Hardfault while using TrustZone STM32H573i-DK

funkii · ‎2023-10-19

Hi everyone,

I'm currently experimenting with a STM32H573i-DK and TrustZone and facing some issues.

First I tried enabling TrustZone in the Project Creation Process. When i try to run this empty project using the steps:

Select and build the xxxxx_NS project, this will automatically trigger build of xxxxx_S project
Select the xxxxx_S project and select “Debug configuration”
- Double click on “STM32 Cortex-M C/C++ Application”
- Select “Startup” > “Add” >
Select the xxxxx_NS project
Build configuration : Select Release/Debug
Click Debug to debug the example

Select and build the xxxxx_NS project, this will automatically trigger build of xxxxx_S projectSelect the xxxxx_S project and select “Debug configuration”Double click on “STM32 Cortex-M C/C++ Application”Select “Startup” > “Add” >Select the xxxxx_NS projectBuild configuration : Select Release/DebugClick Debug to debug the example

the execution lands in the HardFault_Handler after the call to NonSecure_Init().

Almost the same happens if I try to run the GTZC_MPCWM_IllegalAccess_TrustZone example.

After the call to SECURE_SAU_MPCWM_SetInitConfig(), the execution lands in the HardFault_Handler().

I'm following the steps at the bottom of the Readme file.

Am I missing something or has anyone got an explanation for this behaviour?

I would appreciate any help or resources on this topic.

Best

funkii

funkii · ‎2023-11-02

I just forgot to set the Option Bytes as described in here ...

Spoiler

User Option Bytes configuration:

Please note the internal Flash is fully secure by default in TZEN=0xB4 and User Option Bytes SECWM1_PSTRT/SECWM1_PEND and SECWM2_PSTRT/SECWM2_PEND should be set according to the application configuration. Here the proper User Option Bytes setup in line with the project linker/scatter file is as follows: - TZEN=0xB4 - SECWM1_PSTRT=0x0 SECWM1_PEND=0x7F meaning all 128 pages of Bank1 set as secure - SECWM2_PSTRT=0x1 SECWM2_PEND=0x0 meaning no page of Bank2 set as secure, hence Bank2 non-secure

User Option Bytes configuration:Please note the internal Flash is fully secure by default in TZEN=0xB4 and User Option Bytes SECWM1_PSTRT/SECWM1_PEND and SECWM2_PSTRT/SECWM2_PEND should be set according to the application configuration. Here the proper User Option Bytes setup in line with the project linker/scatter file is as follows: - TZEN=0xB4 - SECWM1_PSTRT=0x0 SECWM1_PEND=0x7F meaning all 128 pages of Bank1 set as secure - SECWM2_PSTRT=0x1 SECWM2_PEND=0x0 meaning no page of Bank2 set as secure, hence Bank2 non-secure

View solution in original post

funkii · ‎2023-11-02

I just forgot to set the Option Bytes as described in here ...

Spoiler

User Option Bytes configuration:

Please note the internal Flash is fully secure by default in TZEN=0xB4 and User Option Bytes SECWM1_PSTRT/SECWM1_PEND and SECWM2_PSTRT/SECWM2_PEND should be set according to the application configuration. Here the proper User Option Bytes setup in line with the project linker/scatter file is as follows: - TZEN=0xB4 - SECWM1_PSTRT=0x0 SECWM1_PEND=0x7F meaning all 128 pages of Bank1 set as secure - SECWM2_PSTRT=0x1 SECWM2_PEND=0x0 meaning no page of Bank2 set as secure, hence Bank2 non-secure

User Option Bytes configuration:Please note the internal Flash is fully secure by default in TZEN=0xB4 and User Option Bytes SECWM1_PSTRT/SECWM1_PEND and SECWM2_PSTRT/SECWM2_PEND should be set according to the application configuration. Here the proper User Option Bytes setup in line with the project linker/scatter file is as follows: - TZEN=0xB4 - SECWM1_PSTRT=0x0 SECWM1_PEND=0x7F meaning all 128 pages of Bank1 set as secure - SECWM2_PSTRT=0x1 SECWM2_PEND=0x0 meaning no page of Bank2 set as secure, hence Bank2 non-secure