1. Secure Manager installation
To update your environment and provision the latest Secure Manager, proceed as explained in the following wiki How to start with Secure Manager default configuration on STM32H5.
Once this is done, you have:
- STM32CubeH5 v1.3.0 in /path/to/CubeH5_v1.3.0
- X-CUBE-SEC-M-H5 v1.2.0 applied on top of STM32CubeH5
- Secure Manager running on your target
2. Project preparation
To work with the new ecosystem, you must setup a few things for your project.
2.1. Getting the Python® file
Copy and paste project.py
and project.ini
from Project/STM32H573I-DK/Templates/ROT/SMAK_Appli to your project directory:
You must now update the project.ini
.
project.ini source | project.ini updated | Description |
---|---|---|
[sm]
path=./../../../ROT_Provisioning/SM/
|
[sm]
path=/relative_path/to/cubeH5_v1.3.0/Project/STM32H573I-DK/ROT_Provisioning/SM/
|
Relative path from project.ini to SM directory
|
[binary_download]
image_xml = ./Images/SM_Code_Image.xml
output = ./Binary/appli_enc_sign.hex
|
[binary_download]
image_xml = ./Images/SM_Code_Image.xml
output = ./Binary/appli_enc_sign.hex
|
Relative path from project.ini to the image xml and the output binary used to program the target
|
[binary_ota]
image_xml = ./Images/SM_Code_Image_bin.xml
output = ./Binary/appli_enc_sign.bin
|
[binary_ota]
image_xml = ./Images/SM_Code_Image_bin.xml
output = ./Binary/appli_enc_sign.bin
|
Relative path from project.ini to the image xml and the output binary used for OTA update
|
[iar]
linker = ./EWARM/stm32h573xx_flash.icf
output = ./EWARM/STM32H573I-DK_SMAK_Appli_Templates/Exe/appli.bin
[keil]
linker = ./MDK-ARM/stm32h5xx_app.sct
output = ./MDK-ARM/STM32H573I-DK_SMAK_Appli/Exe/Project.hex
[cubeide_debug]
linker = ./STM32CubeIDE/STM32H573IIKXQ_FLASH.ld
output = ./STM32CubeIDE/Debug/STM32H573I-DK_SMAK_Appli_Templates.bin
[cubeide_release]
linker = ./STM32CubeIDE/STM32H573IIKXQ_FLASH.ld
output = ./STM32CubeIDE/Release/STM32H573I-DK_SMAK_Appli_Templates.bin
|
[iar]
linker = ./EWARM/stm32h573xx_flash.icf
output = ./EWARM/MyProject/Exe/nonsecure_app.bin
|
Relative path from project.ini to the linker file and the output binary out of compilation
|
2.2. Updating prebuild and postbuild
Update in your project settings so your prebuild/postbuild call those functions:
- prebuild
python ../project.py prebuild --compiler {compiler}
- postbuild
python ../project.py postbuild
For example, using IAR, with the [iar]
configuration:
2.3. Updating clock configuration
Last but not least, there are new requirements regarding clock configuration; Ensure that:
- HSI48 and LSI are not configured in your
SystemClockInit()
, for example:
Before | After |
---|---|
/* Use HSE in bypass mode and activate PLL with HSE as source. Enable HSI48. */
RCC_OscInitStruct.OscillatorType = RCC_OSCILLATORTYPE_HSE|RCC_OSCILLATORTYPE_HSI48;
RCC_OscInitStruct.HSI48State = RCC_HSI48_ON;
RCC_OscInitStruct.HSEState = RCC_HSE_BYPASS_DIGITAL;
RCC_OscInitStruct.PLL.PLLState = RCC_PLL_ON;
RCC_OscInitStruct.PLL.PLLSource = RCC_PLL1_SOURCE_HSE;
|
/* Use HSE in bypass mode and activate PLL with HSE as source.*/
RCC_OscInitStruct.OscillatorType = RCC_OSCILLATORTYPE_HSE;
RCC_OscInitStruct.HSEState = RCC_HSE_BYPASS_DIGITAL;
RCC_OscInitStruct.PLL.PLLState = RCC_PLL_ON;
RCC_OscInitStruct.PLL.PLLSource = RCC_PLL1_SOURCE_HSE;
|
- LPTIM6 is not used by your nonsecure application as it is now privatized by the Secure Manager
3. Building and testing your application
Now you are ready to test.
3.1. Building your application
You can build your application:
Project - STM32H573I-DK_SMAK_Appli
Reading project nodes...
Cleaning... 59 files.
Pre-build command
2024-07-15 14:39:35,253 - INFO - Running prebuild ...
2024-07-15 14:39:43,772 - INFO - Linker files updated successfully
2024-07-15 14:39:45,817 - INFO - XML images and key updated successfully
....
Post-build command
2024-07-15 14:40:11,642 - INFO - Postbuild successful
Total number of errors: 0
Total number of warnings: 0
Build succeeded
3.2. Downloading your application
As explained in How to start with Secure Manager (customized configuration) on STM32H5, you must now use:
python project.py download
It then downloads [binary_download].binary
from project.ini to your target.
You application is running, built, and downloaded with the new ecosystem.