How to create ROT examples for STM32H7RS

Revision as of 14:34, 17 September 2024 by Registered User
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

In STM32CubeH7RS Firmware Package, ROT examples are not provided for all boards and for all MCUs. This article explain how to generate ROT examples for:

  • NUCLEO-H7S3L8 board
  • and for STM32H7R device.


1. ROT projects creation for NUCLEO-H7S3L8

As provided for STM32H7S78-DK board, several ROT examples can be generated on the NUCLEO-H7S3L8 board. The list of projects to be created depends on the boot configuration selected:

  • STiRoT: STiROT_iLoader and STiROT_Appli projects must be created.
  • OEMiRoT: OEMiROT_Boot and OEMiROT_Appli projects must be created.
  • STiRoT + OEMuRoT: STiROT_iLoader, OEMiROT_Boot and OEMiROT_Appli projects must be created. OEMuRoT boot can be generated by compiling OEMiRoT_Boot project with OEMUROT_ENABLE switch activated.

1.1. STiRoT projects creation

This paragraph shows how to create the STiRoT projects for the NUCLEO-H7S3L8 board starting from STM32H7S78-DK STiRoT projects. In the package, for Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT, only readme files are provided. So, the generation of STiROT_iLoader and STiROT_Appli projects with associated provisioning scripts can be done by following these steps:

  1. Get source files from STM32H7S78-DK project:
    • Copy the Firmware/Projects/STM32H7S78-DK/Applications/ROT/STiROT_iLoader content into Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/STiROT_iLoader folder.
    • Copy the Firmware/Projects/STM32H7S78-DK/Applications/ROT/STiROT_Appli content into Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/STiROT_Appli folder.
    • Copy the Firmware/Projects/STM32H7S78-DK/ROT_Provisioning content into Firmware/Projects/NUCLEO-H7S3L8/ROT_Provisioning.
  2. Change the board name in the Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT project configurations (from STM32H7S78-DK to NUCLEO-H7S3L8):
    • Open STiROT_iLoader/EWARM/Project.ewp and Project.ewd (with a text editor like notepad++) and replace in whole file:
      • STM32H7S78-DK_STiROT_iLoader with NUCLEO-H7S3L8_STiROT_iLoader
      • STM32H7S78-DK\Exe with NUCLEO-H7S3L8\Exe
      • STM32H7S78-DK\Obj with NUCLEO-H7S3L8\Obj
      • STM32H7S78-DK\List with NUCLEO-H7S3L8\List
    • Open STiROT_iLoader/MDK-ARM/Project.uvprojx and Project.uvoptx (with a text editor like notepad++) and replace in whole file:
      • STM32H7S78-DK_STiROT_iLoader with NUCLEO-H7S3L8_STiROT_iLoader
    • Open STiROT_iLoader/STM32CubeIDE/.cproject and .project (with a text editor like notepad++) and replace in whole file:
      • STM32H7S78-DK_STiROT_iLoader with NUCLEO-H7S3L8_STiROT_iLoader
      • STM32H7S78-DK_STiROT_Appli with NUCLEO-H7S3L8_STiROT_Appli
    • Open STiROT_Appli/EWARM/Project.ewp and Project.ewd (with a text editor like notepad++) and replace in whole file:
      • STM32H7S78-DK_STiROT_Appli with NUCLEO-H7S3L8_STiROT_Appli
      • STM32H7S78-DK\Exe with NUCLEO-H7S3L8\Exe
      • STM32H7S78-DK\Obj with NUCLEO-H7S3L8\Obj
      • STM32H7S78-DK\List with NUCLEO-H7S3L8\List
    • Open STiROT_Appli/MDK-ARM/Project.uvprojx and Project.uvoptx (with a text editor like notepad++) and replace in whole file:
      • STM32H7S78-DK_STiROT_Appli with NUCLEO-H7S3L8_STiROT_Appli
    • Open STiROT_Appli/STM32CubeIDE/.cproject and .project (with a text editor like notepad++) and replace in whole file:
      • STM32H7S78-DK_STiROT_Appli with NUCLEO-H7S3L8_STiROT_Appli
  3. Adapt the project to the correct device. For this, open the Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/STiROT_iLoader and STiROT_Appli projects:
    • With IAR (EWARM):
      • Go to "Options" and select "General Options" then in the "Target" field Select "device" then ST > STM32H7 > STM32H7S3 to choose ST STM32H7S3L8 device.
      • Go to "Options" and select "C/C++ Compiler" then "Preprocessor" tab and change the compilation symbol (STM32H7S3xx instead of STM32H7S7xx).
    • With STM32CubeIDE:
      • Go to "Properties" and select "C/C++ Build" tab then "Settings" and in the "Build Steps" tab change the command in "Pre-build steps" and change the compilation symbol (STM32H7S3xx instead of STM32H7S7xx).
      • Go to "Properties" and select "C/C++ General" tab then "Paths an Symbols" and in the "Symbols" tab select symbols for "GNU C" and change the compilation flag (STM32H7S3xx instead of STM32H7S7xx).
    • With KEIL (MDK-ARM):
      • Go to "Options" and select "Device" tab to choose your device.
      • Go to "Options" and select "C/C++ (AC6)" tab then in the "Define" field in "Preprocessor Symbols" and change the compilation symbol (STM32H7S3xx instead of STM32H7S7xx).
  4. Adapt the provisioning files to the NUCLEO-H7S3L8 board:
    • Firmware/Projects/NUCLEO-H7S3L8/ROT_Provisioning/env.sh:
      • Update stm32ExtLoaderFlash variable with "-elbl $stm32programmercli_path/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1-OBL.stldr"
      • Update stm32ExtLoaderFlashOpen variable with "-el $stm32programmercli_path/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1.stldr"
    • Firmware/Projects/NUCLEO-H7S3L8/ROT_Provisioning/env.bat:
      • Update stm32ExtLoaderFlash variable with "-elbl %stm32tool_path%/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1-OBL.stldr"
      • Update stm32ExtLoaderFlashOpen variable with "-el %stm32tool_path%/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1.stldr"

