# Enable SPI bus in TrustZone

Source: [https://docs.qualcomm.com/doc/80-88500-1/topic/38_Enable_SPI_bus_in_TrustZone.html](https://docs.qualcomm.com/doc/80-88500-1/topic/38_Enable_SPI_bus_in_TrustZone.html)

## About this task

Due to TrustZone memory size, resources, and security limitations most of the QUP v3 serial engine instances are not activated by default. Therefore, most SPI instances do not get compiled into the TrustZone binary. To enable the SPI bus in the TrustZone, do the following:

## Procedure

1. Grant the SPI access to the trusted application by adding the SPI access permission. 
        
md = 
        {
        'appName': app_name, 'memoryType': 'Unprotected', 'privileges': 
        ['default', 'TLMM', 'OEMUnwrapKeys', 
        'SecureCamera', 
        'SPI', 
        ], 
        'stackSize': 0x200000, 
        'heapSize': 0xb400000,
        }Copy to clipboard

Note: If this step is not completed, the SPI access initialized by the trusted application gets rejected before this access requirement is passed into the SPI driver layer, and the following error message is displayed:

        qsee_spi_open FAILED with retval = -1 Copy to clipboard
2. Choose the SPI bus instance from the options available in the qsee\_spi.h file. The following is an example qsee\_spi.h file:
        
typedef enum 
        {
        QSEE_SPI_DEVICE_1, /* QUP0 SE 0*/ 
        QSEE_SPI_DEVICE_2, /* QUP0 SE 1*/ 
        QSEE_SPI_DEVICE_3, /* QUP0 SE 2*/ 
        ………..
        QSEE_SPI_SENSOR_DEVICE_3, /* SENSOR SPI_3 */ 
        QSEE_SPI_DEVICE_COUNT 
        /**< Used to check the bounds of this enumeration. */ } qsee_spi_device_id_t;Copy to clipboard

Note: Do not refer to the SPI bus instance in the tzbsp\_spi.h file. Though the indexes in qsee\_spi.h and tzbsp\_spi.h files look similar, these indexes are used for different purposes. Hence, incorrect references can lead to the wrong bus index.
3. To enable and get the SPI instance compiled into the TrustZone binary, add the corresponding micro definition at the beginning of the spi\_devcfg.c file. For example, for the `QSEE_SPI_DEVICE_6` SPI instance, add the following TrustZone instance: `#define TZ_USE_SPI_6`.
4. Assign the access control in the QUPAC\_Access.c file.
        
In this example, since the sixth QUP is being configured as the SPI in the TrustZone and only the generic software interface (GSI) mode is allowed within the TrustZone due to security reasons. In the \trustzone\_images\core\settings\buses\qup\_accesscontrol\qupv3\config\kona\QUPAC\_Access.c file, configure the `QUPV3_0_SE5` definition as following:

        { QUPV3_0_SE5, QUPV3_PROTOCOL_SPI, QUPV3_MODE_GSI,AC_TZ, FALSE,TRUE, TRUE },Copy to clipboard
5. Assign the general-purpose interface instance (GPII) resource to this SPI serial engine by modifying the following in the gpi\_tz\_845.c file:
        
const tgt_gpii_config_type tgt_gpii_config[] = 
        {
        {
        /* .qup_type */ 0,
        /* .gpii_id */ 8, 
        /* .protocol */ 1, /* Protocol running on this GPII, 1 means SPI */ /* .options */ 0,
        /* .ee */ 8, 
        /* .se */ 5, /* set Serial Engine index to 5, represent the 6th instace*/ 
        /* .irq */ 284 
        },Copy to clipboard

**Parent Topic:** [SPI in QUP](https://docs.qualcomm.com/doc/80-88500-1/topic/30_SPI_in_QUP_v3.html)

Last Published: Aug 18, 2023

[Previous Topic
Configure GPI as SPI](https://docs.qualcomm.com/bundle/publicresource/80-88500-1/topics/37_Configure_GPI_as_SPI.md) [Next Topic
Full-duplex SPI transfer mechanism in TrustZone](https://docs.qualcomm.com/bundle/publicresource/80-88500-1/topics/39_Full_duplex_SPI_transfer_mechanism_in_TrustZone.md)