Debug Authentication for STM32H5

This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

1 Introduction

This article lists the main characteristics of Debug Authentication applied to STM32H5 MCUs.

The theoretical article about Debug Authentication describes all the possibilities of this feature: Debug Authentication

If you want to learn more about Debug Authentication specific usage for each STM32H5 device and you want to practice, refer to Debug Authentication STM32H5 How to Introduction

2 Debug Authentication main principles overview

  • Debug authentication controls:
    • Debug opening: Re-open Debug Access on the STM32 securely.
    • Regressions: Perform regression to product states OPEN or TZ-CLOSED securely, erasing user data in user Flash, SRAM, and OBKeys.
  • It is usable:
    • During development
    • During manufacturing
    • For field return analysis
  • Debug Authentication is only useful when STM32 is no more in product state OPEN.

Refer to STM32 Product State Life cycle to learn more about the product state lifecycle.

  • Features
    • TZ disabled requires a password (very similar to U5). Only regression is possible.
    • When TZ enabled: usage of certificates chain. Regression and debug opening are possible.
  • Debug Authentication principle
    • Uses JTAG dedicated access point (ap0) to communicate with the chip
    • Secure protocol defined by Arm®: ARM PSA ADAC V1.0. (Authenticated Debug Access Control) [1]

3 Debug Authentication for STM32H5 devices

STM32H5 series devices have specific characteristics that make the use of Debug Authentication different for every.

3.1 OBKey area

  • STM32H563/573 has OBKey areas used to store keys/ passwords.
  • STM32H503 devices don't have an OBKey area and use OTP (one-time programming) area to store passwords. That means that password cannot be changed anymore once provisioned.

3.2 TrustZone® feature

Debug Authentication usage is different depending on the activation of the TrustZone® feature.

  • If TrustZone® is active on a device with a secure or non-secure code flashed on the board, a regression or debugging re-opening from a product state different than "OPEN" can be done using a certificate.

In this case, a partial regression (to TZ-CLOSED state) or a full regression (to OPEN state) is possible.

  • If TrustZone® is inactive on a device, Debug Authentication is only possible with a password.

Only Full regression to the OPEN state is possible.

For STM32H503 devices, TrustZone® is inactive, and Debug Authentication always uses the password method.

4 References

  1. PSA ADAC V1.0. (Authenticated Debug Access Control)


Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:Debug_Authentication_for_STM32H5&oldid=48350"