Now, you can follow:

1.2. OEMiRoT projects creation

This paragraph shows how to create the OEMiRoT projects for the NUCLEO-H7S3L8 board starting from STM32H7S78-DK OEMiRoT projects. In the package, for Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT, only readme files are provided. So, the generation of OEMiROT_Boot, OEMiROT_Appli can be done by following these steps:

  1. Get source files from STM32H7S78-DK project:
    • Copy the Firmware/Projects/STM32H7S78-DK/Applications/ROT/OEMiROT_Boot content (except readme.md/.html) into Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/OEMiROT_Boot folder.
    • Copy the Firmware/Projects/STM32H7S78-DK/Applications/ROT/OEMiROT_Appli content (except readme.md/.html) into Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/OEMiROT_Appli folder.
    • Copy the Firmware/Projects/STM32H7S78-DK/ROT_Provisioning content (except readme.md/.html) into Firmware/Projects/NUCLEO-H7S3L8/ROT_Provisioning.
  2. Change the board name in the Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT project configurations (from STM32H7S78-DK to NUCLEO-H7S3L8):
    • Open OEMiROT_Boot/EWARM/Project.ewp and Project.ewd (with a text editor like notepad++) and replace in whole file:
      • STM32H7S78-DK_OEMiROT_Boot with NUCLEO-H7S3L8_OEMiROT_Boot
      • STM32H7S78-DK\Exe with NUCLEO-H7S3L8\Exe
      • STM32H7S78-DK\Obj with NUCLEO-H7S3L8\Obj
      • STM32H7S78-DK\List with NUCLEO-H7S3L8\List
    • Open OEMiROT_Boot/MDK-ARM/Project.uvprojx and Project.uvoptx (with a text editor like notepad++) and replace in whole file:
      • STM32H7S78-DK_OEMiROT_Boot with NUCLEO-H7S3L8_OEMiROT_Boot
    • Open OEMiROT_Boot/STM32CubeIDE/.cproject and .project (with a text editor like notepad++) and replace in whole file:
      • STM32H7S78-DK_OEMiROT_Boot with NUCLEO-H7S3L8_OEMiROT_Boot
    • Open OEMiROT_Appli/EWARM/Project.ewp and Project.ewd (with a text editor like notepad++) and replace in whole file:
      • STM32H7S78-DK_OEMiROT_Appli with NUCLEO-H7S3L8_OEMiROT_Appli
      • STM32H7S78-DK\Exe with NUCLEO-H7S3L8\Exe
      • STM32H7S78-DK\Obj with NUCLEO-H7S3L8\Obj
      • STM32H7S78-DK\List with NUCLEO-H7S3L8\List
    • Open OEMiROT_Appli/MDK-ARM/Project.uvprojx and Project.uvoptx (with a text editor like notepad++) and replace in whole file:
      • STM32H7S78-DK_OEMiROT_Appli with NUCLEO-H7S3L8_OEMiROT_Appli
    • Open OEMiROT_Appli/STM32CubeIDE/.cproject and .project (with a text editor like notepad++) and replace in whole file:
      • STM32H7S78-DK_OEMiROT_Appli with NUCLEO-H7S3L8_OEMiROT_Appli
  3. Adapt the project to the correct device. For this, open the Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/OEMiROT_Boot, OEMiROT_Appli projects:
    • With IAR (EWARM):
      • Go to "Options" and select "General Options" then in the "Target" field Select "device" then ST > STM32H7 > STM32H7S3 to choose ST STM32H7S3L8 device.
      • Go to "Options" and select "C/C++ Compiler" then "Preprocessor" tab and change the compilation symbol (STM32H7S3xx instead of STM32H7S7xx).
      • Open the "prebuild.cmd" file (located in "Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/OEMiROT_Boot/EWARM") and change the compilation symbol (-DSTM32H7S3xx instead of -DSTM32H7S7xx).
    • With STM32CubeIDE:
      • Go to "Properties" and select "C/C++ Build" tab then "Settings" and in the "Build Steps" tab change the command in "Pre-build steps" and change the compilation symbol (STM32H7S3xx instead of STM32H7S7xx).
      • Go to "Properties" and select "C/C++ General" tab then "Paths an Symbols" and in the "Symbols" tab select symbols for "GNU C" and change the compilation flag (STM32H7S3xx instead of STM32H7S7xx)
    • With KEIL (MDK-ARM):
      • Go to "Options" and select "Device" tab to choose your device.
      • Go to "Options" and select "C/C++ (AC6)" tab then in the "Define" field in "Preprocessor Symbols" and change the compilation symbol (STM32H7S3xx instead of STM32H7S7xx).
      • Go to "Options" and in the "User" tab change "Run #2" command in the "Before Build/Rebuild" field and add the define of your platform ("-DSTM32H7S3xx" instead of "-DSTM32H7S7xx").
  4. Adapt the provisioning files to the NUCLEO-H7S3L8 board:
    • Firmware/Projects/NUCLEO-H7S3L8/ROT_Provisioning/env.sh:
      • Update stm32ExtLoaderFlash variable with "-elbl $stm32programmercli_path/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1-OBL.stldr"
      • Update stm32ExtLoaderFlashOpen variable with "-el $stm32programmercli_path/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1.stldr"
    • Firmware/Projects/NUCLEO-H7S3L8/ROT_Provisioning/env.bat:
      • Update stm32ExtLoaderFlash variable with "-elbl %stm32tool_path%/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1-OBL.stldr"
      • Update stm32ExtLoaderFlashOpen variable with "-el %stm32tool_path%/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1.stldr"

