ENABLED */
+/* #define HAL_DCACHE_MODULE_ENABLED */
+/* #define HAL_DCMI_MODULE_ENABLED */
+#define HAL_DMA_MODULE_ENABLED
+/* #define HAL_DMA2D_MODULE_ENABLED */
+/* #define HAL_EXTI_MODULE_ENABLED */
+/* #define HAL_FDCAN_MODULE_ENABLED */
+#define HAL_FLASH_MODULE_ENABLED
+/* #define HAL_FMAC_MODULE_ENABLED */
+#define HAL_GPIO_MODULE_ENABLED
+#define HAL_GTZC_MODULE_ENABLED
+#define HAL_HASH_MODULE_ENABLED
+/* #define HAL_HCD_MODULE_ENABLED */
+/* #define HAL_I2C_MODULE_ENABLED */
+#define HAL_ICACHE_MODULE_ENABLED
+/* #define HAL_IRDA_MODULE_ENABLED */
+/* #define HAL_IWDG_MODULE_ENABLED */
+/* #define HAL_LPTIM_MODULE_ENABLED */
+/* #define HAL_MDF_MODULE_ENABLED */
+/* #define HAL_MMC_MODULE_ENABLED */
+/* #define HAL_NAND_MODULE_ENABLED */
+/* #define HAL_NOR_MODULE_ENABLED */
+/* #define HAL_OPAMP_MODULE_ENABLED */
+/* #define HAL_OSPI_MODULE_ENABLED */
+/* #define HAL_OTFDEC_MODULE_ENABLED */
+/* #define HAL_PCD_MODULE_ENABLED */
+#define HAL_PKA_MODULE_ENABLED
+/* #define HAL_PSSI_MODULE_ENABLED */
+#define HAL_PWR_MODULE_ENABLED
+/* #define HAL_RAMCFG_MODULE_ENABLED */
+#define HAL_RCC_MODULE_ENABLED
+#define HAL_RNG_MODULE_ENABLED
+#define HAL_RTC_MODULE_ENABLED
+/* #define HAL_SAI_MODULE_ENABLED */
+/* #define HAL_SD_MODULE_ENABLED */
+/* #define HAL_SMARTCARD_MODULE_ENABLED */
+/* #define HAL_SMBUS_MODULE_ENABLED */
+/* #define HAL_SPI_MODULE_ENABLED */
+/* #define HAL_SRAM_MODULE_ENABLED */
+/* #define HAL_TIM_MODULE_ENABLED */
+/* #define HAL_TSC_MODULE_ENABLED */
+#define HAL_UART_MODULE_ENABLED
+/* #define HAL_USART_MODULE_ENABLED */
+/* #define HAL_WWDG_MODULE_ENABLED */
+
+/* ########################## Oscillator Values adaptation ####################*/
+/**
+ * @brief Adjust the value of External High Speed oscillator (HSE) used in your application.
+ * This value is used by the RCC HAL module to compute the system frequency
+ * (when HSE is used as system clock source, directly or through the PLL).
+ */
+#if !defined(HSE_VALUE)
+#define HSE_VALUE 16000000UL /*!< Value of the External oscillator in Hz */
+#endif /* HSE_VALUE */
+
+#if !defined(HSE_STARTUP_TIMEOUT)
+#define HSE_STARTUP_TIMEOUT 100UL /*!< Time out for HSE start up, in ms */
+#endif /* HSE_STARTUP_TIMEOUT */
+
+/**
+ * @brief Internal Multiple Speed oscillator (MSI) default value.
+ * This value is the default MSI range value after Reset.
+ */
+#if !defined(MSI_VALUE)
+#define MSI_VALUE 4000000UL /*!< Value of the Internal oscillator in Hz*/
+#endif /* MSI_VALUE */
+
+/**
+ * @brief Internal High Speed oscillator (HSI) value.
+ * This value is used by the RCC HAL module to compute the system frequency
+ * (when HSI is used as system clock source, directly or through the PLL).
+ */
+#if !defined(HSI_VALUE)
+#define HSI_VALUE 16000000UL /*!< Value of the Internal oscillator in Hz*/
+#endif /* HSI_VALUE */
+
+/**
+ * @brief Internal High Speed oscillator (HSI48) value for USB FS, SDMMC and RNG.
+ * This internal oscillator is mainly dedicated to provide a high precision clock to
+ * the USB peripheral by means of a special Clock Recovery System (CRS) circuitry.
+ * When the CRS is not used, the HSI48 RC oscillator runs on it default frequency
+ * which is subject to manufacturing process variations.
+ */
+#if !defined(HSI48_VALUE)
+#define HSI48_VALUE 48000000UL /*!< Value of the Internal High Speed oscillator for
+ * USB FS/SDMMC/RNG in Hz. The real value my vary
+ * depending on manufacturing process variations.
+ */
+#endif /* HSI48_VALUE */
+
+/**
+ * @brief Internal Low Speed oscillator (LSI) value.
+ */
+#if !defined(LSI_VALUE)
+#define LSI_VALUE 32000UL /*!< LSI Typical Value in Hz*/
+#endif /* LSI_VALUE */ /*!< Value of the Internal Low Speed oscillator in Hz.
+ * The real value may vary depending on the variations
+ * in voltage and temperature.
+ */
+
+#if !defined(LSI_STARTUP_TIMEOUT)
+#define LSI_STARTUP_TIMEOUT 130UL /*!< Time out for LSI start up, in ms */
+#endif /* LSI_STARTUP_TIMEOUT */
+
+/**
+ * @brief External Low Speed oscillator (LSE) value.
+ * This value is used by the UART, RTC HAL module to compute the system frequency
+ */
+#if !defined(LSE_VALUE)
+#define LSE_VALUE 32768UL /*!< Value of the External oscillator in Hz*/
+#endif /* LSE_VALUE */
+
+#if !defined(LSE_STARTUP_TIMEOUT)
+#define LSE_STARTUP_TIMEOUT 5000UL /*!< Time out for LSE start up, in ms */
+#endif /* LSE_STARTUP_TIMEOUT */
+
+/**
+ * @brief External clock source for SAI1 peripheral
+ * This value is used by the RCC HAL module to compute the SAI1 & SAI2 clock source
+ * frequency.
+ */
+#if !defined(EXTERNAL_SAI1_CLOCK_VALUE)
+#define EXTERNAL_SAI1_CLOCK_VALUE 48000UL /*!< Value of the SAI1 External clock source in Hz*/
+#endif /* EXTERNAL_SAI1_CLOCK_VALUE */
+
+/* ########################### System Configuration ######################### */
+/**
+ * @brief This is the HAL system configuration section
+ */
+#define VDD_VALUE 3300UL /*!< Value of VDD in mv */
+#define TICK_INT_PRIORITY ((1UL<<__NVIC_PRIO_BITS) - 1UL) /*!< tick interrupt priority
+ * (lowest by default)
+ */
+#define USE_RTOS 0U
+#define PREFETCH_ENABLE 1U /*!< Enable prefetch */
+
+/* ########################## Assert Selection ############################## */
+/**
+ * @brief Uncomment the line below to expanse the "assert_param" macro in the
+ * HAL drivers code
+ */
+/* #define USE_FULL_ASSERT 1U */
+
+/* ################## Register callback feature configuration ############### */
+/**
+ * @brief Set below the peripheral configuration to "1U" to add the support
+ * of HAL callback registration/unregistration feature for the HAL
+ * driver(s). This allows user application to provide specific callback
+ * functions thanks to HAL_PPP_RegisterCallback() rather than overwriting
+ * the default weak callback functions (see each stm32u5xx_hal_ppp.h file
+ * for possible callback identifiers defined in HAL_PPP_CallbackIDTypeDef
+ * for each PPP peripheral).
+ */
+#define USE_HAL_ADC_REGISTER_CALLBACKS 0U /* ADC register callback disabled */
+#define USE_HAL_COMP_REGISTER_CALLBACKS 0U /* COMP register callback disabled */
+#define USE_HAL_CORDIC_REGISTER_CALLBACKS 0U /* CORDIC register callback disabled */
+#define USE_HAL_CRYP_REGISTER_CALLBACKS 0U /* CRYP register callback disabled */
+#define USE_HAL_DAC_REGISTER_CALLBACKS 0U /* DAC register callback disabled */
+#define USE_HAL_DCMI_REGISTER_CALLBACKS 0U /* DCMI register callback disabled */
+#define USE_HAL_DMA2D_REGISTER_CALLBACKS 0U /* DMA2D register callback disabled */
+#define USE_HAL_ETH_REGISTER_CALLBACKS 0U /* ETH register callback disabled */
+#define USE_HAL_FDCAN_REGISTER_CALLBACKS 0U /* FDCAN register callback disabled */
+#define USE_HAL_FMAC_REGISTER_CALLBACKS 0U /* FMAC register callback disabled */
+#define USE_HAL_HASH_REGISTER_CALLBACKS 0U /* HASH register callback disabled */
+#define USE_HAL_HCD_REGISTER_CALLBACKS 0U /* HCD register callback disabled */
+#define USE_HAL_I2C_REGISTER_CALLBACKS 0U /* I2C register callback disabled */
+#define USE_HAL_IWDG_REGISTER_CALLBACKS 0U /* IWDG register callback disabled */
+#define USE_HAL_IRDA_REGISTER_CALLBACKS 0U /* IRDA register callback disabled */
+#define USE_HAL_LPTIM_REGISTER_CALLBACKS 0U /* LPTIM register callback disabled */
+#define USE_HAL_LTDC_REGISTER_CALLBACKS 0U /* LTDC register callback disabled */
+#define USE_HAL_MDF_REGISTER_CALLBACKS 0U /* MDF register callback disabled */
+#define USE_HAL_MMC_REGISTER_CALLBACKS 0U /* MMC register callback disabled */
+#define USE_HAL_NAND_REGISTER_CALLBACKS 0U /* NAND register callback disabled */
+#define USE_HAL_NOR_REGISTER_CALLBACKS 0U /* NOR register callback disabled */
+#define USE_HAL_OPAMP_REGISTER_CALLBACKS 0U /* MDIO register callback disabled */
