Ask questions and find answers on STM32 security frameworks and tools, including cryptographic libraries, TrustZone, and the Secure Manager.
Hello .According to the reference manual, the default RDP level is set to level 1. However, after performing a full erase with ST-Link and then writing the hex file, the RDP level was found to be set to 0.I would like to set the RDP level to 1 at the...
The project uses Trustzone with a secure bootloader (based on mcuboot) and non-secure application.The application enters STOP3 mode, waiting for interrupt, with EXTI configured on a GPIO line to trigger an interrupt.Waking up from stop mode works per...
Hi,While using the STM32Cube_FW_H5_V1.1.1 repository to explore secure boot on the STM32H5, I saw that the configuration file to generate OEMiRoT_Data.obk is missing. As I want to use my own keys and certificates for the OEMiRoT example application, ...
So, I want to modify provisioning.bat and/or XML files to create an SFI that contains our developed non-secure app instead of default one, Secure Manager, and the various (especially DA one) OBKs.This will then be downloaded into factory-fresh (only ...
Hello,RM0444.Rev5 page 98 says that it is possible to reset it only when:• RDP is set to Level 0, or• RDP is set to Level 1, while Level 0 is requested and a full mass-erase is performed.I supposed that if RDP is changed from level1 to level0 then th...
Hello all,I have a question about additional MPU protection provided by enabling SFU_MPU_PROTECT_ENABLE.What are the main benefits of that?How much "protection value" do we miss if it's disabled?
Hi all,I am using STM32F769I DISCO Board, STM32 CUBEIDE,X-CUBE-SBSFU 2.6.2 , WINDOWS Environment for checking new features in security i.e. secure bootloader.I am newbie to this topic and I have followed compilation procedure as per the readme file,...
Hello,please I need a confirmation about RDP level2 and WRP combination on stm32g031 chip.Based on RM0444.Rev5 Table 19, if I use my own bootloader and I write-protect the flash sectors, I have to avoid activating RDP level2 or I'll loose the opportu...
I am building a secure bootloader on the STM32H755, but I've bricked a couple of boards now trying to get the secure areas working.I intended to use a "recovery" function on a button press to do a mass erase with protection removal. Then I can test e...
Hi all,One small doubt on the tamper configuration, is it possible to configure both active and Passive tamper in the Same project/API, or both should be in different project/API. why this doubt is as Seed is not required for Passive tamper, so does...