Practical experience | First experience with STM32H5 DA (without Trust Zone)

This article is a follow-up to the previous document "Initial Experience of STM32H5 DA (With TrustZone)".

Due to the introduction of new product state and DA, all STM32H5 developers must master the usage of DA. STM32H563 The strategies adopted by DA are different when TrustZone is turned on and not turned on. When the TZ is open, the certificate is used for DA, and when the TZ is not open, the password is used for DA.

Therefore, this document is aimed at STM32H5 beginners and demonstrates how to use a password to complete DA rollback when TZEN=0xC3 (TrustZone is not opened). When TrustZone is not activated, DA debugging is not supported, only DA rollback is supported.

In addition, since STM32H503 does not have TrustZone, its DA process is similar to that of H563 without TZ enabled. In addition, unlike H563, H503 does not have an OBK area inside, so the preconfiguration process will write the obk file corresponding to the password into the OTP inside the chip.

Development board: NUCLEO-H563ZI

Software package: STM32Cube_FW_H5_V1.1.0

Tools:
• STM32CubeProgrammer v2.14.0
• Tera Term serial terminal display
• Trust Package Creator (install together when installing STM32CubeProgrammer, pay attention to check)

IDE: STM32CubeIDE v1.13.0

STM32CubeH5 package we need to put it in a There are no spaces or Chinese characters in the path. In this hands-on experiment, we will put it in the path C:\workspace\ directory by default.

The path STM32Cube_FW_H5_V1.1.0\Projects\NUCLEO-H563ZI\ROT_Provisioning\DA under the STM32CubeH5 package already contains the default obk key. In fact, we can use these obk and corresponding keys directly, but in this document we will regenerate a set and test whether it is OK.

3.1. Generate DA OBK file and password file

Open the TPC tool.

Select H5 on the left, select OBKey on the upper tab, then select C:/workspace/STM32Cube_FW_H5_V1.1.0/Projects/NUCLEOH563ZI/ROT_Provisioning/DA/Config/DA_ConfigWithPassword.xml in the xml file, and then enter the password you want to set in Password. , here we can just use the default password. Then set the output file at the output file, we can also use the default. Finally, click the Generate OBkey button to generate the corresponding obk file and bin file in the Binary directory:

As shown in the figure above, DA_ConfigWithPassword.obk is used for preconfiguration (provisioning), and password.bin is the password file required during the DA process.

3.2. Preconfiguring DA(provisioning)

Next we will do preconfiguration DA, before that we make sure TZEN=0xC3.

Then configure the product state to the provisioning state:

Then use STM32CubeProgrammer for preconfiguration:

As shown in the picture above, enter the C:\workspace\STM32Cube_FW_H5_V1.1.0\Projects\NUCLEOH563ZI\ROT_Provisioning\DA\Binary\DA_ConfigWithPassword.obk file at the OBKey file path, and then click the Start Provisioning button...

As a result, a dialog box will pop up indicating that the preconfiguration is successful.

3.3. DA rollback

Next, we directly use the password to perform DA rollback...

As shown above, when the STM32CubeProgrammer is disconnected, click Discover…

As shown in the picture above, enter the password file at Password File Path: C:\workspace\STM32Cube_FW_H5_V1.1.0\Projects\NUCLEOH563ZI\ROT_Provisioning\DA\Binary\password.bin

Then click the Full Regression button…

As shown in the picture above, a prompt dialog box will pop up when successful.

This means that the obk file preconfigured by DA matches the currently entered password file.

Next, we formally burn a program and test it. In the product state=open state, and TZEN=0xC3, burn any program without TrustZone at this time, and ensure that it can run normally in the OPEN state, and then switch the product state to the provisioning state for DA pre-configuration. Repeat the steps in Section 3.2.

After the preconfiguration is successful, then switch the product state to the CLOSED (0x72) state. At this time, STLink can no longer be connected, and then check whether the program can still run normally. This is the final effect you want to achieve. In this state, rollback can be performed via DA.

For the restoration process, refer to Section 3.3. The steps are exactly the same. After the final restoration is successful, the entire Flash content has been erased.

At this point, the chip is completely restored to its original state.