NOR update with customized trusted image

Revision as of 14:59, 10 March 2023 by Registered User
Applicable for STM32MP15x lines

This article gives details about updating the bootloader objects of NOR memory, located onto STM32MP157x-EV1 Evaluation board More info green.png, using STM32CubeIDE.

BackToNavigationTree button.png

1. Overview[edit source]

The different steps to update NOR with customized trusted image are the following ones:

  • Initialize the NOR with Starter Package image thanks to STM32CubeProgrammer.
  • Within STM32CubeIDE:
    • customize the trusted image, thanks to embedded STM32CubeMX generating device trees
    • compile corresponding Linux® device tree & bootloader images
    • update them on running STM32MP157x-EV1 Evaluation board More info green.png
  • Check the new customization is correctly set up


NOR memory contains only TF-A BL2 and FIP partitions, Linux partitions are located on SD-Card.
All those steps are explained in chapters below.

2. Initialize NOR with Starter Package[edit source]

Initialize the NOR with Starter Package image thanks to STM32CubeProgrammer.
For that select the Starter package corresponding to the targeted STM32MP157x-EV1 Evaluation board More info green.png and jump to chapter Downloading the image and flashing it on the board.

Before executing the next step, check the bootloader version, visible in boot messages:

  • TF-A BL2 version, booting from NOR memory
NOR initial setting: TF-A BL2 version


  • U-boot version & extlinux.conf file used, booting from NOR memory
NOR initial setting: U-boot version & extlinux.conf


  • extlinux.conf content before update
NOR initial setting: extlinux.conf content

3. Customize and update bootloader images on running STM32MP157x-EV1 More info green.png board[edit source]

3.1. Build the trusted image inside STM32CubeIDE with the new expected device trees[edit source]

After customization of hardware resources within embedded STM32CubeMX, new device trees for Linux® and for bootloader are generated.
Next step is to build an update of the new trusted image; this is covered also within STM32CubeIDE with:

Note that for Linux®, only device tree has to be updated as described hereafter.

3.2. STM32MP157x-EV1 More info green.png board update with new Linux® device tree[edit source]

In this step, STM32MP157x-EV1 Evaluation board More info green.png is up and running with network access: target status is green. After having compiled device tree generated by STM32CubeMX , you need to :

  • update MP15 target bootfs with new .dtb under /boot
  • and adjust /boot/mmc0_extlinux/extlinux.conf in order to declare new device tree and set it as default. Note that this setup is done on SD card memory since Linux partitions are located there.

For that, follow steps explained below:

  • select the Cortex-A Linux® Deployment shortcut configuration available from Linux® project Run As... menu.
Linux® deployment configuration


  • Validate your choice and use Run button. You get in a dedicated Linux® Deployment console a message like this:
NOR Linux® deployment message


  • Check extlinux.conf content after NOR Linux® device tree update (DEFAULT and LABEL have changed)
NOR Linux® device tree update


3.3. STM32MP157x-EV1 More info green.png board update with new bootloader images[edit source]

In this step, STM32MP157x-EV1 Evaluation board More info green.png is up and running with network access: target status is green.
After having built customized bootloader images, you need to update STM32MP157x-EV1 Evaluation board More info green.png.

  • Select Cortex-A project in STM32CubeIDE and click right to get Cortex-A Bootloader Deployment shortcut.
Bootloader update shortcut


Connection is automatically set and you need to scan STM32MP15 target storage, thanks to Scan... button.
This storage list depends on the board and on the used boot storage.

Then, select the storage to update (NOR #0 here) and the TF-A BL2 & FIP image to update from FIP_artifacts/ .
Here is the corresponding STM32 Cortex-A Bootloader Deployment configuration:

NOR Bootloader deployment configuration


  • Click on Run, you get in a dedicated Bootloader Deployment console following message:
NOR Bootloader deployment message


4. Check new bootloader version after customization with STM32CubeIDE[edit source]

After the update, the new bootloader version can be checked by comparing version appearing in boot messages  : TF-A BL2 and U-Boot versions are modified and Linux® uses the generated device tree.
Here are the new boot messages :

  • TF-A BL2 updated version, booting from NOR memory
NOR updated TF-A BL2 version


  • U-Boot updated version & Linux® device tree, booting from NOR memory
NOR updated U-Boot version & Linux® device tree


BackToNavigationTree button.png



Linux® is a registered trademark of Linus Torvalds.

Trusted firmware for Arm® Cortex®-A

Boot loader stage 2

Firmware image package is a packaging format used by TF-A

Secure digital

SD memory card (https://www.sdcard.org)

Cortex®

Das U-Boot -- the universal boot loader (see U-Boot)

Retrieved from "https://wiki.st.com/stm32mpu/index.php?title=How_to_manage_OpenSTLinux_projects_in_STM32CubeIDE/NOR_update_with_customized_trusted_image&oldid=91077"