How to start with Secure Manager default configuration on STM32H5

This message will disappear after all relevant tasks have been resolved.

Semantic MediaWiki

There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

Target description

The purpose of this article is to explain step by step how to use the Secure Manager provided in the STM32Cube_FW-H5, using the STM32H573 discovery board.
This "how to start" guide is using the default configuration provided in the STM32Cube_FW_H5.
If you want to modify the default configuration, please refer to the How to start with Secure Manager customized config on STM32H5 article.

It is strongly advised to start with this practical example before starting to customize your own solution.
If you want to regenerate keys, you must understand the implications and understand how to store the keys.

1 Introduction

Start by reading the Secure Manager STM32H5 How to Intro article.
For technical background, please refer to the Secure Manager for STM32H5 article.

2 Prerequisites

Hardware
- STM32H573 discovery board: the STM32H573 devices have all the available security features, including the HW crypto accelerator. (Note: the Secure Manager is not supported for STM32H56x devices, the HW crypto is not available)
- Discovery MB1677- STM32H573 (USB-C cable not included)

Figure 1 STM32H573-DK MB1677.png

In case your board has already been used for other hands-ons:
- Perform a regression in case the board is in another state than OPEN (using the script provided for the last hands-on done).
- If the board is in OPEN state, verify that the SECBOOT_LOCK option byte is not set (use STM32CubeProgrammer).

Required tools
- STM32Cube_H5_V1.1.0 with STM32Cube_H5_V1.1.1 patch, or later
- X-Cube-SEC-M-H5_V1.0.0 (or later) available upon request. It contains the Secure Manager binary.
- STM32CubeProgrammer_rev2.14.0 or more recent (with STM32TrustedPackageCreator (TPC) selected at installation).
- One of the supported IDE:
  - EWARM (IAR) : V9.20.1 and the patch EWARMv8_STM32H5xx_V1.1.0 or later to support the STM32H5 series
  - STM32CubeIDE : 1.13.0 or later
  - MDK_ARM : V5.37.0.0 and the patch Keil_STM32H5_DFP.1.0.0 or later to support the STM32H5 series
- Tera Term / Putty or equivalent UART terminal emulator.

The IDE patches can be found in the STM32CubeFW_H5 Cube firmware:

Figure 2 IDE patches in STM32CubeH5 Firmware Package

STM32Cube Firmware
- Download the STM32CubeFW_H5 Cube firmware
  - With STM32Cube_H5_V1.1.0 you must also download the STM32Cube_H5_V1.1.1 patch and copy all the files into V1.1.0
  - For later STM32Cube_H5_V1.1.x, when available, it is delivered as a single zip file.
- Download the X-Cube-SEC-M_H5_V1.0.0 (or later) expansion package and copy at the root of the STM32CubeFW_H5 Cube firmware.
- A directory STM32H573I-DK is included in the “Projects” directory
- If the STM32CubeProgrammer is not installed in the default folder:
  - C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer.
  - The customized installation path must be updated in the environment variable: env.bat (see the example in the figure below).

Figure 3 STM32CubeProgrammer installation path to update in env.bat file

3 Step by step instructions

On the STM32H573-DK, check that the switch (SW1) is set to 0 to boot from user flash

Figure 4 SW1 switch to set to 0 (user flash boot)

Connect the STM32H573-DK using the USB-C cable
Execute the provisioning_auto.bat script

Figure 5 Secure Manager installation script

Note:
In the figure above two scripts are shown:
- The provisioning_auto.bat to install the default configuration (used in this article).
- The provisioning.bat to customize the configuration (used in the How to start with Secure Manager customized config on STM32H5 article

3.1 Script (provisioning_auto.bat) step 1

The step 1 of the script automatically generates all the needed files used for the device confguration.
When using the default configuration and keys, the script is executed up to step 2.

Figure 6 Configuration file generation

The step 1 of the script automatically generates all the files needed for the Secure Manager configuration.
As mentioned before, for more details about customized configuration, please refer to How to start with Secure Manager customized config on STM32H5 article.

Note: The figure above shows the Debug Authentication (DA) configuration. For all trials, it is advised to use the default keys provided by ST. In case new keys are generated and the device is set in another state than open, it will not be possible to reopen the debugger and to make a regression in case these new keys are lost.

