Debug Authentication for STM32H5

1 Introduction

This article lists the main characteristics of Debug Authentication applied to STM32H5 MCUs.

The theoretical article about Debug Authentication describes all the possibilities of this feature: Debug Authentication

If you want to learn more about Debug Authentication specific usage for each STM32H5 device and you want to practice, refer to Debug Authentication STM32H5 How to Introduction

2 Debug Authentication main principles overview

  • Debug authentication controls:
    • Debug opening: Re-open Debug Access on the STM32 securely.
    • Regressions: Perform regression to product states OPEN or TZ-CLOSED securely, erasing user data in user Flash, SRAM, and OBKeys.
  • It is usable:
    • During development
    • During manufacturing
    • For field return analysis
  • Debug Authentication is only useful when STM32 is no more in product state OPEN.

Refer to STM32 Product State Life cycle to learn more about the product state lifecycle.

  • Features
    • TZ disabled requires a password (very similar to U5). Only regression is possible.
    • When TZ enabled: usage of certificates chain. Regression and debug opening are possible.
  • Debug Authentication principle
    • Uses JTAG dedicated access point (ap0) to communicate with the chip
    • Secure protocol defined by Arm®: ARM PSA ADAC V1.0. (Authenticated Debug Access Control) [1]

3 Debug Authentication for STM32H5 devices

STM32H5 series devices have specific characteristics that make the use of Debug Authentication different for every.

3.1 OBKey area

  • STM32H563/573 has OBKey areas used to store keys/ passwords.
  • STM32H503 devices don't have an OBKey area and use OTP (one-time programming) area to store passwords. That means that password cannot be changed anymore once provisioned.

3.2 TrustZone® feature

Debug Authentication usage is different depending on the activation of the TrustZone® feature.

  • If TrustZone® is active on a device with a secure or non-secure code flashed on the board, a regression or debugging re-opening from a product state different than "OPEN" can be done using a certificate.

In this case, a partial regression (to TZ-CLOSED state) or a full regression (to OPEN state) is possible.

  • If TrustZone® is inactive on a device, Debug Authentication is only possible with a password.

Only Full regression to the OPEN state is possible.

For STM32H503 devices, TrustZone® is inactive, and Debug Authentication always uses the password method.

4 References