STM32H5 boot path using the STM32CubeMX "How to Introduction"
Target description
The purpose of this article is to provide the background knowledge needed to understand and execute the related "How to start".
This introduction article reviews some technical notions related to this topic. More detailed explanations are available in the two following articles:
- Introduction theoretical article: Introduction to Secure boot and Secure firmware update
- Specific STM32H5 boot paths article: Secure Boot for STM32H5
1. Introduction
A boot path selection interface was added to the STM32CubeMX to help the customers select the boot configuration adapted to their needs.
The configuration is done through the following main choices. See possible boot paths in below section and in the Secure Boot for STM32H5 article:
- Is a runtime isolation needed?: TrustZone® activation or not (possible on STM32H53, STM32H56 and STM32H57).
- If runtime isolation is needed:
- Secure Manager or
- Immutable Root of Trust (iROT) with secure user application (TFM, Trusted Firmware) and optional nonsecure user application.
- If no runtime isolation is needed:
- Root of Trust (iROT, uROT) needed or not?
Examples are provided in the STM32CubeFW using different types of boot paths. See for instance the following links:
The STM32CubeFW examples are using the provided script, configuration files, and user application codes.
The STM32CubeMX examples are using implicitly similar configuration files, but the appropriate boot path is chosen graphically through the tool and the initial codes are generated.
With STM32CubeMX, you can generate your own project in an easy to use and straightforward way.
- This article gives an introduction on how to define and configure a boot path starting from scratch using STM32CubeMX, and how the initial related codes (secure and nonsecure) are generated.
- The STM32CubeMX tool provided by ST is available at the following link: STM32CubeMX installation file.
- How to proceed practically step by step is explained in the different "How To" articles of the table below.
| Product Serie | STM32H503 | STM32H533 | STM32H563 | STM32H573 | Prerequisite | Introduction article | Path Nr Figure 2 |
|---|---|---|---|---|---|---|---|
| Embedded flash size | 128k | 512k | 2M | - | - | - | |
| Ecosystem | Nucleo MB1814-H503RB | Nucleo-H533RE | Nucleo MB1404-H563ZI | Discovery MB1677-H573II | - | - | - |
| STM32CubeMX OEMiROT example | - | - | Link to How To | Link to How To | STM32CubeMx_V6.9.0 or later | Link | 1 |
| STM32CubeMX STiRoT example | NA | - | NA | Link to How To | STM32CubeMx_V6.9.0 or later | Link | 2 |
| STM32CubeMX secure manager example | NA | NA | NA | Link to How To | STM32CubeMx_V6.9.0 or later | Link | 3 |
- Note:
- NA: Not Applicable
- - : Possible bootpath but dedicated example not available (refer to other existing examples)
2. The different possible boot paths
The possible boot paths depend on the chosen device, if it supports the embedded hardware cryptography, and if TrustZone® is activated or not.
STiRoT and implicitly the secure manager are only available on devices supporting the full hardware cryptography.
The article mentioned previously gives more details about the supported boot paths Secure Boot for STM32H5.
In summary:
- The STM32H573 is supporting TrustZone® and full hardware cryptography, all boot paths are possible with this device. The Secure Manager is supported.
- The STM32H563 is supporting TrustZone® but limited hardware cryptography (hash + PKA verif). The STiRoT (ST immutable Root of Trust) and the secure manager are not supported.
- The STM32H533 is supporting TrustZone® and full hardware cryptography, all boot paths are possible with this device except the Secure Manager. With 512k flash size, the Secure Manager can't be supported.
- The STM32H503 is not supporting TrustZone®, and has limited hardware cryptography (hash) limiting to a single boot path as explained in the Secure Boot for STM32H5 article.
Notes:
- The STM32H563x does not support the full PKA (Public Key Accelerator), but only the embedded Verification Algorithm (DSA and ECDSA signature verification, see RM0481).
- The STM32H56x and STM32H50x are not under export control regulation since these products have limited embedded hardware cryptography.
The boot path is selected through option bytes programming (TZEN and UBE) as show in the next figure.
When the boot path is selected through STM32CubeMX, the related option bytes are programmed during the provisioning procedure.
This procedure is done automatically. The user does not need to take care of which option byte needs to be programmed.
2.1. STM32H5 boot paths
The figure below shows the possible boot paths selected through the related user option bytes.
Advice: Before setting manually some option bytes or trying your own settings and solutions, it is advised to execute the proposed "How to", specially the one related to the debug authentication: DA "How to" introduction in order to avoid locking your device or board.
All the boot paths of the above figure are supported by STM32CubeMX.
2.2. STM32H5 boot paths examples using STM32CubeMX
The table in the introduction section gives the link to the documented examples proposed for a boot path setting using STM32CubeMX. The figure below shows the related boot path:
Note: according to previous explanations:
- The boot path one is supported by STM32H53x, STM32H56x and STM32H57x (need TrustZone® activation).
- The boot path two is supported by STM32H53 and STM32H57x (need full hardware cryptography).
- The boot path three is only supported by STM32H57x (need full hardware cryptography and support of the Secure Manager).