How to start with DA access on STM32H7S
Literature
- Wiki pages:
- STiRoT STM32H7S How to intro article.
- STiRoT_for_STM32H7RS article
- How to start with OEMiRoT on STM32H7S article.
- How to start with STiRoT on STM32H7S article.
- Debug Authentication for STM32H7RS article.
- UM2237 STM32CubeProgrammer software description
- UM2238 STM32 trusted package creator (TPC) tool software description
- AN5054 Secure programming using STM32CubeProgrammer
- ANxxx Getting started with STiRoT for STM32H7S MCUs
Introduction
Through this practical example you will learn:
- How to perform a debug authentication and reopen the debugger.
- How to read the installed user application firmware using the STM32CubeProgrammer
- How to attach an IDE on a running target and execute step by step, the secure user application
- How to make a Firmware Update of a closed device
- How to perform a regression to retrieve an empty board.
Prerequisites
- Hardware
- STM32H7S discovery board: the STM32H7S devices have all the available security features, including the HW crypto accelerator (the HW cryptographic acceleration is not support for STM327R devices).
- Discovery MB1736- STM32H7S (need USBC cable)
- STM32H7S discovery board: the STM32H7S devices have all the available security features, including the HW crypto accelerator (the HW cryptographic acceleration is not support for STM327R devices).
- Required tools
- STM32Cube_FW_H7RS_V1.0.0RC3 or later
- STM32CubeProgrammer_rev0.0.7-H7RS-B01 or more recent (with trusted package creator (TPC) selected at installation).
- IAR Embedded Workbench® rev 9.20.1 or later.
- IAR Patch EWARMv9_STM32H7R-Sxx_V0.10.0 or later
- Tera Term / Putty or equivalent terminal emulator.
- STM32Cube Firmware
- Download the STM32Cube_FW_H7RS Cube firmware (advise is to place it close form the C: in order to avoid long windows paths)
- A directory STM32H7S78-DK is included in "STM32Cube_FW_H7RS\Projects"
- Open the env.bat file
- If the STM32CubeProgrammer has not been installed in the default folder:C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer, the customized installation path needs to be updated.
- Update the COM port to be aligned with your COM port number.
- Use the Windows device manager to find out your COM port number, as shown in figure below
1. Debug Opening (intrusive debug)
For a device in closed state the debugger is no open and you have an error message if you try to connect STM32CubeProgrammer.
To open the debug it is mandatory that the device has been provisioned in closed state with Certificate Debug Authentication.
To follow the procedure described bellow the device must be provisioned in closed state with OEMiRoT or STiRoT.
For OEMiRoT
1.1. Debug Opening procedure - OEMiRoT usecase
- Please follow OEMiRoT example with CERTIFICATE configuration until 2.7 OEMiRoT application execution. Don't perform a full regression, the device must be in closed state.
- Open STM32CubeProgrammer
- Select the shield
- Click on "Discover" -> the product state "Closed" is displayed
- Browse the paths for the root key and the certificate, as indicated in the figure below.
- Click on continue -> the permission window is open
- Select "Level 3 Intrusive Debug"
- Click Execute -> A Debug Authentication Success message is displayed.
- The debugger is open and the content of the flash can be readout, as shown in figure below
The debugger will stay open until the next hardware reset.
- Disconnect STM32CubeProgrammer
1.2. IAR connection, step by step user application execution - OEMiRoT usecase
To attach an IDE:
- Disconnect STM32CubeProgrammer.
- Open the Project.eww located in the EWARM.
- Select: Project -> Attach to running target.
- Open the main.c.
- Set a break point, run the program in the debugger
- Reset the board (black button) and the execution will stop at this point.
- Select: View->Memory-> Memory1 and enter the flash address => The nonsecure code is visible @ 0x70000400.
1.3. Debug Opening procedure - STiRoT usecase
- Perform STiRoT example with CERTIFICATE configuration until 2.4 STiRoT application execution.
- Open STM32CubeProgrammer
- Select the shield
- Click on "Discover" -> the product state "Closed" is displayed
- Browse the paths for the root key and the certificate, as indicated in the figure below.
