Skip to end of banner
Go to start of banner

Debug Authentication for STM32H563/573

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Introduction to lifecycle management on STM32H563/573 product lines using FlashPro-ARM programmer.

  • FlashPro-ARM programmer has full support for Debug authentication on STM32H563/573 product lines when TrustZone© is disabled. TrustZone© will be added soon.

  • All STM32H563/573 MCU product states are supported, including provisioning with password management and full regression.

Preparing necessary files

To perform provisioning with password management , the *.obk file needs to be generated by STM32 Trusted Package Creator tool. This file is used to configure the conditions required to preform regression of MCU. Without the password file, full regression is not possible.

Example file is provided in the STM32CubeFW_H5 example provided by ST. The Trusted Package Creator will be used to set up this file using the DA_ConfigWithPassword.xml as input located in/Projects/NUCLEO-H563ZI/ROT_Provisioning/DA/Config path.

To generate a customized configuration file, proceed as follows:

  • Open Trusted Package Creator and select H5

  • Open Obkey tab

  • Select the DA_ConfigWithPassword.xml file

  • Update the password if needed

Supported operations by FlashPro-ARM

1. Lifecycle and provisioning with password management using FlashPro-ARM

  • Open FlashPro-ARM

  • Select STM32H563/573 mcu

  • Open Setup->Memory Protection tab

  • Go to lifecycle management tab

    • Check “Set product state enable” box

    • Set finale product state

  • Use “DA/PROV” button(this step is not necessary, but without password management operation will not perform and full regregresion can't be possible after out from provisioning state)

    • Check “Enable provisioning” box

    • Use “Browse” button to set path to *.obk file, generated by Trusted Package Creator

    • Press “Ok” button in STM32 Debug authentication tab

  • Press “Ok” button in Memory Protection tab

  • Check Memory protection Enable box

Now after use “Auto Prog” or “Lock device” button FlashPro-ARM programmer put mcu to selected state and perform password management operation.

2. Full Regression

To perform full regression operation is needeed *.bin file with stored password used to genered *.obk file in STM32 Trusted Package Creator tool, wchich was needeed to perform provisioning with password management operation.
Example of password.bin file is provided in the STM32CubeFW_H5 example. File located in/Projects/NUCLEO-H563ZI/ROT_Provisioning/DA/Config path.

  • Open FlashPro-ARM

  • Select STM32H563/573 mcu

  • Open Setup->Memory Protection tab

  • Go to lifecycle management tab

  • Use “DA/PROV” button

    • Check “Enable password” box

    • Use “Browse” button to set path to *.bin file, with password used to generate *.obk file

    • Press “Ok” button in STM32 Debug authentication tab

  • Press “Ok” button in Memory Protection tab

  • Press “Clear locked device” button

After opertion mcu back to “Open” state.

3. Discover operation

Discover operation allow to read current mcu state and provisioning status.

  • Open FlashPro-ARM

  • Select STM32H563/573 mcu

  • Open Setup->Memory Protection tab

  • Go to lifecycle management tab

  • Use “Discover” button

    • In window “Debug Authentication” use “Discover” button to read information from MCU

      • Device ID- id connected MCU

      • Life Cycle - current MCU state

      • Integrity status - provisiong status(0xeaeaeaea mean well provisioned, 0xf5f5f5f5 when provisiong fail, in Open state 0xf5f5f5f5 is normal value)

STMicroelectronics application notes and user manuals:

[1] ST wiki -How to start with DA access on STM32H573 and H563-TrustZone disabled

[2] ST wiki -Debug Authentication STM32H5 How to Introduction

[3] UM2238 - STM32 Trusted Package Creator tool software description

  • No labels