Revision as of 11:26, 14 March 2023 by Registered User (→Debug Authentication - STM32H503 device)
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.Introduction to Debug Authentication for STM32H5 MCUs
1. Debug Authentication
- Debug authentication controls
- Debug opening
- Regressions
- It can be used
- During development
- During manufacturing
- For field return analysis
- Features
- When TZ disabled: usage of a password (very similar to U5). Only regression possible
- When TZ enabled: usage of cryptography (certificates). Regressions and debug opening
- Debug Authentication principle
- Uses JTAG dedicated access point (ap0) to communicate with the chip
- Secure protocol defined by ARM : PSA ADAC V1.0. (Authenticated Debug Access Control)
2. Debug Authentication - STM32H503 device
Provisioning
- STM32H503 doesn't provide OB-Key area and uses OTP(One time programming) to store the provisioning data
- Provisioning data is the HASH (SHA256) of the Password
- STM32TrustedPackageCreator is used to generate the Hash of the password choosen by user (16 bytes) adding SHA256 to ensure integrity
Debug Authentication allows to control
- Full Regression thanks to the Debug Authentication password
- Debug Authentication password has to be provisioned in OTP to allow this regression
3. Debug Authentication - STM32H563/573 device when TzustZone disabled
4. Debug Authentication - STM32H563/573 device when TzustZone enabled
5. How to start with STM32 and DA Access
You can refer to the following pages for getting started examples of DA access.