Hello @jrocher-althea ,
- This project is similar to the existing template in STM32Cube_FW_N6_V1.1.1\Projects\NUCLEO-N657X0-Q\Templates\Template_Isolation_XIP.
In order to use it, binaries of AppSecure and AppNS must be signed and programmed in the external NOR Flash at addresses 0x7010'0000 for AppSecure and 0x7018'0000 for APPNS.
Then in DEV_BOOT mode, launch the FSBL project with the IDE to start the debug.
All is documented in:
STM32Cube_FW_N6_V1.1.1\Projects\NUCLEO-N657X0-Q\Templates\Template_Isolation_XIP\readme.html
And
STM32Cube_FW_N6_V1.1.1\Documentation\STM32CubeN6GettingStarted.pdf in section 5.1.5 Running the Isolation_XIP (eXecute In Place) template project.
2. Remember that the STM32N6 is in state Closed-Secured life-cycle state. It means that it will always execute the following context execution:
a- In Flash boot:
After reset the BootROM with check the external NOR flash if signed FSBL is present. If yes, BootROM copies FSBL into AXISRAM2. Then jumps and executes FSBL.
FSBL will configure SoC PWR, RCC and jump into external Flash to execute AppSecure binary first.
AppSecure will configure the RISAF, and all the peripherals needed by the AppNS (System Isolation), then AppSecure jump into AppNS.
b- In DEV_BOOT,
The IDE always load and execute directly the FSBL in internal AXISRAM2. The BootROM is not envolved in the process. If the AppSecure and AppNS are in XIP (located in external flash), the IDE is able to jump into each binary.
3. Some Customer prefers to keep an Isolation XIP as main project. And they use another basic FSBL project where they can generate all various peripherals configuration, write their own code and debug it in this mode. When they finished, the new generated code is copied into the XIP project and customer do the validation.
Best regards
