How to start with DA access on STM32H7RS

Revision as of 11:20, 21 March 2024 by Registered User (→‎Preliminary stage)
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

How to start with DA access on STM32H7S


Literature


Target description

The purpose of this article is to explain step by step how to use the Debug Authentication STM32CubeFW example provided by ST, using the STM32H7S NUCLEO board.
The user application flashed during the provisioning is the GPIO_IOToggle example from STM32CubeFW, installed in external memory.

Introduction

Two examples are provided in the STM32Cube_FW:
In this "getting started" a simple way to flash a user application in external memory and to provision the chip are shown based on the example provided in STM32CubeFW.

Through this practical example you will learn:

  • How to use the STM32CubeFW example which is provided.
  • How to configure the debug authentication for this example.
  • What the device provisioning is and how to perform the setup of the device.
  • How the user application is installed.
  • How to perform a regression to retrieve an empty board.

Prerequisites

  • Hardware
    • NUCLEO-H7S3L8 board: the STM32H7S devices have all the available security features, including the HW crypto accelerator (the HW cryptographic acceleration is not support for STM327R devices).


  • Required tools
    • STM32Cube_FW_H7RS_V1.0.0 or later
    • STM32CubeProgrammer_rev2.16.0 or more recent (with trusted package creator (TPC) selected at installation).
    • IAR Embedded Workbench® rev 9.20.1 or later.
    • Tera Term / Putty or equivalent terminal emulator.
Info white.png Information
The TPC installed together with CubeProgrammer in the bin folder located in default STM32CubeProgrammer path : C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin You can pin this tool to the taskbar to simplify the "STiRoT Getting started" process :
Security PinToTask.png


  • STM32Cube Firmware
    • Download the STM32Cube_FW_H7RS Cube firmware (advise is to place it close form the C: in order to avoid long windows paths)
    • A directory NUCLEO-H7S3L8 is included in "STM32Cube_FW_H7RS\Projects"
SECURITY DA access env bat NUCLEO H7S.png
  • Open the env.bat file
  • If the STM32CubeProgrammer has not been installed in the default folder:C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer, the customized installation path needs to be updated.


1. Debug authentication configuration

This chapter explains how to start with the provisioning script.
It is used to configure the debug authentication.


1.1. Preliminary stage

  • The different steps to configure the DA are based on a script provided in the STM32CubeFW: Projects\NUCLEO-H7S3L8\ROT_Provisioning\DA\provisioning.bat.
  • The following documentation is a guide through all the steps of this script, and explains how to perform each of them.
The figure below shows where the script is located in the STM32CubeFW.
SECURITY provisioning script folder Nucleo H7S.png


  • Launch the script: provisioning.bat (double click) and keep it running during all the following steps.
    • Type the product state: CLOSED (don't use LOCKED for this tutorial, this state is used only to set a final product state)
    • Type the chosen Debug Authentication: PASSWORD (for explanation about certificate and password refer to intro article)


Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:How_to_start_with_DA_access_on_STM32H7RS&oldid=52324"