Debug Authentication for STM32H5

Revision as of 15:11, 11 December 2023 by Registered User
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

1. Introduction

This article gives an overview about Debug Authentication applied to STM32H5 MCUs.

A more detailed description of Debug Authentication is provided in AN6008.

The theoretical article about Debug Authentication describes all the possibilities of this feature: Debug Authentication

If you want to learn more about Debug Authentication specific usage for each STM32H5 device and you want to practice, refer to Debug Authentication STM32H5 How to Introduction

2. Debug Authentication main principles summary

The Debug authentication allows to securely:

  • Re-open the debug access on the STM32.
  • Perform regression to product states OPEN or TZ-CLOSED, erasing user data in user Flash, SRAM, and OBKeys.

This service is usable:

  • During development
  • During manufacturing
  • For field return analysis

Debug Authentication is only useful when STM32 is no more in product state OPEN. Refer to STM32 Product State Life cycle to learn more about the product state lifecycle.

  • Authentication method
    • When TrustZone is disabled, the authentication method used by the protocol requires a password (very similar to U5). Only regression is possible.
    • When TrustZone is enabled, the authentication method used by the protocol requires certificate chain. Regression and debug opening are possible.
  • Debug Authentication principle
    • Uses JTAG dedicated access point (ap0) to communicate with the chip
    • Secure protocol defined by Arm®: ARM PSA ADAC V1.0. (Authenticated Debug Access Control) [1]

3. Debug Authentication for STM32H5 devices

STM32H5 series devices have specific characteristics that make the use of Debug Authentication different for every.

3.1. OBKey area

  • STM32H563/573 has OBKey areas used to store keys/ passwords.
  • STM32H503 devices don't have an OBKey area and use OTP (one-time programming) area to store passwords. That means that password cannot be changed anymore once provisioned.

3.2. TrustZone® feature

Debug Authentication usage is different depending on the activation of the TrustZone® feature.

  • If TrustZone® is active on a device with a secure or non-secure code flashed on the board, a regression or debugging re-opening from a product state different than "OPEN" can be done using a certificate. In this case, a partial regression (to TZ-CLOSED state) or a full regression (to OPEN state) is possible.
  • If TrustZone® is inactive on a device, Debug Authentication is only possible with a password. Only Full regression to the OPEN state is possible.

For STM32H503 devices, TrustZone® is inactive, and Debug Authentication always uses the password method.

4. References

  1. PSA ADAC V1.0. (Authenticated Debug Access Control)


Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:Debug_Authentication_for_STM32H5&oldid=46276"