+#define USE_HAL_OTFDEC_REGISTER_CALLBACKS 0U /* OTFDEC register callback disabled */
+#define USE_HAL_PCD_REGISTER_CALLBACKS 0U /* PCD register callback disabled */
+#define USE_HAL_PKA_REGISTER_CALLBACKS 0U /* PKA register callback disabled */
+#define USE_HAL_RAMCFG_REGISTER_CALLBACKS 0U /* RAMCFG register callback disabled */
+#define USE_HAL_RNG_REGISTER_CALLBACKS 0U /* RNG register callback disabled */
+#define USE_HAL_RTC_REGISTER_CALLBACKS 0U /* RTC register callback disabled */
+#define USE_HAL_SAI_REGISTER_CALLBACKS 0U /* SAI register callback disabled */
+#define USE_HAL_SD_REGISTER_CALLBACKS 0U /* SD register callback disabled */
+#define USE_HAL_SDRAM_REGISTER_CALLBACKS 0U /* SDRAM register callback disabled */
+#define USE_HAL_SMARTCARD_REGISTER_CALLBACKS 0U /* SMARTCARD register callback disabled */
+#define USE_HAL_SMBUS_REGISTER_CALLBACKS 0U /* SMBUS register callback disabled */
+#define USE_HAL_SPI_REGISTER_CALLBACKS 0U /* SPI register callback disabled */
+#define USE_HAL_SRAM_REGISTER_CALLBACKS 0U /* SRAM register callback disabled */
+#define USE_HAL_TIM_REGISTER_CALLBACKS 0U /* TIM register callback disabled */
+#define USE_HAL_TSC_REGISTER_CALLBACKS 0U /* TSC register callback disabled */
+#define USE_HAL_UART_REGISTER_CALLBACKS 0U /* UART register callback disabled */
+#define USE_HAL_USART_REGISTER_CALLBACKS 0U /* USART register callback disabled */
+#define USE_HAL_WWDG_REGISTER_CALLBACKS 0U /* WWDG register callback disabled */
+
+/* ################## SPI peripheral configuration ########################## */
+
+/* CRC FEATURE: Use to activate CRC feature inside HAL SPI Driver
+ * Activated: CRC code is present inside driver
+ * Deactivated: CRC code cleaned from driver
+ */
+#define USE_SPI_CRC 1U
+
+/* ################## SDMMC peripheral configuration ######################### */
+
+#define USE_SD_TRANSCEIVER 0U
+
+
+/* Includes ------------------------------------------------------------------*/
+/**
+ * @brief Include module's header file
+ */
+
+#ifdef HAL_RCC_MODULE_ENABLED
+#include "stm32u5xx_hal_rcc.h"
+#endif /* HAL_RCC_MODULE_ENABLED */
+
+#ifdef HAL_GPIO_MODULE_ENABLED
+#include "stm32u5xx_hal_gpio.h"
+#endif /* HAL_GPIO_MODULE_ENABLED */
+
+#ifdef HAL_ICACHE_MODULE_ENABLED
+#include "stm32u5xx_hal_icache.h"
+#endif /* HAL_ICACHE_MODULE_ENABLED */
+
+#ifdef HAL_DCACHE_MODULE_ENABLED
+#include "stm32u5xx_hal_dcache.h"
+#endif /* HAL_DCACHE_MODULE_ENABLED */
+
+#ifdef HAL_GTZC_MODULE_ENABLED
+#include "stm32u5xx_hal_gtzc.h"
+#endif /* HAL_GTZC_MODULE_ENABLED */
+
+#ifdef HAL_DMA_MODULE_ENABLED
+#include "stm32u5xx_hal_dma.h"
+#endif /* HAL_DMA_MODULE_ENABLED */
+
+#ifdef HAL_DMA2D_MODULE_ENABLED
+#include "stm32u5xx_hal_dma2d.h"
+#endif /* HAL_DMA2D_MODULE_ENABLED */
+
+#ifdef HAL_CORTEX_MODULE_ENABLED
+#include "stm32u5xx_hal_cortex.h"
+#endif /* HAL_CORTEX_MODULE_ENABLED */
+
+#ifdef HAL_PKA_MODULE_ENABLED
+#include "stm32u5xx_hal_pka.h"
+#endif /* HAL_PKA_MODULE_ENABLED */
+
+#ifdef HAL_ADC_MODULE_ENABLED
+#include "stm32u5xx_hal_adc.h"
+#endif /* HAL_ADC_MODULE_ENABLED */
+
+#ifdef HAL_COMP_MODULE_ENABLED
+#include "stm32u5xx_hal_comp.h"
+#endif /* HAL_COMP_MODULE_ENABLED */
+
+#ifdef HAL_CRC_MODULE_ENABLED
+#include "stm32u5xx_hal_crc.h"
+#endif /* HAL_CRC_MODULE_ENABLED */
+
+#ifdef HAL_CRYP_MODULE_ENABLED
+#include "stm32u5xx_hal_cryp.h"
+#endif /* HAL_CRYP_MODULE_ENABLED */
+
+#ifdef HAL_DAC_MODULE_ENABLED
+#include "stm32u5xx_hal_dac.h"
+#endif /* HAL_DAC_MODULE_ENABLED */
+
+#ifdef HAL_FLASH_MODULE_ENABLED
+#include "stm32u5xx_hal_flash.h"
+#endif /* HAL_FLASH_MODULE_ENABLED */
+
+#ifdef HAL_HASH_MODULE_ENABLED
+#include "stm32u5xx_hal_hash.h"
+#endif /* HAL_HASH_MODULE_ENABLED */
+
+#ifdef HAL_SRAM_MODULE_ENABLED
+#include "stm32u5xx_hal_sram.h"
+#endif /* HAL_SRAM_MODULE_ENABLED */
+
+#ifdef HAL_MMC_MODULE_ENABLED
+#include "stm32u5xx_hal_mmc.h"
+#endif /* HAL_MMC_MODULE_ENABLED */
+
+#ifdef HAL_NOR_MODULE_ENABLED
+#include "stm32u5xx_hal_nor.h"
+#endif /* HAL_NOR_MODULE_ENABLED */
+
+#ifdef HAL_NAND_MODULE_ENABLED
+#include "stm32u5xx_hal_nand.h"
+#endif /* HAL_NAND_MODULE_ENABLED */
+
+#ifdef HAL_I2C_MODULE_ENABLED
+#include "stm32u5xx_hal_i2c.h"
+#endif /* HAL_I2C_MODULE_ENABLED */
+
+#ifdef HAL_IWDG_MODULE_ENABLED
+#include "stm32u5xx_hal_iwdg.h"
+#endif /* HAL_IWDG_MODULE_ENABLED */
+
+#ifdef HAL_LPTIM_MODULE_ENABLED
+#include "stm32u5xx_hal_lptim.h"
+#endif /* HAL_LPTIM_MODULE_ENABLED */
+
+#ifdef HAL_OPAMP_MODULE_ENABLED
+#include "stm32u5xx_hal_opamp.h"
+#endif /* HAL_OPAMP_MODULE_ENABLED */
+
+#ifdef HAL_PWR_MODULE_ENABLED
+#include "stm32u5xx_hal_pwr.h"
+#endif /* HAL_PWR_MODULE_ENABLED */
+
+#ifdef HAL_OSPI_MODULE_ENABLED
+#include "stm32u5xx_hal_ospi.h"
+#endif /* HAL_OSPI_MODULE_ENABLED */
+
+#ifdef HAL_RNG_MODULE_ENABLED
+#include "stm32u5xx_hal_rng.h"
+#endif /* HAL_RNG_MODULE_ENABLED */
+
+#ifdef HAL_RTC_MODULE_ENABLED
+#include "stm32u5xx_hal_rtc.h"
+#endif /* HAL_RTC_MODULE_ENABLED */
+
+#ifdef HAL_SAI_MODULE_ENABLED
+#include "stm32u5xx_hal_sai.h"
+#endif /* HAL_SAI_MODULE_ENABLED */
+
+#ifdef HAL_SD_MODULE_ENABLED
+#include "stm32u5xx_hal_sd.h"
+#endif /* HAL_SD_MODULE_ENABLED */
+
+#ifdef HAL_SMBUS_MODULE_ENABLED
+#include "stm32u5xx_hal_smbus.h"
+#endif /* HAL_SMBUS_MODULE_ENABLED */
+
+#ifdef HAL_SPI_MODULE_ENABLED
+#include "stm32u5xx_hal_spi.h"
+#endif /* HAL_SPI_MODULE_ENABLED */
+
+#ifdef HAL_TIM_MODULE_ENABLED
+#include "stm32u5xx_hal_tim.h"
+#endif /* HAL_TIM_MODULE_ENABLED */
+
+#ifdef HAL_TSC_MODULE_ENABLED
+#include "stm32u5xx_hal_tsc.h"
+#endif /* HAL_TSC_MODULE_ENABLED */
+
+#ifdef HAL_UART_MODULE_ENABLED
+#include "stm32u5xx_hal_uart.h"
+#endif /* HAL_UART_MODULE_ENABLED */
+
+#ifdef HAL_USART_MODULE_ENABLED
+#include "stm32u5xx_hal_usart.h"
+#endif /* HAL_USART_MODULE_ENABLED */
+
+#ifdef HAL_IRDA_MODULE_ENABLED
+#include "stm32u5xx_hal_irda.h"
+#endif /* HAL_IRDA_MODULE_ENABLED */
+
+#ifdef HAL_SMARTCARD_MODULE_ENABLED
+#include "stm32u5xx_hal_smartcard.h"
+#endif /* HAL_SMARTCARD_MODULE_ENABLED */
+
+#ifdef HAL_WWDG_MODULE_ENABLED
+#include "stm32u5xx_hal_wwdg.h"
+#endif /* HAL_WWDG_MODULE_ENABLED */
+
+#ifdef HAL_PCD_MODULE_ENABLED
+#include "stm32u5xx_hal_pcd.h"
+#endif /* HAL_PCD_MODULE_ENABLED */
+
+#ifdef HAL_HCD_MODULE_ENABLED
+#include "stm32u5xx_hal_hcd.h"
+#endif /* HAL_HCD_MODULE_ENABLED */
+
+#ifdef HAL_CORDIC_MODULE_ENABLED
+#include "stm32u5xx_hal_cordic.h"
+#endif /* HAL_CORDIC_MODULE_ENABLED */
+
+#ifdef HAL_DCMI_MODULE_ENABLED
+#include "stm32u5xx_hal_dcmi.h"
+#endif /* HAL_DCMI_MODULE_ENABLED */
+
+#ifdef HAL_EXTI_MODULE_ENABLED
+#include "stm32u5xx_hal_exti.h"
+#endif /* HAL_EXTI_MODULE_ENABLED */
+
+#ifdef HAL_FDCAN_MODULE_ENABLED
+#include "stm32u5xx_hal_fdcan.h"
+#endif /* HAL_FDCAN_MODULE_ENABLED */
+
+#ifdef HAL_FMAC_MODULE_ENABLED
+#include "stm32u5xx_hal_fmac.h"
+#endif /* HAL_FMAC_MODULE_ENABLED */
+
+#ifdef HAL_OTFDEC_MODULE_ENABLED
+#include "stm32u5xx_hal_otfdec.h"
+#endif /* HAL_OTFDEC_MODULE_ENABLED */
+
+#ifdef HAL_PSSI_MODULE_ENABLED
+#include "stm32u5xx_hal_pssi.h"
+#endif /* HAL_PSSI_MODULE_ENABLED */
+
+#ifdef HAL_RAMCFG_MODULE_ENABLED
+#include "stm32u5xx_hal_ramcfg.h"
+#endif /* HAL_RAMCFG_MODULE_ENABLED */
+
+#ifdef HAL_MDF_MODULE_ENABLED
+#include "stm32u5xx_hal_mdf.h"
+#endif /* HAL_MDF_MODULE_ENABLED */
+
+/* Exported macro ------------------------------------------------------------*/
+#ifdef USE_FULL_ASSERT
+/**
+ * @brief The assert_param macro is used for function's parameters check.
+ * @param expr: If expr is false, it calls assert_failed function
+ * which reports the name of the source file and the source
+ * line number of the call that failed.
+ * If expr is true, it returns no value.