- Click on continue -> the permission window is open
- Select "Level 2 Intrusive Debug" (the STiRoT application is execute in HDPL2, see Secure Boot for STM32H7RS article)
- Click Execute -> A Debug Authentication Success message is displayed.
- The debugger is open and the content of the flash can be readout, as shown in figure below
The debugger will stay open until the next hardware reset.
- Disconnect STM32CubeProgrammer
1.4. IAR connection, step by step user application execution - STiRoT usecase
- Launch IAR
- Select Project -> Attach to Running Target (see figure below) (the STM32CubeProgrammer must be disconnected first)
Some trials you can do are indicated in the figure below
- Set a break point
- Click on "break"
- Click on "Reset"
- Try out some step by step executions
- Click on "Go" -> the execution will stop at the break point.
- Make a modification of the user application code, for instance as proposed in the figure below
- Project -> Rebuild All
- The new application image created through the postbuild command, will be used in the firmware update example described in next chapter.
2. Firmware Update for a Closed device
The following description shows how to perform a Firmware Update.
At the date of writing this article, the GUI graphical interface is not yet functional to perform a firmware update.
The following example shows how to proceed using the debug authentication script and updating the firmware through command line.
To follow the procedure described bellow the device must be provisioned in closed state with OEMiRoT or STiRoT.
For OEMiRoT please follow OEMiRoT example with CERTIFICATE configuration until 2.7 OEMiRoT application execution. Don't perform a full regression, the device must be in closed state.
For STiRoT perform STiRoT example with CERTIFICATE configuration until 2.4 STiRoT application execution.
2.1. Debug Authentification
- In the previous section the encrypted and signed image has been created for a the modified firmware. If it's not the case, open the STiRoT_Appli, make some modifications and rebuild all the file -> image creation through postbuild command.
- If applicable: close IAR or Disconnect STM32CubeProgrammer
- Unplug/ replug the Discovery board USB cable to make a hardawre reset. If the debugger was open, it will be closed again.
- Launch the dbg_auth.bat script
- Type "e" to select the Forced Download. (See the permission set during the certificate generation, DA setting using TPC)
- The script will indicate an error. Ignore it, this will be fixed in later script version
2.2. New application code image download
- In a command prompt: execute the command indicated below
- Depending on your PC administrator rights, you need to run it from the STM32CubeProgrammer installation directory: C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer_revx.x.x-H7RS-xxx\bin
- Command to execute: STM32_Programmer_CLI.exe -c port=COMxx br=921600 -elbl "ExternalLoader\MX66UW1G45G_STM32H7S78-DK_XSPIM1-SFIx.stldr" -d C:\Users\xxxxx\STM32Cube_FW_H7RS_Vx.x.x\Projects\STM32H7S78-DK\Applications\ROT\STiROT_Appli\Binary\appli_enc_sign.hex
- Note:the xxx needs to be adapted for your configuration.
- Note:the xxx needs to be adapted for your configuration.
- The new image of the application code is downloaded in the external flash donwload area defined during the STiRoT configuration defined previously.
- At next reset the STiRoT will detect that a new firmware needs to be installed and perform automatically the installation (this is transparent for a user).
2.3. New installed application code execution
- Launch the Teraterm (or equivalent)
- Reminder:
- File => New connection
- The COM port number should be the same as indicated by your Windows device manager and also written in the env.bat file (see Prerequisites chapter)
- Setup => Serial port -> update to 115200 (and see the figure below for other configurations) -> New Setting
- Press the reset button (black button of the discovery board)
- The new STiRoT application is executed as shown in the figure below
2.4. Full regression using graphic interface
Previously the regression script has been used.
Following an example showing how to proceed using the graphic interface of STM32CubeProgrammer.
- Close Teraterm
- Start STM32CubeProgrammer
- Select the shield
- Click on "Discover" -> the product state "Closed" is displayed
- Browse the paths for the root key and the certificate, as indicated in the figure below.
- Click on continue -> the permission window is open
- Select Full Regression
- Click Execute -> A Debug Authentication Success message is displayed.
- Using STM32CubeProgrammer, you can verify that the flash is empty and that the device is back in "Open" state.
- Note: it's a good habit to make a full regression after completing trials. Reminder that it's important if you have regenerated the root key, to not loose this key in ordrer to be able to make a regression or a debugger opening.