Product state for STM32H5

1. Introduction

It is advised to start by reading the New product state article.
From the development phase until the maintenance phase a product can be configured under many product states ( also called lifecycle states).
The lifecycle controls the access to code and data.

This article lists in which product states a STM32H5 can be configured.

2. Product states

2.1. Usage and Boot

2.2. Ressources access overview

2.3. STM32H5 Interfaces

2.4. Product state : Open

Usage

User develops his application in this product state.

Boot

According to UBE Option byte and boot pin, STM32 boots on user Flash or system Flash (Bootloader or System Flash).

STM32 resources access overview

• User Flash: full access.
• Option Bytes: full access.
• OBKeys:

• full access.
• RSSLIB_DataProvisioning via debug port or BL: available.

STM32H5 interfaces

• Debug port fully open.
• Bootloader: Available via bootpin set to Vdd. Cf AN2606.

Debug Authentication

• Discovery: yes.
• Debug-reopening: only after Debug Authentication provisioning.
• Regression: only after Debug Authentication provisioning.

2.5. Product state : Provisioning

• This state is used during the provisioning.
  
• The debug is only available when executing a nonsecure user application.
  

• The Trust-Zone can be disabled or enabled (not available for STM32H503 devices).
  
• Bootloader is usable.
  
• Secure Firmware install can be launched in this state (not anymore possible in the following states).
  

2.6. Product state : Provisioned

• In this state, the OEMiRoT or STiRoT code and datas are provisioned.
  
• Debug is available only when executing a nonsecure user application.
  

• Debug Authentication can be launched : Debug access for secure applications can be available by launching the Debug Authentication (see Debug Authentication setting).
  
• The OEMiRoT or STiRoT can launch the bootloader if the verification of the code located in the next isolation level is failing (authentication, integrity, or missing code)
  

2.7. Product state : TZ-Closed

• This product state is not available for STM32H503 devices.
• The TZ-Closed state corresponds to an intermediate state of the product. All the secure firmware is installed, the non secure application can be developed, or loaded in a second instance.
• The [STiRoT or OEMiRoT]+ uRoT (optional) + Secure user application code and data are provisioned.
• uRoT(optional) can launch the bootloader if the verification of the code located in the next isolation level is failing (authentication, integrity, or missing code).
  
• The debug is only available when executing a nonsecure user application.
  
• Debug Authentication can be launched : Debug access for secure applications can be available by launching the Debug Authentication.
• From this state, the non secure application can be updated using the firmware update mechanism, or directly programmed through the flash loader (embedded in the IDE).

2.8. Product state : Closed

• This state occurs with the fully provisioned product.
  
• Debug Authentication is allowed : The debug is fully closed but can be opened by launching the Debug Authentication (see Debug Authentication setting).

2.9. Product state : Locked

• This state is used with the fully provisioned product without any more changes.
  
• Locked is a final unchangeable product state. No method can modify the embedded firmware and product configuration.
  
• The debug is definitively closed and cannot be reopened through debug authentication.
  
• No regression is possible anymore
  

3. Lifecycle

The figure below shows the product states of the product during along the lifecycle phases :

• Development phase, offering full debug capabilities to the developer.
• Provisioning phase, the main asset areas are protected (no longer accessible)
• Final phase, the product is in the field.
• Maintenance phase, including field return management.
  

4. References

• RM0481 STM32H5x3/562 reference manual