cancel
Showing results for 
Search instead for 
Did you mean: 

Best Practice to Debug AppNS when using FSBL/AppSecure/AppNonSecure on STM32N6xx ?

jrocher-althea
Associate

Hello ST team,

I am currently working on NUCLEO-N657X0-Q (STM32N6) device using a FSBL (Secure Bootloader) an APPSecure and an AppNS (Non-Secure Application).
The FSBL is correctly loaded first and then jumps to the AppSecure which jumps to the AppNS. 
Everything is working well when I prog all the apps separately using STM32CubeProgrammer

However, I'm facing difficulty debugging the AppNS easily (which is actually my end application) with STM32CUBEIDE

My questions:

  • What is the ST recommended method to debug an AppNS project ?

    • Is it recommended to boot directly into AppNS during development (bypassing FSBL temporarily)?
      (= Should I move my AppNS temporarily to the boot address, and later re-add the FSBL before production?)

Any other ways ? 

Any official guidance, best practices, or documentation references would be very helpful!

Thanks a lot for your support,
Best regards,
Johan

3 REPLIES 3
CMYL
ST Employee

Hello @jrocher-althea 

Your questions are shared internally.

 

note: reference of the question is 209177, not usefull for you but just for internal tracking.

 

Best regards

CMYL
ST Employee

Hello @jrocher-althea ,

  1. This project is similar to the existing template in STM32Cube_FW_N6_V1.1.1\Projects\NUCLEO-N657X0-Q\Templates\Template_Isolation_XIP.
    In order to use it, binaries of AppSecure and AppNS must be signed and programmed in the external NOR Flash at addresses 0x7010'0000 for AppSecure and 0x7018'0000 for APPNS.
    Then in DEV_BOOT mode, launch the FSBL project with the IDE to start the debug.
    All is documented in:
    STM32Cube_FW_N6_V1.1.1\Projects\NUCLEO-N657X0-Q\Templates\Template_Isolation_XIP\readme.html
    And
    STM32Cube_FW_N6_V1.1.1\Documentation\STM32CubeN6GettingStarted.pdf in section 5.1.5 Running the Isolation_XIP (eXecute In Place) template project.

 

2. Remember that the STM32N6 is in state Closed-Secured life-cycle state. It means that it will always execute the following context execution:

a- In Flash boot:
After reset the BootROM with check the external NOR flash if signed FSBL is present. If yes, BootROM copies FSBL into AXISRAM2. Then jumps and executes FSBL.
FSBL will configure SoC PWR, RCC and jump into external Flash to execute AppSecure binary first.
AppSecure will configure the RISAF, and all the peripherals needed by the AppNS (System Isolation), then AppSecure jump into AppNS.  

b- In DEV_BOOT,

The IDE always load and execute directly the FSBL in internal AXISRAM2. The BootROM is not envolved in the process. If the AppSecure and AppNS are in XIP (located in external flash), the IDE is able to jump into each binary.

3. Some Customer prefers to keep an Isolation XIP as main project. And they use another basic FSBL project where they can generate all various peripherals configuration, write their own code and debug it in this mode. When they finished, the new generated code is copied into the XIP project and customer do the validation.

Best regards

CMYL
ST Employee

Hello @jrocher-althea 

Do you have any feedback on the last answer ?

Best Regards