+ * @retval None
+ */
+#define assert_param(expr) ((expr) ? (void)0U : assert_failed((uint8_t *)__FILE__, __LINE__))
+/* Exported functions ------------------------------------------------------- */
+void assert_failed(uint8_t *file, uint32_t line);
+#else
+#define assert_param(expr) ((void)0U)
+#endif /* USE_FULL_ASSERT */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* STM32U5xx_HAL_CONF_H */
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/keys/otp_provision.c b/boards/st/nucleo_u5a5zj_q/tfm/keys/otp_provision.c
new file mode 100644
index 0000000000000..78b4847a5f9f9
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/keys/otp_provision.c
@@ -0,0 +1,165 @@
+/**
+ ******************************************************************************
+ *
+ * @file otp_provision.c
+ * @author MCD Application Team
+ * @brief File provisionning otp value
+ *
+ ******************************************************************************
+ * @attention
+ *
+ * © Copyright (c) 2020-2021 STMicroelectronics.
+ * All rights reserved.
+ * © Copyright (c) 2022 Cypress Semiconductor Corporation
+ * (an Infineon company) or an affiliate of Cypress Semiconductor Corporation.
+ * All rights reserved.
+ * © Copyright (c) 2025 Leica Geosystem AG.
+ * All rights reserved.
+ * This software component is licensed by ST under BSD 3-Clause license,
+ * the "License"; You may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ * opensource.org/licenses/BSD-3-Clause
+ *
+ ******************************************************************************
+ */
+#include "template/flash_otp_nv_counters_backend.h"
+#include "tfm_plat_otp.h"
+#include "tfm_attest_hal.h"
+#include "psa/crypto.h"
+
+/* This file is generated by create_provisioning_data.py */
+
+#define INT2LE(A) (uint8_t)(A & 0xFF), \
+ (uint8_t)((A >> 8) & 0xFF), \
+ (uint8_t)((A >> 16) & 0xFF), \
+ (uint8_t)((A >> 24) & 0xFF)
+
+#define INT64NULL 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \
+ 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \
+ 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \
+ 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \
+ 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \
+ 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \
+ 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, \
+ 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0
+
+#if defined(__ICCARM__)
+ __root
+#endif
+
+#if defined(__ICCARM__)
+ #pragma default_function_attributes = @ ".BL2_OTP_Const"
+#else
+ __attribute__((section(".BL2_OTP_Const")))
+#endif /* __ICCARM__ */
+
+const struct flash_otp_nv_counters_region_t otp_stm_provision = {
+ .init_value = OTP_NV_COUNTERS_INITIALIZED,
+
+ /* HUK */
+ .huk = {
+ 0xc4, 0xc2, 0xc0, 0xc9, 0xdd, 0x04, 0xc1, 0x53,
+ 0xb2, 0x52, 0x15, 0x53, 0x2d, 0x78, 0xa0, 0xf5,
+ 0xec, 0x43, 0x4f, 0xa4, 0xa3, 0x56, 0x47, 0x93,
+ 0x6d, 0x38, 0x87, 0x2d, 0x28, 0xbb, 0x1d, 0xa5
+ },
+
+ /* IAK */
+ .iak = {
+ 0x01, 0x10, 0x6d, 0x97, 0x21, 0x67, 0x87, 0xd7,
+ 0x7c, 0xf0, 0x38, 0x5e, 0xeb, 0x08, 0x20, 0x21,
+ 0x59, 0x7d, 0xab, 0x32, 0xde, 0x2a, 0x56, 0x0b,
+ 0xe8, 0xcf, 0x35, 0x94, 0x37, 0x74, 0xbf, 0x98
+ },
+
+ /* IAK len */
+ .iak_len = {INT2LE(32)},
+
+#ifdef SYMMETRIC_INITIAL_ATTESTATION
+ /* IAK type */
+ .iak_type = {INT2LE(PSA_ALG_HMAC(PSA_ALG_SHA_256))},
+#else
+ /* IAK type */
+ .iak_type = {INT2LE(PSA_ECC_FAMILY_SECP_R1)},
+#endif /* SYMMETRIC_INITIAL_ATTESTATION */
+
+ /* IAK id [32] */
+ .iak_id = {'Z', 'e', 'p', 'h', 'y', 'r', ' ', 't', 'r', 'u', 's', 't', 'e', 'd', '-',
+ 'f', 'i', 'r', 'm', 'w', 'a', 'r', 'e', '-', 'm', '\0'},
+
+ /* boot seed */
+ .boot_seed = {
+ 0x5c, 0xff, 0x23, 0xde, 0x30, 0xc4, 0x1c, 0x2a,
+ 0x0a, 0xc5, 0x27, 0xb3, 0xbc, 0xcf, 0x62, 0xf0,
+ 0x5d, 0x51, 0xbc, 0x18, 0xdd, 0x37, 0x39, 0x3f,
+ 0x4c, 0x86, 0x6d, 0x40, 0xfb, 0x8e, 0x7e, 0x2d
+ },
+
+ .lcs = {INT2LE(PLAT_OTP_LCS_SECURED)},
+
+ /* implementation id */
+ .implementation_id = {
+ 0xdd, 0x8d, 0x94, 0x26, 0xd5, 0xb8, 0xba, 0x40,
+ 0x3d, 0x6d, 0x3d, 0x27, 0x32, 0xed, 0x54, 0x2a,
+ 0xf7, 0x91, 0x1c, 0x67, 0x96, 0x1a, 0x90, 0x96,
+ 0xf1, 0xfd, 0xa7, 0x94, 0x56, 0xb7, 0x40, 0xbe
+ },
+
+ /* certification reference */
+ .cert_ref = {
+ 'z', 'e', 'p', 'h', 'y', 'r', 'R', 'T', 'O', 'S', ' ',
+ 'T', 'F', '-', 'M', '2', '2', '0'
+ },
+
+ /* verification_service_url */
+ .verification_service_url = "www.trustedfirmware.org",
+
+ /* attestation_profile_definition */
+ .profile_definition = "PSA_IOT_PROFILE_1",
+
+ .bl2_rotpk_0 = {
+ 0xce, 0x37, 0x7c, 0x05, 0xee, 0x7b, 0x7c, 0x35,
+ 0xbf, 0x24, 0xdb, 0x3d, 0xd2, 0x91, 0x46, 0x56,
+ 0x8a, 0x85, 0xe8, 0x83, 0x79, 0xb4, 0x97, 0x8c,
+ 0xd2, 0xf3, 0xe5, 0x92, 0x7a, 0x79, 0xdf, 0x38
+ },
+
+ .bl2_rotpk_1 = {
+ 0xd3, 0x74, 0x82, 0x85, 0xbd, 0x72, 0x82, 0x0a,
+ 0x32, 0xe4, 0x28, 0x9c, 0x69, 0xbe, 0xe3, 0x7f,
+ 0x2f, 0x9b, 0xbe, 0xb9, 0xc7, 0x8e, 0x0b, 0x99,
+ 0x13, 0x96, 0x8e, 0x17, 0xc9, 0x52, 0xe1, 0xb9
+ },
+
+ .bl2_nv_counter_0 = { INT64NULL },
+ .bl2_nv_counter_1 = { INT64NULL },
+ .bl2_nv_counter_2 = { INT64NULL },
+
+#if (MCUBOOT_IMAGE_NUMBER > 2)
+ .bl2_rotpk_2 = {
+
+ },
+#else
+ .bl2_rotpk_2 = {
+ 0xd3, 0x74, 0x82, 0x85, 0xbd, 0x72, 0x82, 0x0a,
+ 0x32, 0xe4, 0x28, 0x9c, 0x69, 0xbe, 0xe3, 0x7f,
+ 0x2f, 0x9b, 0xbe, 0xb9, 0xc7, 0x8e, 0x0b, 0x99,
+ 0x13, 0x96, 0x8e, 0x17, 0xc9, 0x52, 0xe1, 0xb9
+ },
+#endif /* MCUBOOT_IMAGE_NUMBER > 2 */
+ /* Entropy seed */
+ .entropy_seed = {
+ 0x60, 0xc6, 0x08, 0x59, 0x60, 0x5e, 0xe2, 0x8a,
+ 0xa4, 0x87, 0x23, 0xf7, 0xec, 0xca, 0xb0, 0xc2,
+ 0xf7, 0x22, 0x25, 0x3a, 0x75, 0x84, 0xdb, 0x82,
+ 0x01, 0x9d, 0x73, 0x28, 0xca, 0x94, 0x8a, 0xd9,
+ 0x0c, 0x13, 0x42, 0xd9, 0x31, 0x0f, 0x90, 0x34,
+ 0x95, 0x2c, 0x27, 0x78, 0xe7, 0xcd, 0x05, 0x53,
+ 0xfb, 0xa2, 0x2d, 0x41, 0xb9, 0x52, 0xab, 0x8d,
+ 0xac, 0x0b, 0x55, 0xb1, 0x87, 0x66, 0x1f, 0xa6
+ },
+#ifdef PLATFORM_DEFAULT_NV_COUNTERS
+ .flash_nv_counters = { 0x0, 0x0, 0x0 },
+#endif
+ .swap_count = 1
+};