Now, you can follow:

Info white.png Information
OEMuRoT can be generated by compiling OEMiRoT_Boot project with OEMUROT_ENABLE switch activated

2. OEMiROT projects adaptation for STM32H7R devices

This paragraph shows how to adapt existing STM32H7S OEMiRoT example to be compatible with STM32H7R MCU.

This adaptation is possible only with IAR and KEIL due to the 64 Kbytes memory footprint limitation (software cryptography over consumption vs hardware cryptography).

This adaptation can be done based on STM32H7S78-DK as described below but also based on NUCLEO-H7S3L8 once OEMiRoT projects are created (OEMiRoT projects creation).

To perform this adaptation the following steps must be executed:

  1. Adapt the project to the correct device. For this, open the Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/OEMiROT_Boot, OEMiROT_Appli projects:
    • with IAR (EWARM):
      • Go to "Options" and select "General Options" then in the "Target" field Select "device" then ST > STM32H7 > STM32H7R7 to choose ST STM32H7R7L8 device.
      • Go to "Options" and select "C/C++ Compiler" then "Preprocessor" tab and change the compilation symbol (STM32H7R7xx instead of STM32H7S7xx).
      • Open the "prebuild.cmd" file (located in "Firmware/Projects/STM32H7S78-DK/Applications/ROT/OEMiROT_Boot/EWARM") and change the compilation symbol (-DSTM32H7R7xx instead of -DSTM32H7S7xx).
    • with KEIL (MDK-ARM):
      • Do right click on the project, go to "Options for Target STM32H7S78-DK_OEMiROT_Boot" then select "Device" tab then STMicroelectronics > STM32H7 series > STM32H7R7 to choose STM32H7R7L8 device
      • Go to "Options" and select "C/C++ (AC6)" tab then in the "Define" field in "Preprocessor Symbols" and change the compilation symbol (STM32H7R7xx instead of STM32H7S7xx).
      • Go to "Options" and in the "User" tab change "Run #2" command in the "Before Build/Rebuild" field and add the define of your platform ("-DSTM32H7R7xx" instead of "-DSTM32H7S7xx").
  2. Adapt the provisioning files to the STM32H7R device:
    • Firmware/Projects/STM32H7S78-DK/ROT_Provisioning/OEMiROT/obkey_provisioning.bat, obkey_provisioning_open.bat, provisioning.bat (.sh):
      • update device_type variable with "H7R"
    • Firmware/Projects/STM32H7S78-DK/ROT_Provisioning/DA/Config/DA_Config.xml, DA_ConfigWithPassword.xml:
      • use a text editor to set the field DoEncryption to 0 and use STM32TrustedPackageCreator to generate matching .obk files
    • Firmware/Projects/STM32H7S78-DK/ROT_Provisioning/OEMiROT/Config/OEMiROT_Config.xml:
      • use a text editor to set the field DoEncryption to 0 and use STM32TrustedPackageCreator to generate matching .obk files

Now, you can follow Security:How to start with OEMiRoT on STM32H7S article to run the OEMiRoT example. Even if initially wrote for STM32H7S, this article is relevant for STM32H7R.



Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:How_to_create_ROT_examples_for_STM32H7RS&oldid=59624"
No categories assignedEdit