Introduction to lifecycle management on STM32H563/573 product lines using FlashPro-ARM programmer.
FlashPro-ARM programmer has full support for Debug authentication on STM32H563/573 product lines when TrustZone© is disabled.
All STM32H563/573 MCU product states are supported, including provisioning with password management and full regression.
Preparing necessary files
To perform provisioning with password management , the *.obk file needs to be generated by STM32 Trusted Package Creator tool. This file is used to configure the conditions required to preform regression of MCU. Without the password file, full regression is not possible.
Example file is provided in the STM32CubeFW_H5 example provided by ST. The Trusted Package Creator will be used to set up this file using the DA_ConfigWithPassword.xml as input located in/Projects/NUCLEO-H563ZI/ROT_Provisioning/DA/Config path.
To generate a customized configuration file, proceed as follows:
Open Trusted Package Creator and select H5
Open Obkey tab
Select the DA_ConfigWithPassword.xml file
Update the password if needed
Supported operations by FlashPro-ARM
1. Lifecycle and provisioning with password management using FlashPro-ARM
Open FlashPro-ARM
Select STM32H563/573 MCU
Open Setup->Memory Protection dialog
Go to Lifecycle management tab
Check “Set product state enable” checkbox
Set finale product state
Use “DA/PROV” button (this step is optional, however without password management, full regression is not possible after moving to a higher lifecycle state)
Check “Enable provisioning” box
Use “Browse” button to set path to *.obk file, generated by Trusted Package Creator
Press “Ok” button in STM32 Debug authentication tab
Press “Ok” button in Memory Protection tab
Check Memory Protection Enable box in the Main GUI
Afterwards use “AUTO PROG” or “Lock Device” buttons in the FlashPro-ARM programmer to put MCU to selected state and perform password management operation.
2. Full Regression
To perform full regression, a *.bin file is needed with a stored password to generate an *.obk file in STM32 the Trusted Package Creator tool (The Trusted Package Creator was needed to perform provisioning with the password management operation).
Example of password.bin file is provided in the STM32CubeFW_H5 example. File located in/Projects/NUCLEO-H563ZI/ROT_Provisioning/DA/Config path.
To perform full regression:
Open FlashPro-ARM
Select STM32H563/573 MCU
Open Setup->Memory Protection tab
Go to lifecycle management tab
Use “DA/PROV” button
Check “Enable password” box
Use “Browse” button to set path to *.bin file, with password used to generate *.obk file
Press “Ok” button in STM32 Debug authentication tab
Press “Ok” button in Memory Protection tab
Press “Clear Locked Device” button
After operation completes, the MCU is back to “Open” state.
3. Discover operation
Discover operation allows the user to read current MCU state and provisioning status.
To perform the discover operation:
Open FlashPro-ARM
Select STM32H563/573 MCU
Open Setup->Memory Protection tab
Go to lifecycle management tab
Use “Discover” button
In window “Debug Authentication” use “Discover” button to read information from MCU
Device ID- id connected MCU
Life Cycle - current MCU state
Integrity status - provisiong status(0xeaeaeaea mean well provisioned, 0xf5f5f5f5 when provisiong fail, in Open state 0xf5f5f5f5 is normal value)
Useful links
Elprotronic ST Microelectronics programmer’s page
[1] Flash and Gang Programmers for ST Microelectronics
STMicroelectronics application notes and user manuals:
[1] ST wiki -How to start with DA access on STM32H573 and H563-TrustZone disabled
[2] ST wiki -Debug Authentication STM32H5 How to Introduction
[3] UM2238 - STM32 Trusted Package Creator tool software description