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-private-bl2.pem b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-private-bl2.pem
new file mode 100644
index 0000000000000..ff867812482dc
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-private-bl2.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC/QsWhlJEdIPRG
+a/7KaYnyqjc6SrB4d5o8G/CkDtaDwvygGVTp9U970eevb3i5mcvIT3dDCL9Zy71L
+4avZ8ceLzvtTxnNmQwFwLQiEBpQs4RyjZ4ZCJnxT3KpEcNUvWNMeZwADkF7sVkPP
+ZOmpmDhvCAM/yEIlLV98ObTHC7Wbg55RCU1NdFV4AwbwuESGfIecS/9Mwt0zeK/g
+QLyv8aTNQhMcRzHj2NMMVdY8IcE+Zuur2DJlwk2eVAoNgbp2PyxxXcw9yi5eC+ft
+qUvwlRbEw7wSmVLnUZsuOU9Mj/fHIas4VKDfZ8qDsdTpkwU5WZcWAVl0DDJwe7pd
+YXqB1yP9AgMBAAECggEAIfztbnCelhDSYAZWhaVaJpWxkUoPEKVecwKbEahyXgFj
+T9cYlCfsC0qqs64pQ8BNKqhWfwLZsE0os0ij96vD5HgwiPtp6/kJ0yOpkP6zS8No
+SbB+txgsPWHoHxf3Bn4wLEWtBrUb7T9KNxuNe34pvy9rFmVRvdYRkxuVIM8Xo44i
+SX96lcNzEyAd0/rWZe9/ECGvY6yBtEJ4PvHH5reZxg/uN2YBYdYqrIDS/Ui4tFMt
++jtiMoaqhUrzhkcD6vlqdxZFrJzih9uwDexeLDZVZFgyMVCj5eiLb4eIp+aCJULK
++nAkrF6WkE3FW4DUiGk5VA0cwtgp90HseSlBDD0oiQKBgQDesLB9vy8pvkkziiXp
+C11XTt+7Jry0dys8kIeHdF2OzZUlh+MVosn6RPe0iXDlfRKoNCJ4n7gY/ii27Bjc
+an/LtFb4IeCD2yZA3evmXNdg1OT1H3n9cM17p0jg+wy+5udld/AyrCmNb/Xt398r
+SguznggLLupCP0owW43S8O2xaQKBgQDb3pTI9L2qPMNqiWGItP7X25ZQ5prPfbOP
+HqN6MCz0i4nGFqXDLaRUn5IQC2zBSeVr67KHaS7Jdk0Jf8Cq36PkPdk3kOmdCtuW
+SYwDfTtnMithmVweVpWAuK2Xt1fMC8HrYZhdSQa/ieMit3decDrlnHxzUKWdtX78
+Nvj9oOu3dQKBgQCoFr5hbDnxTEx8tr4+1fEywbpmzaqKnZjpMj7ao58q90qo9ZUW
+87V5Ty2Z/FRXJL08cX3DhuuzEcUxraxmU4z6+bjbutZ5MKYDOH+jdlisIoZf785o
+2wh/WZnNGDJatnfbQ1jvJryGoggD8YPGbTG/9n0j09nG/3bEYZb/rhP8YQKBgQDP
+ikzbW9nkZbL4T3GXf3HHA+nht6uODFN/1yXs4qistUJ5j0ss71pc3rsbFg20bjJ3
+Kma81xZo6JhTTRnqsWucuJzfjJRXvrYEKKxXZtC52muElySTJpu8g5aozVG8s6R6
+sQcHlzUde+TBEnlE1Z9iudHnb8rFEVsqbCGgF1QpOQKBgQCtFMX/INDgcC/yNnTs
+Rtti0kfvyneTWBS/p/HpzXQVDtPpx0FVf5dKipoe9NzXvIFYSGABzViEDzZ/B0qe
+ykjD9t3+jF4Dmj6g20ExLZCYsS5KOa2tNMJ/BVq6FXuYnzR8gHooOW5+KzrUmdYz
+B7cOKI7HboLQn6sCF/+4dWSDKQ==
+-----END PRIVATE KEY-----
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-public-bl2.pem b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-public-bl2.pem
new file mode 100644
index 0000000000000..72c3ab0b25403
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-2048-public-bl2.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0LFoZSRHSD0Rmv+ymmJ
+8qo3OkqweHeaPBvwpA7Wg8L8oBlU6fVPe9Hnr294uZnLyE93Qwi/Wcu9S+Gr2fHH
+i877U8ZzZkMBcC0IhAaULOEco2eGQiZ8U9yqRHDVL1jTHmcAA5Be7FZDz2TpqZg4
+bwgDP8hCJS1ffDm0xwu1m4OeUQlNTXRVeAMG8LhEhnyHnEv/TMLdM3iv4EC8r/Gk
+zUITHEcx49jTDFXWPCHBPmbrq9gyZcJNnlQKDYG6dj8scV3MPcouXgvn7alL8JUW
+xMO8EplS51GbLjlPTI/3xyGrOFSg32fKg7HU6ZMFOVmXFgFZdAwycHu6XWF6gdcj
+/QIDAQAB
+-----END PUBLIC KEY-----
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-ns.pem b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-ns.pem
new file mode 100644
index 0000000000000..69a2eb06b885e
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-ns.pem
@@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCb9tq6QgnQcFvA
+i7uEfFdi1zoZs4sbKMwJ8yGHezaRIF5qWdWiv1xv2xh+fMDey/7yB/D4GCAJ9Qv4
+kS/4PcT8791t5unqYRPeAMlpmH7nAotelNQH1wLV/KH6CTLigyJ6MJkAMZ6c1dbR
+So+oYlaGFm7HciHF38mYFoDAvkmQaBhIiRrfzDaghDL7Zltgnv+kwyKVUG/63UQw
+cIlfaBpI8QFAaTm5lA1y36ngX+gwNYCyzcmyPVVsvY1L4GnC9De91J2Wx1JRus9F
+WOAKZcSxUAZJeKVYxdnjDYSaj0Of2o1isgGx3awI7wgYHKRjQlIWlrvhVSX7mQdM
+ct3C5omHV6uOvVTwL43i22pClSUyQ0ZzLnjZ7EQzUbjFaoJFznNc26/o0E1oviZc
+uaUrljsYVDGkL1SxajGpU5otedG40VSz4d350oQis9AftPk1qkHDoHlVwGep2cMo
+zKsdIw6ph4NN4woxWxRc1D/gHEpNBxiEDWQvwSGnm6f6V34c8GcCAwEAAQKCAYAC
+9eCZAH/nMPrM4NoiXana+nLj4gCV92RIHBFa3P/gKVkhc6sWd8NtbB8+52dR01V3
+iqcMTojtJ3WetkLO131Rv8vYNjXieQ1DfYhVNMvT3rx+gxyzOWWYYj9A28PXgN26
+rAl7c3WrTHPTbTLk41j5GpvntUbm1qSg+mxfPD1xPEiZt+CGtv2idl/xXbQGVX5M
+xld1th0qCeEtejVhVjyJfemkK1spJqJKt+wlkix6HcnfmwBlHbztX3u7IPtg8/nD
+SCi49TLYTH7kr4Xlpeo2+opV+s5dTAOST39EwSASdIW3PET3morX2Q7yw8IM5C+Q
+Ek+SOvsebG945XfCUfy8QDg9y1chAEl93JMuXXakv4wQy/btMQiBg0J3t3E9R1pG
+qxA+1d8KkAtnJE0gmTCL1tMrlj1tRWsBc8XdZp3uSGShjs7ncDn0GMKLdkMXfdbj
+qU6lgik5vNR8ngioT2FGSlpJA1okztq6wAdQch5mL9S5Z0vP9fqQAm9vm6a232EC
+gcEA2O9jGQ1u5AD76T1elm1du8J16J7S4b2Kh0km+qnz4IMU+hkE+eiIj/hCEJR4
+SFIFW45dXBDPSJleusJIJuFMIuwuBE0ucCzj9zjPF6L4TlwDyJeSVrHPDPJEPi7n
+Pt2b6ANGKccB53gt+yKpqDWleyk121c80CF1zEwLPu4qVytKGqoP4tpPBgxr0hRi
+8bQyqIK6R7grQMyMdlNskjzZPnM0UfvwZwbgB8iONN3iyjm6SiQz96mUpXFjEMfm
+6COFAoHBALgMvSRuMvdT68+srAQPeofrIfgTXzPeJouzk+abDs4JPF5Pr15VxFF5
+FEPjX9SCuiggUGpmoiPcsiw/rYZCWOs4Wo3RF5zw3VY4NH3znTTxyz0aqVyMbGT7
+COf4u84FgxRC0rgD+EcEiWxaA48/bD6ii1b1hKL2XJxAfwznKUERRkl82sw9442w
+ud2DQEwARSADwPHg/Dm1gHugfkQZvbe1hxa60vdllfT+GUnRKbYzqbO7qjLI1Qle
+PegaOau5+wKBwQCUzY/yLU61Qx+I27m4AYjcNAVg7SDGC5esOLduFYndpMyMyQCq
+06Bo8OeQK+dd5DUcmkjb0AP/ToS2InIPiVcKVWszNCX4eDJe8C7NjdI5HdDSlXWh
+1hGqVbwN02p3qtc4jJZiLcnWlo8jxqENas757kitDef+9BSzcC3+mqucY2tPYvvG
+peyyv25uCeHc3bgp8pIIhAHXTvfCanL81JRHzApFekVqxkKB1EYHaXQZNwPbu32S
+ElaOLXrAlf6DmWkCgcAvazDMEwxUhq2puu4yuZ4zKJR+6tbLcT/zHFhNwMNmuCBy
+mAsxvd0vtIdRGmLVSL0Xm4O8dibuIG1TUzCs96kbKVDDWwy/ZZtRHHgBv2NQgb+A
+Rb8+1fsTZU4dHguc//SOoszRlkxAV93kKajjHk8QMCbAR89dgSXJKCDTvTb2ybGX
+O3DP0F4xYkfw12EYc7VbkzwB1ZqGb8njkC0X9J3ZmA5u/8Fc9jJVhaYUS6x4ggUG
+BqLKJM4mdL50b1VOdkMCgcEAxItw981Wvpxpif/EEc3jWfELtLihIBLzevin5DdM
+zTMhJtK1PAUIrjon6ePqm2u3BEakswvXYypcQjNYv9fcNoQ8snShrgR/I4vw9HAe
+/H0dzblIlwLjsWEM7YPZANXN351815TNJhVG2mviIyAxQWlSgdi16iwK/F+V3FDL
+D/kYPSRynSzF3cOanVfOEKoHs4EE+JNReoHtLo09fkDAne8UWfA2yyI+Y5ohPZG4
+idQxE+pTMgQKXXUXoeNaXC7G
+-----END PRIVATE KEY-----
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-s.pem b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-s.pem
new file mode 100644
index 0000000000000..88e9131b60392
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/keys/rsa-3072-private-s.pem
@@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDQaUrLMGIZ1nKT
+Dd9PXmOGgPaSicPii2dKsvd+yl9iyYmJpzZSmH7hBcx4V0OjDcPRmn/I2v262FbY
+otP+ao9OQbyJXh39wLasTfhcTURI52pSnJsjsoiFBCwOMzmMU/PYUac14wSWuFav
+H7JD1AfQZ4BfHJdP6xR6wmeQgLiDiOPb3hneb4/i7sQiPULaf5LTJswGyiScRz7E
+ZrJrinSlV6Nkky/VftBCBAf1h7kJnBhmE43uPlzoVQUfT5Sy5cdA63SQ3ZzNKLd+
