CPU is locked while disabling the TrustZone on the STM32U575ZIQ Nucleo board. I set level to DC(level1) and now I am not able to connect the board to Cube Programmer and throws "Connection to target must be established before performing the read command."

pkulk.1 · ‎2022-05-20

I was using this above video for reference. I had TrustZone enabled on the board and wanted to disable it. As per the video I first set it to DC from AA level in cube programmer. Then disconnected the board and power cycle. Then tried to connect back for the next steps, the cube programmer started throwing an error " Error: Connection to target must be established before performing the read command." Now I am not able to flash the code in Keil and it says "CPU is locked up"

pkulk.1 · ‎2022-06-21

@GTort.1 I solved the issue with my Nucleo U575ZIQ board: I just connected the jumper between CN11 pin 7 and VDD pin 5 as mentioned in UM2861 and connected to STMcubeProgrammer under hotplug mode and SWD I was able to change the read-option bytes and disable the TrustZone.

However, it's a little different from the Discovery kit for IoT node B-U585I-IOT02A. Use document UM2839. There is a switch SW1 (BOOT0) if you change that then you would be able to connect the board to STMCubeprogrammer to change the read-option bytes and unlock the CPU. I hope this helps.

View solution in original post

Bubbles · ‎2022-05-23

Hi @pkulk.1 ,

not exactly U5, but L5 is very similar architecture. It may help:

Security:How to disable TrustZone in STM32L5xx devices during development phase - stm32mcu

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

GTort.1 · ‎2022-06-20

we have hit the same problem with the Discovery kit for IoT node B-U585I-IOT02A

any news about it?

thanks in advance,

Gianluca

Sara BEN HADJ YAHYA · ‎2022-06-21

Hello @pkulk.1 , @GTort.1 ,

Please check section 9 in this AN5347, it contains a detailed guide to disable TrustZone.

If your issue is solved, please close this post by clicking the "Select as Best" button. This will help other members of the community find this response more quickly :)

Sara.

pkulk.1 · ‎2022-06-21

@GTort.1 I solved the issue with my Nucleo U575ZIQ board: I just connected the jumper between CN11 pin 7 and VDD pin 5 as mentioned in UM2861 and connected to STMcubeProgrammer under hotplug mode and SWD I was able to change the read-option bytes and disable the TrustZone.

However, it's a little different from the Discovery kit for IoT node B-U585I-IOT02A. Use document UM2839. There is a switch SW1 (BOOT0) if you change that then you would be able to connect the board to STMCubeprogrammer to change the read-option bytes and unlock the CPU. I hope this helps.

GTort.1 · ‎2022-06-23

thank you very much @pkulk.1 (and also @Sara BEN HADJ YAHYA)

by turning on switch SW1 I was able to connect to the B-U585I-IOT02A with the STM32CubeProgrammer!

unfortunately, I was not able to reset the TZEN bit after several trials of regressing it with the RDP byte (which was set to 55, i.e., security level 0.5)

at some point I may have done something wrong in my trials, because after pressing the Apply button I haven't been able to connect again to the B-U585I-IOT02A with the STM32CubeProgrammer

moving the SW1 switch has no effect anymore

now I am afraid my board could really be blocked forever

if someone has any comments/info/suggestions they are welcome, maybe if not for saving this board for avoiding doing the same to the next one

thank you again,

Gianluca

Sara BEN HADJ YAHYA · ‎2022-06-24

Hello @GTort.1 ,

Regression from RDP level 0.5 to level 0 is not possible for STM32U5 devices, the RDP level must be first raised from level 0.5 to level 1.

Only STM32L5 support RDP regression from level 0.5 to level 0.

There is a high chance that the MCU is blocked now, but please make sure that your connection mode is HotPlug and try to apply what is mentioned in section 9.1.2 AN5347.

Sara.