Is there any documentation how to use secure boot?

Hi @Evan .1​ 

Did you go through this one ?

https://wiki.st.com/stm32mpu/wiki/STM32MP15_secure_boot

Hope it help

Olivier

Thanks. Do I understand correctly that sercure boot is only a image authorisation method. The image itself is not encrypted. So reverse engineering the code can be done on an other device. Or replace the processor and copy the image to that device without the header.

I like some more detail.

Also can I disable jtag/debug port.

Thanks

​Hi,

you understanding is correct.

As all the code is stored on external memories which are seen as non secure devices, the code can be hacked.

The authentication process at least ensures that modified code is not executed.

From this reason disabling the debug port doesn't help - the processor doesn't need to be involved.

BR,

Milan

Thanks for the reply.

I want to know if I i can I prevent cloning and reverse engineering.

I don 't see secure boot on his own very useful. So probably I'm missing the big picture.

• I possible with secure zone and secure boot. to make a protected environment. That prevent Jtag/DAP/Debug port from reading memory. and any other way of loading code in this protected envirement.
• Can I force code at startup to be stored in sysram.
• Is it possible to combine this with linux? Even if one cores run my own code in the protected environment and the other the linux environment.

Thanks for the information.

EVS