+Pw5JawUZNy+17lDZWiWzJLcEw+MeWxvyDq7a8g7h8v6bRRBqsiVf08fScjAH7/Go
+ef8ytecA15DObRY+dndY5DrrWI8TKddmmNmSOxeXv1RgYdV9Er6duX2AXNxgBcDg
+/XsPIdfphthQx2+0YwQ+WHv+4JYl9ycIeGE8UdO0/dF1kTGxGU6E5XYWl5zpspyP
+VzxwQ9XpMe6Kusq0+gwpK65xW/vujqU4xc2C8L/H3tOswrj02c8CAwEAAQKCAYAR
+A2dtqud3QIBd7NX7/rKVOlXmpIRvK/4kpPN7UD31LIqjyBixKW3CJN0KPeVxnCAO
+LlScKvRnml2Mlc5EiKJmOwuPEzXTjzXaXwsVTeFzKiEN2Wb4xQxL/4kxJ5FdGUVg
+tVm3Fm87dpTs+uNskhSJOMnL+eOITKKBWvllXHyzkCs5uanW9LiESAWO3f1lJODx
+h8tECqBueYpwMgoCqWzYSo02GqXfAdkyam3T5159oFaFjrcZadHfzYD7i12SNRun
+GLhNfrkmDqvmnDuglpVWsXGbCI0pLMtj6MBBHll9TS0aLmMC43p3oXnuxVZRXpLe
++FPHEoBBdnCqfrEMGT6M+2HSG1NuVWQc++3EVnDtSyma7xb34UFX0xsw/xZERkhz
+cb1Ye9WhhTzWfN5ADJ4UU6rM4B5+3wifukahRNsJsK+PaS5nbDwxGHA8+QKnoWsS
+ROl0kLZO0s8s9TnuwzQ6cml9acKbZ3O8Q8Sa94OclabKOKEW0AEwsPHPOwHwqIEC
+gcEA/hrZelyN91CfKv+/QB4Q1naijZLwSk6lz+WXwyvOmDATZRcsnEFmxBKM9tKO
+V1ROHrFCcUgT2htxOB+ULlhmb3+RTBVxZpIk6f80vHkIZJPYSgxufliGg2P+thzW
+kYJldqQBjWG+sgGV404/S80T7BcXETA/JII+Wr6/38UBF90yTedJBwf23hMKEaJW
+vojEDYKq9C74f+BQtR2ksfOKPJERmqUiwH2Pw0xeYkzRrMKQt1doYB+zTB+0cwc/
+WcWhAoHBANH3M7h6Cn3O0GR3kcvZu9TyHDUsYPRk8/ByUHPnYxx7f6IkJOAdNl70
+wN70m/oPEUViUVjTPuuSXcAaUgBU9Cnk7Vm11fRGleJnVTglbEf9gH6b1K9jatfa
+L3m8Xr9S36Ai8LGPiufHMHWEIfm+UUuKZsj5HzFZF95LPjNrw9OkLxoKc8PaMrcd
+PsHygn07VV4GpYyIeAfFL3C+SY5opuTesFl8uZqeybzjYuByeZafm+2yYC+vEyYu
++O/P5iWJbwKBwF6HJng6jiV+vHeGhGMZzDG8GGSKURGTiGN6iaZ1WXmMCOsGX/YQ
+7mXqcL4xPfqGxjjswEbcBWaR5uB1/u3uvMylrCudnn4Fx+20nq2uaMzhowiI72HZ
+FNE0FcExoTCoTY6BHIK35fTaWiQhK7LLK6ocPNyMEjFGsmOXqlFYPDvgcaJBdA1F
+jTS36Hr+5T4kKqrL/USxZIhNrjhyOp5odvhpDx90ZyUskJqaglIXObkG+Eb8ITwB
+DvY2pS5Vd9+xgQKBwClAdDzuXVlSZMcYZuCyKqEv4DLiQTpDC1pWW1AqSeKysOTe
+TRBrLN+DHtGvJWX/x9jl9C2Lc3U9EIZJpYrDJiWFAMz7WMnhhFkzDB832wpZ2AEI
+BMVgtwEpsOIuDD9yvNTtiHSaSyQ2kmLETxiON9Kron4h0+sSIgpeph3cMmFGhKqN
+GymDmSs457ebOd/45FDQ5X2y4kJEj4mLGVCNZxzYU7WBN8YVJHWkBy0p0JGzUiNl
+RFiaAR0jZW1YX1NIqQKBwQDPZZ9G6QQgFK5G4iMwURy3VMaRfP8nrMezZWGcVaDI
+BiEZ5hcRMhMvgpn0VSPQThNTMquk3lWhawe1o2p6XXmXLoyHuD7ShuvEOYovD8/j
+Y7Cz1srLS2H+gZFg3qthsVCId4DyEyvOqcKn/wNF1B4SPCfZEw/Xy7PCu6XbXGTO
+bPM8/T268D91ihzcbWNya7r4NYflyEscA7F8kx4D4l1x0cjifroTtTg7/1A/65j8
+GDCn7EhGET6DpG1SiqqMnlM=
+-----END PRIVATE KEY-----
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/ns/CMakeLists.txt b/boards/st/nucleo_u5a5zj_q/tfm/ns/CMakeLists.txt
new file mode 100644
index 0000000000000..010127b3f006d
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/ns/CMakeLists.txt
@@ -0,0 +1,47 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023-2024, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+# This file is exported to NS side during CMake installation phase and renamed
+# to CMakeLists.txt. It instructs how to build a platform on non-secture side.
+# The structure and sources list are fully platform specific.
+
+add_library(platform_ns)
+
+target_sources(platform_ns
+ PUBLIC
+ ${CMAKE_CURRENT_LIST_DIR}/Device/Source/startup_stm32u5xx_ns.c
+ PRIVATE
+ hal/Src/stm32u5xx_hal.c
+ Device/Source/system_stm32u5xx.c
+ CMSIS_Driver/low_level_com.c
+ hal/Src/stm32u5xx_hal_dma.c
+ hal/Src/stm32u5xx_hal_dma_ex.c
+ hal/Src/stm32u5xx_hal_pwr.c
+ hal/Src/stm32u5xx_hal_pwr_ex.c
+ hal/Src/stm32u5xx_hal_rcc.c
+ hal/Src/stm32u5xx_hal_gpio.c
+ hal/Src/stm32u5xx_hal_uart.c
+ hal/Src/stm32u5xx_hal_uart_ex.c
+ hal/Src/stm32u5xx_hal_cortex.c
+ hal/Src/stm32u5xx_hal_rcc_ex.c
+)
+
+target_include_directories(platform_ns
+ PUBLIC
+ include
+ ext/cmsis/Include
+ ext/cmsis/Include/m-profile
+ ext/common
+ Device/Include
+ hal/Inc
+)
+
+# Include region_defs.h and flash_layout.h
+target_include_directories(platform_region_defs
+ INTERFACE
+ partition
+)
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/partition/flash_layout.h b/boards/st/nucleo_u5a5zj_q/tfm/partition/flash_layout.h
new file mode 100644
index 0000000000000..d8d3da50e5836
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/partition/flash_layout.h
@@ -0,0 +1,304 @@
+/*
+ * Copyright (c) 2018-2022 Arm Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __FLASH_LAYOUT_H__
+#define __FLASH_LAYOUT_H__
+/* new field for OSPI */
+
+/* This header file is included from linker scatter file as well, where only a
+ * limited C constructs are allowed. Therefore it is not possible to include
+ * here the platform_retarget.h to access flash related defines. To resolve this
+ * some of the values are redefined here with different names, these are marked
+ * with comment.
+ */
+/* Flash layout for catfish_beluga_b2_ns with BL2 (multiple image boot):
+ *
+ * Boot partition (384 KB):
+ * 0x0000_0000 SCRATCH (64KB)
+ * 0x0001_0000 BL2 - anti roll back counters (16 KB)
+ * 0x0001_4000 BL2 - MCUBoot protected (136 KB)
+ * 0x0003_6000 BL2 - MCUBoot unprotected (4 KB)
+ * 0x0003_7000 OTP Write Protect (4KB)
+ * 0x0003_8000 NV counters area (16 KB)
+ * 0x0003_c000 Secure Storage Area (64 KB)
+ * 0x0004_c000 Internal Trusted Storage Area (64 KB)
+ * >0x0005_c000 Empty space reserved for bootloader area grow (16k)
+ * 0x0006_0000 Secure image primary slot (512 KB) Internal flash
+ * 0x000e_0000 Non-secure image primary slot (1280 KB) Internal flash
+ * 0x0022_0000 Secure image secondary slot (512 KB) Internal flash
+ * 0x002a_0000 Non-secure image secondary slot (1280 KB) Internal flash
+ * >0x003e_0000 User Reserved flash (storage) (128 KB) Internal flash
+ *
+ * Bl2 binary is written at 0x1_2000:
+ * it contains bl2_counter init value, OTP write protect, NV counters area init.
+ */
+
+/* Flash layout info for BL2 bootloader */
+#define FLASH_AREA_IMAGE_SECTOR_SIZE (0x2000) /* 8 KB */
+#define FLASH_B_SIZE (0x200000) /* 2 MBytes*/
+#define FLASH_TOTAL_SIZE (FLASH_B_SIZE+FLASH_B_SIZE) /* 4 MBytes */
+#define FLASH_BASE_ADDRESS (0x0c000000) /* FLASH0_BASE_S */
+
+/* Flash device ID */
+
+/* Offset and size definitions of the flash partitions that are handled by the
+ * bootloader. The image swapping is done between IMAGE_0 and IMAGE_1, SCRATCH
+ * is used as a temporary storage during image swapping.
