Combining STM32 H5 TrustZone Enabled Tutorial With SFI Tutorial

cgj004 · ‎2025-11-07

Hi.

I'm hoping you can help me confirm a procedure I'm doing with the STM32 H5 Discovery Kit board, the STM32H573I-DK to be exact.

First off, I was able to successfully step through and execute two separate tutorials with the board. First I executed the TrustZone Enabled tutorial:

https://wiki.st.com/stm32mcu/wiki/Security:How_to_start_with_OEMiRoT_on_STM32H573_and_563%E2%80%93TrustZone_enabled

And I also executed the SFI tutorial:

https://wiki.st.com/stm32mcu/wiki/STM32StepByStep:SFI_Step-by-step_on_STM32_boards#cite_note-X-CUBE-SFI-11

As I said, I was able to execute both tutorials successfully separately.

But then I wanted to combine the two.. I wanted to use the SFI process to program the H5 with the OEMiROT_Boot, Secure App, and Non Secure App projects.

I successfully built all the projects (with the Debug configuration) associated with the OEMiROT on STM32H573 TrustZone enabled tutorial (projects OEMiROT_Boot, OEMiROT_Appli_TrustZone_Secure, OEMiROT_Appli_TrustZone_NonSecure). The project executed a script that signed the application software to generate .hex files.

And then I opened the STM Trusted Package Creator to generate the SFI package.

I've attached a screenshot of the list of the firmware files (SFI_Firmware_Files.png). For the OEMiROT_Boot.bin, the starting address I used is 0x0C000000.

For the aeskey.bin file, the contents are:

AES_KEY_TEST_001

For the nonce.bin file, the contents are:

NONCE_TEST01

For the Option Bytes file, I wanted the end state to be PROVISIONED, so the contents of my .csv file is this:

OPTSR_PRG,0x2D3017F8
OPTSR2_PRG,0xB400007C
NSBOOTR_PRG,0x080000C3
SECBOOTR_PRG,0x0C0000C3
SECWM1R_PRG,0x007F0000
SECWM2R_PRG,0x0000007F
WRP1R_PRG,0xFFFFFFFF
WRP2R_PRG,0xFFFFFFFF
EDATA1R_PRG,0x00000000
EDATA2R_PRG,0x00000000
HDP1R_PRG,0x00000001
HDP2R_PRG,0x00000001

I've also attached a screenshot of what I described above.

For the option block key files, I reused the default files for the Config, Data, and the DA (Debug Authentication):

OEMiROT_Config.obk

OEMiRoT_Data.obk

DA_Config.obk

The H5 board was already erased and in the OPEN Product State.

In a PowerShell script, I programmed the H5 using the following command:

.\STM32_Programmer_CLI.exe -vb 1 -c port=SWD mode=HOTPLUG -sfi .\out_default.sfi hsm=1 slot=1 -rsse "C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\X-CUBE-RSSe\STM32CubeExpansion_RSSe_V1.1.0\RSSe\STM32H5\RSSe_SFI_H56x_H573_v3.1.0.bin"

When programming, it looks like everything was successful at the end, but in the middle there are warnings that say:

"Warning: Option Bytes are unchanged, Data won't be downloaded"

I've attached the log that shows the entire results of the command in programming_log.txt.

The problem I have now is not only did the programming not appear to work (I don't see the non-secure application run when I press the reset button), but when I connect the STM32Cube Programmer to perform Regression, I can't connect to the board. Even when I go to "Discover" the board under the Debug Authentication tab, I got the error message "Failed to Communicate with Target." I've even tried to run the regression.bat script to put the board back in the OPEN state, but that didn't work either.

So I'm trying to figure out:

1) If my initial approach and setup of the OEMiROT Boot, Secure, and Non Secure Applications in the STM Trusted Package Creator to generate an SFI package was sound, and

2) How can I recover the H5 board? When I looked up suggestions in Google, the suggestion was that I needed to force the board into BSL (Secure Bootloader?) mode, but I wanted to know if that was actually the case.

Thanks!