How to start with DA access on STM32H50345min
Target description
This tutorial shows how to make a provisioning and then a full regression on a STM32H503 device. Provisioning process goes through 3 steps :
- Initial Option Bytes programming
- Code image generation and flashing
- Password provisioning
The last step shows a full regression.
Prerequisites
- RM0492 STM32H503xx Reference Manual
- knowledge of STM32CubeProgrammer
- knowledge of JTAG / SWD interface
Hardware
- Nucleo MB1814 with STM32H503
Required tools
- STM32CubeProgrammer[1] Software programming tool for STM32 (v2.13.0 min)
- Including STM32TrustedPackageCreator
- STM32Cube_FW_H5_V1.0.0 [2] or upper
- IAR Embedded Workbench v9.20.1
- Tera Term or equivalent UART Terminal emulator
Literature
- RM0492 STM32H503xx Reference Manual
- UM2237 STM32CubeProgrammer software description
- UM2238 STM32 Trusted Package Creator tool software description
- AN5054 Secure programming using STM32CubeProgrammer
- AN2606 STM32 microcontroller system memory boot mode
Environment setup
Before starting, the first step is to prepare the environment to be able to go through the DA process.
- Download the STM32CubeH5 package and install it
A directory NUCLEO-H503RB is included in the Projects directory
1. STM32H503 device specific behaviors
STM32H503 devices are based on STM32H5x3 devices architecture without any Arm® TrustZone®.
In order to allow regression thanks debug authentication, the STM32H503 should be provisioned with a password.
The flash interface doesn't provide OBKeys --> OTP is used to provision password.
2. Provisioning
The provisioning could be done thank the script NUCLEO-H503RB\ROT_Provisioning\DA\provisioning.bat
This script will :
- Set the option bytes of the device
- Set a password to the board
- Set the final chosen product state according user selection
2.1. Provisioning - Step1 : Initial Option Bytes programming
- Connect the board
- Run the provided provisioning.bat script (double click)
- The script will proceed with the option byte programming
- Remove all protections
- Erase User Flash
2.2. Provisioning - Step2 : Code image generation and flashing
Once Option Bytes successful programmed, script ask to flash your application
For this example we will use GPIO_IOToggle application located in :
Projects\NUCLEO-H503RB\Examples\GPIO\GPIO_IOToggle\EWARM
Check that the STM32H5 IAR provided patch in Utilities\PC_Software\IDEs_Patches\EWARM folder is correctly installed and check that your IAR Embedded Workbench version is recent enough.
- Open the Project.eww located in the EWARM directory :Projects\NUCLEO-H503RB\Examples\GPIO\GPIO_IOToggle\EWARM
- Perform Project --> Rebuild all
- Once project correctly builded, select : Project --> Download --> Download active application to flash the code
- Reset the board (black button) and the green led must now blink
2.3. Provisioning - Step3 : Password provisioning and final product state setting
2.3.1. Password not yet provisioned
- Go back to provisioning script window and press a key to continue procedure
- The script asks if Password is already provisioned.
Before answering "No" you have the possibility to update the default password in user_password.bin file.
User_passord.bin : where you define the password (16 bytes) that will be provisioned
Board_password.bin : HASH of user password which will be provisioned in the chip
Password.bin : output file in order to open the DA access for regression
Board_password.bin and Password.bin files will be automatically updated with the new password saved in user_password.bin during provisioning script.
You can also continue script without updating the default password . Answer “No” to continue
- Follow the script and choose the product state (PROVISIONED or CLOSED )
Make a first trial setting the product in PROVISIONED state :
--> the installed code must run and the led blink
ignore next paragraph 3.2 and jump directly to step4 : Full regression
2.3.2. Password already provisioned
- Go back to provisioning script window and press a key to continue procedure.
- The script asks if password is already provisioned.
Answer "Yes" to continue
- Follow the script and choose the product state (PROVISIONED or CLOSED)
Make a first trial setting the product in PROVISIONED state :
--> the installed code must run and the led blink
Complete the tutorial till the end.
3. Full regression
- A full regression will erase the user stored contents.
- Erase the user flash content
- Set the product in open state
- If the product is in Open state, a full regression is not needed since the device is not secured and changes can be done without any authentication.
In case the regression script is executed, it will indicate some errors
- If the product is not in Open state, the only way to change the product state is to first do a full regression
3.1. Full regression using the provided script
The regression can be done using the provided script or using CubeProgrammer (see 4.2)
To perform a full regression
- Launch the regression.bat script located in ROT_Provisioning\DA
- If the regression has succeeded the following message should be displayed
Connect STM32CubeProgrammer and check that the flash content is well erased and that the option bytes and product state are at default values.
3.2. Full regression using STM32CubeProgrammer
- Disconnect the CubeProgrammer, remove/plug the USB cable
- Redo the exercise starting at step1, set the “CLOSED” state
- Select in CubeProgrammer and select “Debug Authentication”
- Click “Discover” the information window will be filled
- Enter the password.bin file
- Click Full regression and you get this successfull message box :
- Check with CubeProgrammer that the flash content is well erased and that the product state and option bytes are at default values thanks ST link SWD.