+ */
+
+/* scratch area */
+#define FLASH_AREA_SCRATCH_OFFSET (0x0)
+#define FLASH_AREA_SCRATCH_SIZE (0x10000) /* 64 KB */
+
+/* Try to disable overwrite only mode */
+#undef MCUBOOT_OVERWRITE_ONLY
+
+/* control scratch area */
+#if (FLASH_AREA_SCRATCH_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0
+#error "FLASH_AREA_SCRATCH_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE"
+#endif /* (FLASH_AREA_SCRATCH_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0*/
+
+/* area for bl2 anti roll back counter */
+#define FLASH_BL2_NVCNT_AREA_OFFSET (FLASH_AREA_SCRATCH_SIZE) /* @64 KB 0x10000 */
+#define FLASH_BL2_NVCNT_AREA_SIZE (FLASH_AREA_IMAGE_SECTOR_SIZE + \
+ FLASH_AREA_IMAGE_SECTOR_SIZE) /* 16 KB */
+/* Area for downloading bl2 image */
+#define FLASH_AREA_BL2_BIN_OFFSET (FLASH_BL2_NVCNT_AREA_OFFSET + \
+ FLASH_AREA_IMAGE_SECTOR_SIZE) /* @72 KB 0x12000 */
+/* personal Area Not used */
+#define FLASH_AREA_PERSO_OFFSET (FLASH_BL2_NVCNT_AREA_OFFSET + \
+ FLASH_BL2_NVCNT_AREA_SIZE) /* @80 KB 0x14000 */
+#define FLASH_AREA_PERSO_SIZE (0x0)
+/* control personal area */
+#if (FLASH_AREA_PERSO_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0
+#error "FLASH_AREA_PERSO_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE"
+#endif /* FLASH_AREA_PERSO_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */
+
+/* area for BL2 code protected by hdp */
+#define FLASH_AREA_BL2_OFFSET (FLASH_AREA_PERSO_OFFSET + \
+ FLASH_AREA_PERSO_SIZE) /* @80 KB 0x14000 */
+#define FLASH_AREA_BL2_SIZE (0x22000) /* 136 KB */
+/* HDP area end at this address */
+#define FLASH_BL2_HDP_END (FLASH_AREA_BL2_OFFSET + \
+ FLASH_AREA_BL2_SIZE - 1) /* @216 KB - 1 */
+/* area for BL2 code not protected by hdp */
+#define FLASH_AREA_BL2_NOHDP_OFFSET (FLASH_AREA_BL2_OFFSET + \
+ FLASH_AREA_BL2_SIZE) /* @216 KB 0x36000 */
+#define FLASH_AREA_BL2_NOHDP_CODE_SIZE (0x1000) /* 4 KB */
+#define FLASH_AREA_OTP_OFFSET (FLASH_AREA_BL2_NOHDP_OFFSET + \
+ FLASH_AREA_BL2_NOHDP_CODE_SIZE) /* @220 KB 0x37000 */
+#define FLASH_AREA_OTP_SIZE (0x1000) /* 4 KB */
+#define FLASH_AREA_BL2_NOHDP_SIZE (FLASH_AREA_OTP_SIZE + \
+ FLASH_AREA_BL2_NOHDP_CODE_SIZE) /* 8 KB */
+/* control area for BL2 code protected by hdp */
+#if (FLASH_AREA_BL2_NOHDP_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0
+#error "HDP area must be aligned on FLASH_AREA_IMAGE_SECTOR_SIZE"
+#endif /* (FLASH_AREA_BL2_NOHDP_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */
+
+/* Non Volatile Counters definitions */
+#define FLASH_NV_COUNTERS_AREA_SIZE (FLASH_AREA_IMAGE_SECTOR_SIZE + \
+ FLASH_AREA_IMAGE_SECTOR_SIZE) /* 16 KB */
+#define FLASH_NV_COUNTERS_AREA_OFFSET (FLASH_AREA_BL2_NOHDP_OFFSET + \
+ FLASH_AREA_BL2_NOHDP_SIZE) /* @224 kB 0x38000 */
+/* Control Non Volatile Counters definitions */
+#if (FLASH_NV_COUNTER_AREA_SIZE % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0
+#error "FLASH_NV_COUNTER_AREA_SIZE not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE"
+#endif /* (FLASH_NV_COUNTER_AREA_SIZE % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */
+
+/* Secure Storage (PS) Service definitions */
+#define FLASH_PS_AREA_SIZE (8 * FLASH_AREA_IMAGE_SECTOR_SIZE) /* 64 KB */
+#define FLASH_PS_AREA_OFFSET (FLASH_NV_COUNTERS_AREA_OFFSET + \
+ FLASH_NV_COUNTERS_AREA_SIZE) /* @240 KB 0x3c000 */
+
+/* Control Secure Storage (PS) Service definitions*/
+#if (FLASH_PS_AREA_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0
+#error "FLASH_PS_AREA_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE"
+#endif /* (FLASH_PS_AREA_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */
+
+/* Internal Trusted Storage (ITS) Service definitions */
+#define FLASH_ITS_AREA_OFFSET (FLASH_PS_AREA_OFFSET + \
+ FLASH_PS_AREA_SIZE) /* @304 KB 0x4c000 */
+#define FLASH_ITS_AREA_SIZE (8 * FLASH_AREA_IMAGE_SECTOR_SIZE) /* 64 KB */
+
+/*Control Internal Trusted Storage (ITS) Service definitions */
+#if (FLASH_ITS_AREA_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0
+#error "FLASH_ITS_AREA_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE"
+#endif /* (FLASH_ITS_AREA_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */
+
+#define FLASH_S_PARTITION_SIZE (0x80000) /* 512 KB for S partition - 512 KB*/
+#define FLASH_NS_PARTITION_SIZE (0x140000) /* 1280 KB for NS partition \
+ * It must be a multiple of image sector size \
+ */
+#define FLASH_PARTITION_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE) /* 1792 KB */
+
+#if (FLASH_S_PARTITION_SIZE > FLASH_NS_PARTITION_SIZE)
+#define FLASH_MAX_PARTITION_SIZE FLASH_S_PARTITION_SIZE
+#else
+#define FLASH_MAX_PARTITION_SIZE FLASH_NS_PARTITION_SIZE
+#endif
+/* Secure image primary slot */
+#define FLASH_AREA_0_ID (1)
+#define FLASH_AREA_0_DEVICE_ID (FLASH_DEVICE_ID - FLASH_DEVICE_ID)
+/*
+ * The original code is:
+ * #define FLASH_AREA_0_OFFSET (FLASH_ITS_AREA_OFFSET+FLASH_ITS_AREA_SIZE)
+ *
+ * Use fixed position offset to start S firmware to keep unsused area betwwen
+ * bootloader and S firmware. This allows bootloader to be increased and have
+ * application code compatible between different bootloader regions.
+ *
+ * The S firmware offset is now: 4MiB - Storage (128k) - NS (1280k) x 2 - S (512k) x 2 =>
+ * 0x400000 - 0x20000 - 0x140000 x 2 - 0x80000 x 2 => 0x60000
+ */
+#define FLASH_AREA_0_OFFSET (0x60000) /* @384 KB 0x60000 */
+/* Control Secure image primary slot */
+#if (FLASH_AREA_0_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0
+#error "FLASH_AREA_0_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE"
+#endif /* (FLASH_AREA_0_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */
+
+#define FLASH_AREA_0_SIZE (FLASH_S_PARTITION_SIZE)
+/* Non-secure image primary slot */
+#define FLASH_AREA_1_ID (FLASH_AREA_0_ID + 1)
+#define FLASH_AREA_1_DEVICE_ID (FLASH_AREA_0_DEVICE_ID)
+#define FLASH_AREA_1_OFFSET (FLASH_AREA_0_OFFSET + FLASH_AREA_0_SIZE)
+/* Control Non-secure image primary slot */
+#if (FLASH_AREA_1_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0
+#error "FLASH_AREA_1_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE"
+#endif /* (FLASH_AREA_1_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */
+
+#define FLASH_AREA_1_SIZE (FLASH_NS_PARTITION_SIZE)
+/* Secure image secondary slot */
+#define FLASH_AREA_2_ID (FLASH_AREA_1_ID + 1)
+#define FLASH_AREA_2_DEVICE_ID (FLASH_AREA_1_DEVICE_ID)
+#if defined(EXTERNAL_FLASH)
+#define FLASH_AREA_2_OFFSET (0x000000000)
+#else
+#define FLASH_AREA_2_OFFSET (FLASH_AREA_1_OFFSET + FLASH_AREA_1_SIZE)
+#endif /* EXTERNAL FLASH */
+/* Control Secure image secondary slot */
+#if (FLASH_AREA_2_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0
+#error "FLASH_AREA_2_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE"
+#endif /* (FLASH_AREA_2_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */
+
+#define FLASH_AREA_2_SIZE (FLASH_S_PARTITION_SIZE)
+/* Non-secure image secondary slot */
+#define FLASH_AREA_3_ID (FLASH_AREA_2_ID + 1)
+#define FLASH_AREA_3_DEVICE_ID (FLASH_AREA_2_DEVICE_ID)
+#if defined(EXTERNAL_FLASH)
+/* Add 0x8000 to fix tools issue on external flash */ /* TODO: What tools issue? */
+#define FLASH_AREA_3_OFFSET (FLASH_AREA_2_OFFSET + FLASH_AREA_2_SIZE /*+ 0x8000*/)
+#else
+#define FLASH_AREA_3_OFFSET (FLASH_AREA_2_OFFSET + FLASH_AREA_2_SIZE)
+#endif /* EXTERNAL FLASH */
+#if (FLASH_AREA_3_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0
+#error "FLASH_AREA_3_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE"
+#endif /* (FLASH_AREA_3_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */
+/*Control Non-secure image secondary slot */
+#define FLASH_AREA_3_SIZE (FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_END_OFFSET (FLASH_AREA_3_OFFSET + FLASH_AREA_3_SIZE)
+#define FLASH_AREA_SCRATCH_ID (FLASH_AREA_3_ID + 1)
+#define FLASH_AREA_SCRATCH_DEVICE_ID (FLASH_AREA_3_DEVICE_ID)
+
+/*
+ * The maximum number of status entries supported by the bootloader.
+ */
+#define MCUBOOT_STATUS_MAX_ENTRIES ((FLASH_MAX_PARTITION_SIZE) / \
+ FLASH_AREA_SCRATCH_SIZE)
+/* Maximum number of image sectors supported by the bootloader. */
+#define MCUBOOT_MAX_IMG_SECTORS ((FLASH_MAX_PARTITION_SIZE) / \
+ FLASH_AREA_IMAGE_SECTOR_SIZE)
+
+#define SECURE_IMAGE_OFFSET (0x0)
+#define SECURE_IMAGE_MAX_SIZE FLASH_S_PARTITION_SIZE
+
+#define NON_SECURE_IMAGE_OFFSET (SECURE_IMAGE_OFFSET + SECURE_IMAGE_MAX_SIZE)
+#define NON_SECURE_IMAGE_MAX_SIZE FLASH_NS_PARTITION_SIZE
+
+/* Flash device name used by BL2 and NV Counter
+ * Name is defined in flash driver file: low_level_flash.c
+ */
+#define TFM_NV_COUNTERS_FLASH_DEV TFM_Driver_FLASH0
+#define FLASH_DEV_NAME TFM_Driver_FLASH0
+#define TFM_HAL_FLASH_PROGRAM_UNIT (0x10)
+/* Protected Storage (PS) Service definitions
+ * Note: Further documentation of these definitions can be found in the
+ * TF-M PS Integration Guide.
+ */
+#define TFM_HAL_PS_FLASH_DRIVER TFM_Driver_FLASH0
+
+/* In this target the CMSIS driver requires only the offset from the base
+ * address instead of the full memory address.
+ */
+#define PS_SECTOR_SIZE FLASH_AREA_IMAGE_SECTOR_SIZE
+/* The sectors must be in consecutive memory location */
+#define PS_NBR_OF_SECTORS (FLASH_PS_AREA_SIZE / PS_SECTOR_SIZE)
+/* The maximum asset size to be stored in the ITS area */
+#define ITS_SECTOR_SIZE FLASH_AREA_IMAGE_SECTOR_SIZE
+/* The sectors must be in consecutive memory location */
+#define ITS_NBR_OF_SECTORS (FLASH_ITS_AREA_SIZE / ITS_SECTOR_SIZE)
+
+/* Base address of dedicated flash area for PS */
+#define TFM_HAL_PS_FLASH_AREA_ADDR FLASH_PS_AREA_OFFSET
+/* Size of dedicated flash area for PS */
+#define TFM_HAL_PS_FLASH_AREA_SIZE FLASH_PS_AREA_SIZE
+#define PS_RAM_FS_SIZE TFM_HAL_PS_FLASH_AREA_SIZE
+/* Number of physical erase sectors per logical FS block */
+#define TFM_HAL_PS_SECTORS_PER_BLOCK (1)
+/* Smallest flash programmable unit in bytes */
+#define TFM_HAL_PS_PROGRAM_UNIT (0x10)
+
+/* Internal Trusted Storage (ITS) Service definitions
+ * Note: Further documentation of these definitions can be found in the
+ * TF-M ITS Integration Guide.
+ */
+#define TFM_HAL_ITS_FLASH_DRIVER TFM_Driver_FLASH0
+
+/* In this target the CMSIS driver requires only the offset from the base
+ * address instead of the full memory address.
