FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

OEMiROT for STM32H523 MCU

hakeila
Associate III

‎2025-02-09 12:37 PM

Hi,

 

I am working on OEMiROT bootloader for STM32H523. I have copied big parts of the ST OEMiROT example project from H533 example as this is the closest MCU to H523 from the flash memory layout perspectives.

 

However, it is taking ridiculously too long time to refactor the security parts of the project as the H533 does have more hardware security peripherals than H523.

 

I have cloned the STM MCUBoot and the ST Mbedtls repos in my project.

 

I would love to know if there is an OEMiROT project example(s) for H523 and if you have any recommendation on how to process this faster as it has been taking forever to refactor and recompile the H533 example on H523 MCU.

 

Cheers,

Hani

Labels:
0 Kudos
3 REPLIES 3
SirineST
ST Employee

‎2025-02-10 01:04 AM

Hello, 

The STM32CubeH5 firmware package currently does not support the OEMiROT example on the STM32H523 device.

The OEMiROT example for the STM32H533 cannot be compiled on the STM32H523 device because the STM32H523 lacks support for the CRYP and PKA peripherals. For further assistance, please refer to the following wikis:

* OEMiROT OEMuROT for STM32H5:

https://wiki.st.com/stm32mcu/index.php?title=Security:OEMiROT_for_STM32H5&oldid=36098

* How to start with OEMiRoT on STM32H573 and 563–Arm® TrustZone® enabled:

https://wiki.st.com/stm32mcu/wiki/Security:How_to_start_with_OEMiRoT_on_STM32H573_and_563%E2%80%93TrustZone_enabled

 

If your question is answered, please close this topic by clicking "Accept as Solution"
0 Kudos
hakeila
Associate III
In response to SirineST

‎2025-02-10 12:26 PM

Hi @SirineST 

 

Thank you for your quick reply.

I am totally aware that there are differences in terms of peripherals between H533 and H523. And I am totally aware that the OEMiROT example can't be compiled on H523. 

 

What I need a recommendation from ST on how to implement OEMiROT on H523 without having to re-write the whole bootloader code. There must be something that can be done to avoid writing OEMiROT from scratch.

 

For example, Can I refactor the OEMiROT example for H503 to make it compliable on H523? However, the flash layouts on both are very different though but it uses HASH for encrypting/decrypting the OBK.

 

Alternatively, Can I use ST Cryptographic library to refactor the OBK part of the OEMiROT code in H533 to make it compliable with H523?

 

I am reaching out to ST on this matter because you guys should know better. I was hoping that you can help me more on this.

Also, I would like to mention that H523 does support PKA peripheral. There is an error on the STM32H523xx.h that suggested otherwise. I already contacted ST and they have an internal ticket for it.

 

Regards

0 Kudos
hakeila
Associate III
In response to SirineST

‎2025-02-10 12:56 PM

Thanks for the links, Sirine.

 

However in the first link, there is a sublink about OEMiROT introduction for H5 MCUs but the link is not found.

 

Would you mind checking where the landing page went?

 

https://wiki.st.com/stm32mcu/index.php?title=Security:OEMiROT_STM32H5_How_to_Introduction&action=edit&redlink=1

 

Cheers

0 Kudos
Top