This article gives an overview of the adaptation needed to support OEMxRoT on a H5 without HW crypto support and H5 with reduced FLASH size.
1. Adaptation for device without HW crypto
For those device:
- Cryptography operations rely on MbedTLS middleware
- Provisioning data in OBKeys are not encrypted
Applicable products:
| Products with HW crypto | Products without HW crypto | Adaptations |
|---|---|---|
| STM32H573xx | STM32H563xx | NUCLEO-H563ZI example provided in STM32CubeH5 Firmware |
| STM32H533xx | STM32H523xx | Starting from NUCLEO-H533RE example, adaptations described in this page |
1.1. STM32H523 device
1.1.1. OEMiRoT_Boot projects adaptations
The code adaptations are available under the compile switch STM32H533xx in NUCLEO-H533RE OEMiRoT_Boot example.
Start from NUCLEO-H533RE OEMiRoT_Boot example. Open your preferred toolchain project and change the device STM32H533RE to your STM32H523xx chipset. And update the preprocessor flag from STM32H533xx to STM32H523xx.
1.1.2. Provisioning adaptations
Disable encryption of provisioning data (in obkeys):
- Set to 0 the value of the field
<DoEncryption>in the following xml.
ROT_Provisioning\DA\Config\DA_Config.xml
ROT_Provisioning\DA\Config\DA_ConfigWithPassword.xml
ROT_Provisioning\OEMiROT\Config\OEMiRoT_Config.xml
- Regenerate the obk files using STM32TrustedPackageCreator :
ROT_Provisioning\DA\Binary\DA_Config.obk
ROT_Provisioning\DA\Binary\DA_ConfigWithPassword.obk
ROT_Provisioning\OEMiROT\Binary\OEMiRoT_Config.obk
2. Adaptation for device with reduced FLASH size
2.1. Adaptation from NUCLEO-H533RE (512KB) to H533xC (256KB)
You must uncomment DEVICE_256K_FLASH_ENABLE in NUCLEO-H533RE\Applications\ROT\OEMiROT_Boot\Inc\flash_layout.h
2.2. Adaptation from NUCLEO-H563ZI (2MB) to H563xG (1MB)
You must uncomment DEVICE_1M_FLASH_ENABLE in NUCLEO-H563ZI\Applications\ROT\OEMiROT_Boot\Inc\flash_layout.h