+ */
+/* Base address of dedicated flash area for ITS */
+#define TFM_HAL_ITS_FLASH_AREA_ADDR FLASH_ITS_AREA_OFFSET
+/* Size of dedicated flash area for ITS */
+#define TFM_HAL_ITS_FLASH_AREA_SIZE FLASH_ITS_AREA_SIZE
+#define ITS_RAM_FS_SIZE TFM_HAL_ITS_FLASH_AREA_SIZE
+/* Number of physical erase sectors per logical FS block */
+#define TFM_HAL_ITS_SECTORS_PER_BLOCK (1)
+/* Smallest flash programmable unit in bytes */
+#define TFM_HAL_ITS_PROGRAM_UNIT (0x10)
+/* OTP area definition */
+#define TFM_OTP_NV_COUNTERS_AREA_ADDR FLASH_AREA_OTP_OFFSET
+#define TFM_OTP_NV_COUNTERS_AREA_SIZE FLASH_AREA_OTP_SIZE
+/* NV Counters definitions */
+#define TFM_NV_COUNTERS_AREA_ADDR FLASH_NV_COUNTERS_AREA_OFFSET
+#define TFM_NV_COUNTERS_AREA_SIZE (0x20)/* 32 Bytes */
+#define TFM_NV_COUNTERS_SECTOR_ADDR FLASH_NV_COUNTERS_AREA_OFFSET
+#define TFM_NV_COUNTERS_SECTOR_SIZE FLASH_AREA_IMAGE_SECTOR_SIZE
+
+/* BL2 NV Counters definitions */
+#define BL2_NV_COUNTERS_AREA_ADDR FLASH_BL2_NVCNT_AREA_OFFSET
+#define BL2_NV_COUNTERS_AREA_SIZE FLASH_BL2_NVCNT_AREA_SIZE
+
+/* FIXME: not valid today */
+#define BL2_S_RAM_ALIAS_BASE (0x30000000)
+#define BL2_NS_RAM_ALIAS_BASE (0x20000000)
+
+/* This area in SRAM 2 is updated BL2 and can be lock to avoid any changes */
+#define BOOT_TFM_SHARED_DATA_SIZE (0x400)
+#define BOOT_TFM_SHARED_DATA_BASE (_SRAM3_BASE_S - BOOT_TFM_SHARED_DATA_SIZE)
+#define SHARED_BOOT_MEASUREMENT_BASE BOOT_TFM_SHARED_DATA_BASE
+#define SHARED_BOOT_MEASUREMENT_SIZE BOOT_TFM_SHARED_DATA_SIZE
+#endif /* __FLASH_LAYOUT_H__ */
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/partition/region_defs.h b/boards/st/nucleo_u5a5zj_q/tfm/partition/region_defs.h
new file mode 100644
index 0000000000000..daeea0f41ceda
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/partition/region_defs.h
@@ -0,0 +1,301 @@
+/*
+ * Copyright (c) 2017-2022 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __REGION_DEFS_H__
+#define __REGION_DEFS_H__
+#include "flash_layout.h"
+
+#define BL2_HEAP_SIZE 0x0001000
+#define BL2_MSP_STACK_SIZE 0x0002000
+
+#define LOADER_NS_MSP_STACK_SIZE 0x0000400
+#define LOADER_NS_HEAP_SIZE 0x0000200
+#define LOADER_NS_PSP_STACK_SIZE 0x0000400
+
+#define LOADER_S_MSP_STACK_SIZE 0x0000400
+#define LOADER_S_HEAP_SIZE 0x0000200
+#define LOADER_S_PSP_STACK_SIZE 0x0000400
+
+#ifdef ENABLE_HEAP
+ #define S_HEAP_SIZE (0x0000200)
+#else
+ #define S_HEAP_SIZE (0x0000000)
+#endif
+
+#define S_MSP_STACK_SIZE 0x0001800
+#define S_PSP_STACK_SIZE 0x0001800
+
+#define NS_HEAP_SIZE 0x0002000
+#define NS_STACK_SIZE 0x0001800
+
+/* GTZC specific Alignment */
+#define GTZC_RAM_ALIGN 512
+#define GTZC_FLASH_ALIGN 8192
+
+/* FIX ME : include stm32u5xx.h instead */
+#define _SRAM2_TOP (0xD0000) /* 832Kbytes */
+#define _SRAM1_SIZE_MAX (0xC0000) /* SRAM1=768k */
+#define _SRAM2_SIZE_MAX (0x10000 - BOOT_TFM_SHARED_DATA_SIZE) /* SRAM2=64k -0x400 */
+#define _SRAM3_SIZE_MAX (0xD0000) /* 832Kbytes */
+#define _SRAM5_SIZE_MAX (0xD0000) /* 832Kbytes */
+#define _SRAM4_SIZE_MAX (0x04000) /* 16Kbytes */
+
+/* Flash and internal SRAMs base addresses - Non secure aliased */
+#define _FLASH_BASE_NS (0x08000000) /* FLASH (4096 KB) */
+#define _SRAM1_BASE_NS (0x20000000) /* SRAM1 (768 KB) */
+#define _SRAM2_BASE_NS (_SRAM1_BASE_NS + _SRAM1_SIZE_MAX) /* SRAM2 ( 64 KB) */
+#define _SRAM3_BASE_NS (_SRAM2_BASE_NS + _SRAM2_SIZE_MAX + \
+ BOOT_TFM_SHARED_DATA_SIZE) /* SRAM3 (768 KB) */
+#define _SRAM5_BASE_NS (_SRAM3_BASE_NS + _SRAM3_SIZE_MAX) /* SRAM5 (768 KB) */
+#define _SRAM4_BASE_NS (0x28000000) /* SRAM4 ( 16 KB) */
+
+/* Flash and internal SRAMs base addresses - Secure aliased */
+#define _FLASH_BASE_S (0x0C000000) /* FLASH(4096 KB) */
+#define _SRAM1_BASE_S (0x30000000) /* SRAM1(768 KB) */
+#define _SRAM2_BASE_S (_SRAM1_BASE_S + _SRAM1_SIZE_MAX) /* SRAM2(64 KB) */
+#define _SRAM3_BASE_S (_SRAM2_BASE_S + _SRAM2_SIZE_MAX + \
+ BOOT_TFM_SHARED_DATA_SIZE) /* SRAM3(832 KB) */
+#define _SRAM5_BASE_S (_SRAM3_BASE_S + _SRAM3_SIZE_MAX) /* SRAM5(832 KB) */
+#define _SRAM4_BASE_S (0x38000000) /* SRAM4(16 KB) */
+
+#define TOTAL_ROM_SIZE FLASH_TOTAL_SIZE
+#define TOTAL_RAM_SIZE (_SRAM1_SIZE_MAX + _SRAM2_SIZE_MAX)
+/* 768 + 64 Kbytes - BOOT info */
+/* boot info are placed and locked at top of SRAM2 */
+
+#define S_TOTAL_RAM2_SIZE (_SRAM2_SIZE_MAX) /*! size require for Secure part */
+#define S_TOTAL_RAM1_SIZE (0x50000)
+#define S_TOTAL_RAM_SIZE (S_TOTAL_RAM2_SIZE + S_TOTAL_RAM1_SIZE)
+#define NS_TOTAL_RAM_SIZE (TOTAL_RAM_SIZE - S_TOTAL_RAM_SIZE)
+
+/*
+ * Boot partition structure if MCUBoot is used:
+ * 0x0_0000 Bootloader header
+ * 0x0_0400 Image area
+ * 0x7_0000 Trailer
+ */
+/* IMAGE_CODE_SIZE is the space available for the software binary image.
+ * It is less than the FLASH_PARTITION_SIZE because we reserve space
+ * for the image header and trailer introduced by the bootloader.
+ */
+
+#ifdef BL2
+#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_0_OFFSET)
+#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_2_OFFSET)
+#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_0_OFFSET + FLASH_S_PARTITION_SIZE)
+#define NS_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_2_OFFSET + FLASH_S_PARTITION_SIZE)
+#else
+#error "Config without BL2 not supported"
+#endif /* BL2 */
+
+
+#define IMAGE_S_CODE_SIZE \
+ (FLASH_S_PARTITION_SIZE - BL2_HEADER_SIZE - BL2_TRAILER_SIZE)
+#define IMAGE_NS_CODE_SIZE \
+ (FLASH_NS_PARTITION_SIZE - BL2_HEADER_SIZE - BL2_TRAILER_SIZE)
+
+/* FIXME: veneer region size is increased temporarily while both legacy veneers
+ * and their iovec-based equivalents co-exist for secure partitions. To be
+ * adjusted as legacy veneers are eliminated
+ */
+#define CMSE_VENEER_REGION_SIZE (0x00000380)
+
+/* Use SRAM1 memory to store Code data */
+#define S_ROM_ALIAS_BASE (_FLASH_BASE_S)
+#define NS_ROM_ALIAS_BASE (_FLASH_BASE_NS)
+
+
+#define S_RAM_ALIAS_BASE (_SRAM1_BASE_S)
+#define NS_RAM_ALIAS_BASE (_SRAM1_BASE_NS)
+
+/* Alias definitions for secure and non-secure areas*/
+#define S_ROM_ALIAS(x) (S_ROM_ALIAS_BASE + (x))
+#define NS_ROM_ALIAS(x) (NS_ROM_ALIAS_BASE + (x))
+
+#define LOADER_NS_ROM_ALIAS(x) (_FLASH_BASE_NS + (x))
+#define LOADER_S_ROM_ALIAS(x) (_FLASH_BASE_S + (x))
+
+#define S_RAM_ALIAS(x) (S_RAM_ALIAS_BASE + (x))
+#define NS_RAM_ALIAS(x) (NS_RAM_ALIAS_BASE + (x))
+
+#define S_IMAGE_PRIMARY_AREA_OFFSET (S_IMAGE_PRIMARY_PARTITION_OFFSET + BL2_HEADER_SIZE)
+#define S_CODE_START (S_ROM_ALIAS(S_IMAGE_PRIMARY_AREA_OFFSET))
+#define S_CODE_SIZE (IMAGE_S_CODE_SIZE - CMSE_VENEER_REGION_SIZE)
+#define S_CODE_LIMIT ((S_CODE_START + S_CODE_SIZE) - 1)
+#define S_DATA_START (S_RAM_ALIAS(NS_TOTAL_RAM_SIZE))
+#define S_DATA_SIZE (S_TOTAL_RAM_SIZE)
+#define S_DATA_LIMIT (S_DATA_START + S_DATA_SIZE - 1)
+
+/* CMSE Veneers region */
+#define CMSE_VENEER_REGION_START (S_CODE_LIMIT + 1)
+/* Non-secure regions */
+
+/* Secure regions, the end of secure regions must be aligned on page size for dual bank 0x800 */
+
+/* Offset and size definition in flash area, used by assemble.py
+ * 0x11400+0x33c00= 13000+34000 = 45000
+ */
+
+#define NS_IMAGE_PRIMARY_AREA_OFFSET (NS_IMAGE_PRIMARY_PARTITION_OFFSET + BL2_HEADER_SIZE)
+#define NS_CODE_START (NS_ROM_ALIAS(NS_IMAGE_PRIMARY_AREA_OFFSET))
+#define NS_CODE_SIZE (IMAGE_NS_CODE_SIZE)
+#define NS_CODE_LIMIT (NS_CODE_START + NS_CODE_SIZE - 1)
+#define NS_DATA_START (NS_RAM_ALIAS(0))
+#define NS_NO_INIT_DATA_SIZE (0x100)
+#define NS_DATA_SIZE (NS_TOTAL_RAM_SIZE)
+#define NS_DATA_LIMIT (NS_DATA_START + NS_DATA_SIZE - 1)
+
