Debug Authentication for STM32H7RS

This message will disappear after all relevant tasks have been resolved.

Semantic MediaWiki

There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

1. Introduction

This article gives an overview about Debug Authentication applied to STM32H7RS MCUs.

A detailed description of Debug Authentication is provided in AN6008

If you want to learn more about Debug Authentication specific usage for each STM32H7RS device and you want to practice, refer to Debug Authentication STM32H5 How to Introduction

List of applicable products:

Type	Products
Microcontroller	STM32H7Rxx, STM32H7Sxx

2. Debut Authentication Services

The Debug authentication allows to securely:

Re-open the debug access
Perform full regression to product states OPEN

This service is usable:

During development
For field return analysis

Two Authentication methods are available :

use a password (very similar to U5). Only a full regression to the OPEN state is possible.

use a certificate chain. Regression and debug opening are possible.

When using certificates, the authorized actions are defined through mask.

Refer to AN6008 for more details about Debug Authentication certificates, actions and mask usage.

The Debug Authentication protocol uses the JTAG dedicated access point (ap0) to communicate with the chip.
The protocol is defined by Arm®: ARM PSA ADAC V1.0. (Authenticated Debug Access Control PSA ADAC V1.0. (Authenticated Debug Access Control)

Refer to AN6008 for more details on the Debug Authentication protocol.

3. Debug Authentication provisioning

STM32H7RS series devices have as OBKey areas used to store keys/ passwords.

Refer to AN6008 for more details on the Debug Authentication provisioning.