3.2 Script (provisioning_auto.bat) step 2

After completion of step 1, follow the indications of the script as shown in the figure below.
The step 2 of the script installs the Secure Manager and a nonsecure default application.

Figure 7 Secure Manager and default application installation

After installation you should see:

The message saying the board is correctly confirmed
On the discovery board the led1, led2, led3 and led4 must blink (default installed code by the script)

Note in case of issue:

Check the provisioning.log file (in directory: \Projects\STM32H573I-DK\ROT_Provisioning\SM).
Perform a regression (see chapter below) and restart at the beginning of this article.

4 Default installed code execution

As mentioned above, after the script execution completion, you should see the four led blinking corresponding to the default installed application code.

Start Tera Term or another terminal emulator (see figure below)
- Select -> Serial -> select your COM port
- Setup -> Serial port -> set Speed to 115200 baudrate, Data to 8 bit and Stop bit to 1bit -> New setting

Figure 8 Tera Term setting

Press the reset button of the discovery board (B2 black button)
The default installed code makes four led blinking and outputs the information shown in the terminal (see figure below): the memory configuration, the Secure Manager version and the version of the installed ST Updatable Root of Trust.

(for more details about uRoT please refer to the Secure Boot for STM32H5 article).

Figure 9 Default installed application execution

Close the terminal window
Start STM32CubeProgrammer and try to connect, see the figure below

Figure 10 STM32CubeProgrammer connection

The following can be observed:

The Option Byte readout shows that the script has set the device in TZ-Closed (TrustZone^®-Closed). This leaves the nonsecure application open for debug. For more details about product states, refer to the New product state article
The user flash at 0x08000000 is not accessible as it is a secure zone where the Secure Manager is installed.
The user flash at 0x0806E400 is accessible and is the location of the nonsecure default installed application.

Notes:

Do not modify the Option Bytes (regressions are not allowed, Closed state setting is allowed but don't do it for this tutorial as it closes the debug access for the nonsecure application).
!! Important reminder: the Locked state closes definitively your device. It is a final state adding a further protection level, but the device can not be changed or the debugger reopened anymore, by any method.

5 Develop your own application

As described above, the device is set in TZ-Closed by the installation script. This means that the device is still open for nonsecure application development.
An example of application that you can modify is included in the STM32Cube_H5. It is provided for the three supported IDE (EWARM, MDK-ARM and STM32CubeIDE).

Open the application located at : STM32Cube_FW_H5_Vx.x.x\Projects\STM32H573I-DK\Applications\ROT\SMAK_Appli\
The following example is shown using IAR (EWARM) project, you can use the other supported IDE (MDK-ARM, STM32CubeIDE) in the same way.
You can make your own modifications to this code.
To upload the code to the device, simply select: download and debug as shown in figure below (for IAR)

Figure 11 Code download into the device (IAR)

Close the IDE and connect your terminal emulator according the setting described in chapter Default installed code execution
Press the reset button of the discovery board (B2 black button).
The window shown below is displayed. The menu of the different services (API) of the Secure Manager are indicated (for more details refer to How to start with Secure Manager customized config on STM32H5

Figure 12 SMAK application execution

Since the device is in TZ-Closed, it is open for nonsecure application development, a modification of the application running on the device is straightforward:
Open the IDE, make your modifications and reload the modified application. For IAR select Make&Restart (see figure below)

Figure 13 Load modified application into the device (IAR)

Press the reset button of the discovery board (B2 black button) and the new application code is executed.

6 Regression

Perfoming a full regression is reinitialization (back to virgin state) the device.

The installed Secure Manager is removed
The full user Flash and OBKeys are erased
The memory mapping for nonsecure application is no longer fixed
The device is set in Open state

For more explanations see Secure Manager STM32H5 How to Intro article.

The easiest way to make a regression is to use the provided script shown in the figure below.

Figure 14 Full regression executing the provided script

Double click and the script automatically performs the regression
When the regression is completed, the script displays the message below

Figure 15 Regression completed

7 Troubleshooting

If the Secure Manager is used with the default configuration as described above, you should not have any issue (as nothing can be wrongly configured)
If errors occur, please refer to the dedicated chapter of the article How to start with Secure Manager customized config on STM32H5