Ask questions and find answers on STM32 security frameworks and tools, including cryptographic libraries, TrustZone, and the Secure Manager.
Hi everyone,I tried Secure Firmware Install (SFI) with the Nucleo-H563ZI. The process failed, however my device is still accessible. By connecting to the device via Hot plug and Access port 1 I am able to see that the device is in "Provisioning" stat...
Hi,I have a STM32u585 where SFI worked on first attempt. Then I did a factory reset , post that I am not able to get SFi working again at all. Is there a residual / stale state I need to clear to be able to do SFI again?We do not have any OEM Keys se...
Hi All,I am following the UM2262 document. I will add a screenshot. I enabled the ENABLE_IMAGE_STATE_HANDLING flag to enable rollback, but after updating UserApp.bin, the device continues to reset. I will add a debug log screenshot (it’s not jumping ...
Hi,I have SBSFU working with my HW, which has a STM32U585, with some (minor) modifications to the B-U585I-IOT02A example. I also have an application that I need to run with the secure bootloader (as the nonsecure app), developed by a wider team (lets...
Hello, I am using STM32F103c6 cortex-m3. I am using 100 micro controllers in various boards. In some around 10 micro controllers, I have seen a issue of option bytes getting corrupted. Even though I am writing 0xA5 to RDP to remove read protection wh...
I am trying to run ECDH p384 operation on STM32H753.Using the STM32 Cryptolib 4.5.0, I get the CMOX_ECC_ERR_MEMORY_FAIL error during the operationI increased the stack size to the maximumI was able to run this using mbedTLS + hardware blocks like RNG...
Hello,I am interested in the optional decryption sequence part of secure boot on STM32N6 mcu. As described in UM3234 (How to proceed with boot ROM on STM32N6 MCUs) a key derivation function is used to produce an encryption key. However I am not sure ...
Hi, I managed to enable TrustZone by setting the TZEN-bit to 1 like soSTM32_Programmer_CLI -c port=SWD -ob TZEN=1But I can't seem to manage to turn it off the same way. I've tried doing it from the graphical interface as well, with the same results. ...
Hello!Using h563zi I am trying to update the second bank firmware using an application that has a Secure Part (sectors 0-9) and a Non Secure part with Trust Zone enabled. For easier maintenance the update is done from the Non-Secure part.Settings:SEC...
From the manual UM3254:4.1.4 PSA firmware update service4.1.4.1 DescriptionThis service provides an implementation of the PSA firmware update API defined in [PSAfwuAPI]. It provides a standard and platform-agnostic interface for firmware updates.The ...