Problem with TrustZone in STM32L562E-DK: template TrustZoneEnabled does not pass to the no-secure world

erne_ramos · ‎2026-03-06

Hello everyone,

I'm working with an STM32L562E-DK board and testing the "TrustZoneEnabled" template included in the "STM32Cube_FW_L5_V1.6.0" package. The goal is to run the basic example that transitions from the secure to the unsecured zone, but I'm finding that, after following all the instructions in "README.txt" and compiling the project, the code gets stuck in the next function:

static void NonSecure_Init(void)
{
  funcptr_NS NonSecure_ResetHandler;

  SCB_NS->VTOR = VTOR_TABLE_NS_START_ADDR;

  /* Set non-secure main stack (MSP_NS) */
  __TZ_set_MSP_NS((*(uint32_t *)VTOR_TABLE_NS_START_ADDR));

  /* Get non-secure reset handler */
  NonSecure_ResetHandler = (funcptr_NS)(*((uint32_t *)((VTOR_TABLE_NS_START_ADDR) + 4U)));

  /* Start non-secure state software application */
  NonSecure_ResetHandler();
}

Specifically on the "NonSecure_ResetHandler()"; or it doesn't even execute the no-secure part.

Current option bytes configuration (verified with STM32CubeProgrammer):

DBANK => Checked
TZEN => Checked
nSWBOOT0 => Checked
nBOOT0=> Unchecked
NSBOOTADD0 => Value: 0x100000 => Address: 0x08000000
NSBOOTADD1 => Value: 0x17f200 => Address: 0x0bf90000
SECBOOTADD0 => Value: 0x1 => Address: 0x00000080
SECWM1_PSTRT => Value: 0x0 => Address: 0x08000000
SECWM1_PEND => Value: 0x7F => Address: 0x0803f800
SECWM2_PSTRT => Value: 0x1 => Address: 0x08040800
SECWM2_PEND => Value: 0x0 => Address: 0x08040000

SirineST · ‎2026-03-23

Hello @erne_ramos

The template is stopping in NonSecure_ResetHandler because the non-secure application is empty (the template is an empty project). Please add some code to the non-secure application and it should work correctly. For example, you can toggle LED10 by applying the following changes:

In non_secure main.c Uncomment the following lines:

HAL_Delay(250);
BSP_LED_Toggle(LED10);
In secure main.c

1- Uncomment the SystemClock_Config() implementation and its call, and remove __HAL_RCC_PWR_CLK_DISABLE().

2- Configure LED10 as shown below, under the comment
/* Add your secure application code here prior to non-secure initialization */:

GPIO_InitTypeDef GPIO_InitStruct = {0};
__HAL_RCC_GPIOG_CLK_ENABLE();
HAL_PWREx_EnableVddIO2();
HAL_GPIO_WritePin(GPIOG, GPIO_PIN_12, GPIO_PIN_SET);

GPIO_InitStruct.Pin = GPIO_PIN_12;
GPIO_InitStruct.Mode = GPIO_MODE_OUTPUT_PP;
GPIO_InitStruct.Pull = GPIO_PULLUP;
GPIO_InitStruct.Speed = GPIO_SPEED_FREQ_VERY_HIGH;
HAL_GPIO_Init(GPIOG, &GPIO_InitStruct);

HAL_GPIO_ConfigPinAttributes(GPIOG, GPIO_PIN_12, GPIO_PIN_NSEC);
I hope this answers your question.

Best regards,

If your question is answered, please close this topic by clicking "Accept as Solution"

View solution in original post

SirineST · ‎2026-03-23