+/* NS partition information is used for MPC and SAU configuration */
+#define NS_PARTITION_START (NS_CODE_START)
+#define NS_PARTITION_SIZE (NS_CODE_SIZE)
+
+/* Secondary partition for new images/ in case of firmware upgrade */
+#define SECONDARY_PARTITION_START (NS_ROM_ALIAS(S_IMAGE_SECONDARY_PARTITION_OFFSET))
+#define SECONDARY_PARTITION_SIZE (FLASH_AREA_2_SIZE)
+
+#ifdef BL2
+/* Personalized region */
+#define PERSO_START (S_ROM_ALIAS(FLASH_AREA_PERSO_OFFSET))
+#define PERSO_SIZE (FLASH_AREA_PERSO_SIZE)
+#define PERSO_LIMIT (PERSO_START + PERSO_SIZE - 1)
+
+/* Bootloader region protected by hdp */
+#define BL2_CODE_START (S_ROM_ALIAS(FLASH_AREA_BL2_OFFSET))
+#define BL2_CODE_SIZE (FLASH_AREA_BL2_SIZE)
+#define BL2_CODE_LIMIT (BL2_CODE_START + BL2_CODE_SIZE - 1)
+
+/* Bootloader region not protected by hdp */
+#define BL2_NOHDP_CODE_START (S_ROM_ALIAS(FLASH_AREA_BL2_NOHDP_OFFSET))
+#define BL2_NOHDP_CODE_SIZE (FLASH_AREA_BL2_NOHDP_SIZE)
+#define BL2_NOHDP_CODE_LIMIT (BL2_NOHDP_CODE_START + BL2_NOHDP_CODE_SIZE - 1)
+
+/* Bootloader boot address */
+#define BL2_BOOT_VTOR_ADDR (BL2_CODE_START)
+
+/* keep 256 bytes unused to place while(1) for non secure to enable */
+
+/* regression from local tool with non secure attachment
+ * This avoid blocking board in case of hardening error
+ */
+#define BL2_DATA_START (S_RAM_ALIAS(_SRAM1_SIZE_MAX))
+#define BL2_DATA_SIZE (BOOT_TFM_SHARED_DATA_BASE - BL2_DATA_START)
+#define BL2_DATA_LIMIT (BL2_DATA_START + BL2_DATA_SIZE - 1)
+
+/* Define BL2 MPU SRAM protection to remove execution capability */
+/* Area is covering the complete SRAM memory space non secure alias and secure alias */
+#define BL2_SRAM_AREA_BASE (_SRAM1_BASE_NS)
+#define BL2_SRAM_AREA_END (_SRAM4_BASE_S + _SRAM4_SIZE_MAX - 1)
+
+/* Define Area provision by BL2 */
+#define BL2_OTP_AREA_BASE S_ROM_ALIAS(TFM_OTP_NV_COUNTERS_AREA_ADDR)
+#define BL2_OTP_AREA_SIZE (TFM_OTP_NV_COUNTERS_AREA_SIZE)
+/* Define Area for Initializing NVM counter */
+/* backup sector is initialised */
+#define BL2_NVM_AREA_BASE \
+ S_ROM_ALIAS(TFM_NV_COUNTERS_AREA_ADDR + FLASH_AREA_IMAGE_SECTOR_SIZE)
+#define BL2_NVM_AREA_SIZE (FLASH_AREA_IMAGE_SECTOR_SIZE)
+/* Define Area for initializing BL2_NVCNT */
+/* backup sector is initialised */
+#define BL2_NVMCNT_AREA_BASE \
+ S_ROM_ALIAS(FLASH_BL2_NVCNT_AREA_OFFSET + FLASH_AREA_IMAGE_SECTOR_SIZE)
+#define BL2_NVMCNT_AREA_SIZE (FLASH_AREA_IMAGE_SECTOR_SIZE)
+#endif /* BL2 */
+
+
+#define LOADER_NS_CODE_SIZE (0x6000) /* 24 Kbytes */
+
+#if defined(MCUBOOT_PRIMARY_ONLY)
+
+/* Secure Loader Image */
+#define FLASH_AREA_LOADER_BANK_OFFSET \
+ (FLASH_TOTAL_SIZE - LOADER_IMAGE_S_CODE_SIZE - LOADER_NS_CODE_SIZE)
+#define FLASH_AREA_LOADER_OFFSET \
+ (FLASH_TOTAL_SIZE - LOADER_IMAGE_S_CODE_SIZE - LOADER_NS_CODE_SIZE)
+
+/* Control Secure Loader Image */
+#if (FLASH_AREA_LOADER_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0
+#error "FLASH_AREA_LOADER_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE"
+#endif /* (FLASH_AREA_LOADER_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */
+
+/* Non-Secure Loader Image */
+#define LOADER_NS_CODE_START \
+ (LOADER_NS_ROM_ALIAS(FLASH_AREA_LOADER_OFFSET + LOADER_IMAGE_S_CODE_SIZE))
+
+/* Control Non-Secure Loader Image */
+#if (LOADER_NS_CODE_START % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0
+#error "LOADER_NS_CODE_START not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE"
+#endif /* (LOADER_NS_CODE_START % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */
+
+/* define used for checking possible overlap */
+#define LOADER_CODE_SIZE (LOADER_NS_CODE_SIZE + LOADER_IMAGE_S_CODE_SIZE)
+#else
+/* Loader Image */
+#define FLASH_AREA_LOADER_BANK_OFFSET (FLASH_TOTAL_SIZE - LOADER_NS_CODE_SIZE)
+#define FLASH_AREA_LOADER_OFFSET (FLASH_TOTAL_SIZE - LOADER_NS_CODE_SIZE)
+/* Control Loader Image */
+#if (FLASH_AREA_LOADER_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0
+#error "FLASH_AREA_LOADER_OFFSET not aligned on FLASH_AREA_IMAGE_SECTOR_SIZE"
+#endif /* (FLASH_AREA_LOADER_OFFSET % FLASH_AREA_IMAGE_SECTOR_SIZE) != 0 */
+
+#define LOADER_NS_CODE_START (LOADER_NS_ROM_ALIAS(FLASH_AREA_LOADER_OFFSET))
+/* define used for checking possible overlap */
+#define LOADER_CODE_SIZE (LOADER_NS_CODE_SIZE)
+#endif /* MCUBOOT_PRIMARY_ONLY */
+
+#define LOADER_IMAGE_S_CODE_SIZE (0x4000) /* 16 Kbytes */
+#define LOADER_CMSE_VENEER_REGION_SIZE (0x100)
+#define LOADER_S_CODE_START (LOADER_S_ROM_ALIAS(FLASH_AREA_LOADER_OFFSET))
+#define LOADER_S_CODE_SIZE (LOADER_IMAGE_S_CODE_SIZE - LOADER_CMSE_VENEER_REGION_SIZE)
+#define LOADER_S_CODE_LIMIT (LOADER_S_CODE_START + LOADER_S_CODE_SIZE - 1)
+#define LOADER_S_DATA_START (S_RAM_ALIAS(_SRAM1_SIZE_MAX))
+#define LOADER_S_DATA_SIZE (_SRAM2_SIZE_MAX)
+#define LOADER_S_DATA_LIMIT (LOADER_S_DATA_START + LOADER_S_DATA_SIZE - 1)
+#define LOADER_CMSE_VENEER_REGION_START (LOADER_S_CODE_LIMIT + 1)
+#define LOADER_CMSE_VENEER_REGION_LIMIT \
+ (LOADER_S_ROM_ALIAS(FLASH_AREA_LOADER_OFFSET + LOADER_IMAGE_S_CODE_SIZE - 1))
+
+#define LOADER_NS_CODE_LIMIT (LOADER_NS_CODE_START+LOADER_NS_CODE_SIZE - 1)
+#define LOADER_NS_DATA_START (NS_RAM_ALIAS(0x0))
+#define LOADER_NS_DATA_SIZE (_SRAM1_SIZE_MAX)
+#define LOADER_NS_DATA_LIMIT (LOADER_NS_DATA_START + LOADER_NS_DATA_SIZE - 1)
+
+#ifdef MCUBOOT_PRIMARY_ONLY
+#define LOADER_MAX_CODE_SIZE (FLASH_TOTAL_SIZE - FLASH_AREA_1_OFFSET - FLASH_AREA_1_SIZE)
+#else
+#define LOADER_MAX_CODE_SIZE (FLASH_TOTAL_SIZE - FLASH_AREA_3_OFFSET - FLASH_AREA_3_SIZE)
+#endif /* MCUBOOT_PRIMARY_ONLY */
+
+#if LOADER_CODE_SIZE > LOADER_MAX_CODE_SIZE
+#error "Loader mapping overlapping slot %LOADER_CODE_SIZE %LOADER_MAX_CODE_SIZE"
+#endif /* LOADER_CODE_SIZE > LOADER_MAX_CODE_SIZE */
+
+/* TFM non volatile data (NVCNT/PS/ITS) region */
+#define TFM_NV_DATA_START (S_ROM_ALIAS(FLASH_AREA_OTP_OFFSET))
+#define TFM_NV_DATA_SIZE (FLASH_AREA_OTP_SIZE + FLASH_NV_COUNTERS_AREA_SIZE + \
+ FLASH_PS_AREA_SIZE + FLASH_ITS_AREA_SIZE)
+#define TFM_NV_DATA_LIMIT (TFM_NV_DATA_START + TFM_NV_DATA_SIZE - 1)
+/* Additional Check to detect flash download slot overlap or overflow */
+#if defined(MCUBOOT_EXT_LOADER)
+#define FLASH_AREA_END_OFFSET_MAX FLASH_AREA_LOADER_OFFSET
+#else
+#define FLASH_AREA_END_OFFSET_MAX (FLASH_TOTAL_SIZE)
+#endif /* defined(MCUBOOT_EXT_LOADER) */
+
+#if FLASH_AREA_END_OFFSET > FLASH_AREA_END_OFFSET_MAX
+#error "Flash memory overflow"
+#endif /* FLASH_AREA_END_OFFSET > FLASH_AREA_END_OFFSET_MAX */
+
+#endif /* __REGION_DEFS_H__ */
diff --git a/boards/st/nucleo_u5a5zj_q/tfm/tests/psa_arch_tests_config.cmake b/boards/st/nucleo_u5a5zj_q/tfm/tests/psa_arch_tests_config.cmake
new file mode 100644
index 0000000000000..dbcc8139d1977
--- /dev/null
+++ b/boards/st/nucleo_u5a5zj_q/tfm/tests/psa_arch_tests_config.cmake
@@ -0,0 +1,7 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023 STMicroelectronics. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+set(PSA_API_TEST_TARGET nucleo_u5a5zj_q)
diff --git a/scripts/ci/check_compliance.py b/scripts/ci/check_compliance.py
index a600004aae7a9..24eb388c68c4e 100755
--- a/scripts/ci/check_compliance.py
+++ b/scripts/ci/check_compliance.py
@@ -1330,6 +1330,7 @@ def check_no_undef_outside_kconfig(self, kconf):
"STACK_SIZE", # Used as an example in the Kconfig docs
"STD_CPP", # Referenced in CMake comment
"TEST1",
+ "TFM_USE_TRUSTZONE", # TF-M board is Out-Of-Tree
"TOOLCHAIN", # Defined in modules/hal_nxp/mcux/mcux-sdk-ng/basic.cmake.
# It is used by MCUX SDK cmake functions to add content
# based on current toolchain.