How to start with STM32CubeMX STiRoT Boot path on STM32H57

Revision as of 17:00, 26 April 2023 by Registered User
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.


Version for review planed for wk18


Target description

The purpose of this article is to explain how to proceed step by step to generate a boot path using STM32CubeMx.
The example below will show how to configure and provision a boot path for an STiROT (ST Immutable Root of Trust) with a secure and non-secure user application initial code generation.
This initial code is modified to use two leds and the user button presents on the discovery board.
The obtained user application is:

  • Blinking the bue led in the secure user application
  • Use the user button to jump in the non-secure user application
  • Blinking the green led in the non-secure user application

Read the Secure_Boot_STM32H5_How_to_Introduction article before starting the practical example described below.

More technical details you may need to understand this getting started are available in the following articles:

The How to start described in this article is using the Boot path number 2 of the figure below.

File:Bootpath CubeMx example.png
Figure 1 STM32H5 Bootpath CubeMx examples

Prerequisites

To execute the example described below, you need:

  • Discovery board: STM32H573I-DK|
Figure2 STM32H573 DK MB1677.png
  • The following tools:
    • STM32CubeMx_6.9.0 or later (for installation, see appendix)
    • IAR Embedded Workbench rev 9.20.1 or later
    • STM32CubeProgrammer rev 2.13.0

Note:

  • STM32 Trusted Package Creator (TPC) is automatically installed during the STM32CubeMX installation. This TPC version dedicated to STM32CubeMX and installed in the STM32CubeMX/utilities folder.
  • The latest STM32Cube_FW revision is installed through STM32CubeMX (see appendix)
  • If needed set the windows environment variable (see appendix). It is required in case the H5 doesn’t appear in the “Access to MCU Selector” of STM32CubeMx

1. Setting the CubeMX project

Launch STM32CubeMX

  • 1) Click on Access to MCU selector (easier for this example to enable only the needed GPIOs, so it's advised to use the MCU selector instead of the board selector).
  • 2) Select STM32H5 serie and select the device used in STM32H5-DK
  • 3) Click start project
  • 4) Enable the TrustZone, as shown in the figure 1, for the STiROT bootpath the TZ needs to be enabled.
File:CubeMX project start.png
Figure 2 STM32CubeMX project start

Set the STM32CubeMX project:

  • 1) Type the name of the project (the related folder will be created)
  • 2) Chose the folder for this project (avoid long path)
  • 3) Tick both: Secure and non Secure projects
  • 4) Select the Toolchain, for this example EWARN is used


2. Configure the STiROT bootpath

3. Appendix

3.1. STM32CubeFW installation

The STM32CubeFW needs to be installed through STM32CubeMX.

  • Step 1: the repository folder has to be defined:
    • In CubeMx: Help menu -> Updater Settings
    • Browse the repository you have chosen for the STM32CubeFW
File:CubeFW repository.png
Figurex STM32CubeFW repository setting
  • Step 2: STM32CubeFW installation
    • In STM32CubeMX: Select Install/Remove
    • In the description frame: select STM32H5
    • Select the CubeFW package to install
    • In case you have locally the zip file of the STM32CubeFWH5: it can be installed by drag and drop this file in the description window

Note: only official STM32CubeFW release can be installed by STM32CubeMX.

File:Install CubeFW.png
Figurex STM32CubeFW installation
Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:How_to_start_with_STM32CubeMX_STiRoT_Boot_path_on_STM32H57&oldid=33318"