Debug Authentication for STM32H5

Revision as of 16:33, 20 December 2023 by Registered User
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

1. Introduction

This article gives an overview about Debug Authentication applied to STM32H5 MCUs.

A more detailed description of Debug Authentication is provided in AN6008.

The theoretical article about Debug Authentication describes all the possibilities of this feature: Debug Authentication

2. Services

The Debug authentication allows to securely:

  • Re-open the debug access
  • Perform regression to product states OPEN (full regression) or TZ-CLOSED (partial regression)

This service is usable:

  • During development
  • For field return analysis

Two Authentication methods are available :

  • When TrustZone is disabled, the authentication method used by the protocol requires a password (very similar to U5). Only regression is possible.
  • When TrustZone is enabled, the authentication method used by the protocol requires certificate chain. Regression and debug opening are possible.

The Debug Authentication protocol uses the JTAG dedicated access point (ap0) to communicate with the chip.
The protocol is defined by Arm®: ARM PSA ADAC V1.0. (Authenticated Debug Access Control) [1]

3. Debug Authentication for STM32H5 devices

STM32H5 series devices have specific characteristics that make the use of Debug Authentication different for every.

If you want to learn more about Debug Authentication specific usage for each STM32H5 device and you want to practice, refer to Debug Authentication STM32H5 How to Introduction

3.1. Provisionig

  • STM32H563/573 has OBKey areas used to store keys/ passwords.
  • STM32H503 devices don't have an OBKey area and use OTP (one-time programming) area to store passwords. That means that password cannot be changed anymore once provisioned.

3.2. TrustZone® feature

Debug Authentication usage is different depending on the activation of the TrustZone® feature.

  • If TrustZone® is active on a device with a secure or non-secure code flashed on the board, a regression or debugging re-opening from a product state different than "OPEN" can be done using a certificate. In this case, a partial regression (to TZ-CLOSED state) or a full regression (to OPEN state) is possible.
  • If TrustZone® is inactive on a device, Debug Authentication is only possible with a password. Only Full regression to the OPEN state is possible.

For STM32H503 devices, TrustZone® is inactive, and Debug Authentication always uses the password method.

4. References

  1. PSA ADAC V1.0. (Authenticated Debug Access Control)


Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:Debug_Authentication_for_STM32H5&oldid=46981"