Debug Authentication for STM32H503

 

Introduction to lifecycle management on STM32H503 product lines using FlashPro/GangPro-ARM programmer.

  • FlashPro-ARM and GangPro-ARM programmers have full support for Debug authentication on STM32H503 product lines

  • All STM32H503 MCU product states are supported, including provisioning with password management and full regression.

image-20240111-102814.png

Preparing necessary files using STM32CubeMX

To perform provisioning with password management , the *.bin file with password or password HASH is needed.

Example files are provided in the STM32CubeFW_H5 provided by STM, located in /Projects/NUCLEO-H503RB/ROT_Provisioning/DA/

  • password.bin - file with password

  • Board_password.bin -HASH of user password

It is also possible to hand-type a password in the FlashPro-ARM software security configuration utility.

Supported operations by FlashPro/GangPro-ARM

1. Lifecycle and provisioning with password management

  • Open FlashPro-ARM or GangPro-ARM software

  • Select STM32H503 MCU

  • image-20240111-104723.png
  • Open Setup->Memory Protection dialog

  • Go to Lifecycle management tab

    • Check “Set product state enable” checkbox

    • Set finale product state

  • Use “DA/PROV” button (this step is optional, however without password management, full regression is not possible after moving to a higher lifecycle state). The password cannot be updated after provisioning.

    • Set source of password of hash file

      • file with password hash(Hash file option)

      • file with password(Password file option)

      • type password from keybord(User Password option

  • After type source password Press “Ok” button in STM32 Debug authentication tab

  • Press “Ok” button in Memory Protection tab

  • Check Memory Protection Enable box in the Main GUI

Afterwards use “AUTO PROG” or “Lock Device” buttons in the Main GUI to put MCU to selected state and perform password management operation.

2. Full Regression

To perform full regression, a *.bin file with a password is needed
Example of password.bin file is provided in the STM32CubeFW_H5 example. File located in/Projects//Projects/NUCLEO-H503RB/ROT_Provisioning/DA/password.bin

To perform full regression:

  • Open FlashPro-ARM or GangPro-ARM software

  • Select STM32H503 MCU

  • Open Setup->Memory Protection tab

  • Go to lifecycle management tab

  • Use “DA/PROV” button

    • set of password source

      • file with password hash(Hash file option)

      • file with password(Password file option)

    • to unlock device in this step cannot pick hash option.

  • Press “Ok” button in Memory Protection tab

  • Press “Clear Locked Device” button

 

 

After operation completes, the MCU is back to “Open” state and flash memory is erase.

3. Discover operation

Discover operation allows the user to read current MCU state and provisioning status.

To perform the discover operation:

  • Open FlashPro-ARM or GangPro-ARM software

  • Select STM32H503 MCU

  • Open Setup->Memory Protection tab

  • Go to lifecycle management tab

  • Use “Discover” button

    • In window “Debug Authentication” use “Discover” button to read information from MCU

      • Device ID- id connected MCU

      • Life Cycle - current MCU state

      • Integrity status - provisioning status(in STM32H503xx is always 0xFFFFFFFF)

Useful links

Elprotronic ST Microelectronics programmer’s page

[1] Flash and Gang Programmers for ST Microelectronics

STMicroelectronics application notes and user manuals:

[1] Debug authentication for STM32H503 product lines

[2] How to start with DA access on STM32H503