FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Debug port not enabled after exit of secure user area STM32H755, STM32H7B3

Go to solution
aco990
Associate III

‎2025-07-21 9:15 AM - edited ‎2025-07-21 9:16 AM

Hi @Jocelyn RICARD,

im trying to enable the secure user memory on my custom bootloader for  STM32H755 and STM32H7B3 MCUs.
The bootloader is on the first bank and the app on the second bank. The secure user memory is enabled successfully on bank 1 but jumping on Bank 2 with the follwing instruction works. But the debug port is not reopened before jumping to the application. I can see that the app is running (through a blinky led) but i cannot attach using cube programmer in hotplug mode:

RSS_API->exitSecureArea(userAppAddress, RSS_ENABLE_JTAG_AT_EXIT);


My question is, what is the value of RSS_ENABLE_JTAG_AT_EXIT ? Is it mcu dependent?
The reference Manual does not give any info about the value of the macro:

aco990_0-1753114156983.png

Could you help?
Thank you!

@VPanc.1 , @gpeh@Fred , @Tesla DeLorean 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
aco990
Associate III
In response to gpeh

‎2025-07-22 5:02 AM

@gpeh Hmm, i realized that the debug port was reopened and my code runs as expected. Using Ozone debugger i can attach once the application is started and debug the app. Usually i connect with cube programmer in hotplug mode, but cube programmer is triggering a reset which disconnects the debugger even in hotplug mode.

ST should better document the RSS api in the reference manual and add the value of RSS_ENABLE_JTAG_AT_EXIT.

Thank you for helping!

View solution in original post

4 REPLIES 4
Go to solution
gpeh
Associate III

‎2025-07-21 10:50 PM

On the STM32H7 I use `0x97A0FA17UL` to reopen the JTAG.

I don't recall how I worked that out, I'm afraid.

0 Kudos
Go to solution
aco990
Associate III
In response to gpeh

‎2025-07-22 12:17 AM - edited ‎2025-07-22 12:18 AM

@gpeh  this is the code i tried, the app is running but the debug port is still closed

#define RSS_ENABLE_JTAG_AT_EXIT    ((unsigned int) 0x97A0FA17)
#define APPLICATION_ADDRESS 0x08100000

static void ExecuteApp(void) {
if (IsUserAppValid(APPLICATION_ADDRESS))
{
printf("Launching App ...\r\n");
__disable_irq();
SysTick->CTRL = 0;
HAL_DeInit();
RSS_API->exitSecureArea(APPLICATION_ADDRESS, RSS_ENABLE_JTAG_AT_EXIT);
printf("Should not arrive here ... reset \r\n");
NVIC_SystemReset();
}
else
{
printf("No App available.\r\n");
}
}
 
0 Kudos
Go to solution
gpeh
Associate III
In response to aco990

‎2025-07-22 12:32 AM

That is basically what I do.

#define REOPEN_JTAG (0x97A0FA17UL)

__NO_RETURN static void jump_to_address(void* addr) {
    SCB->VTOR = (uint32_t)addr;
    __DSB();
// This works even when we are not secured
#ifdef DEBUG
    RSS->exitSecureArea((uint32_t)addr, REOPEN_JTAG);
#else
    RSS->exitSecureArea((uint32_t)addr, 0);
#endif
    // Never reach this
    NVIC_SystemReset();
}

Do you definitely have `exitSecureArea` defined correctly?

typedef struct {
    void (*exitSecureArea)(uint32_t vectors, unsigned int jtagState);
    void (*resetAndInitializeSecureAreas)(uint32_t nbAreas, RSS_SecureArea_t* areas);
} RSS_API_Table_t;

 

One option you have is just to enable the debugger in your application, instead of during the jump. But I know that's not very satisfying.

0 Kudos
Go to solution
aco990
Associate III
In response to gpeh

‎2025-07-22 5:02 AM

@gpeh Hmm, i realized that the debug port was reopened and my code runs as expected. Using Ozone debugger i can attach once the application is started and debug the app. Usually i connect with cube programmer in hotplug mode, but cube programmer is triggering a reset which disconnects the debugger even in hotplug mode.

ST should better document the RSS api in the reference manual and add the value of RSS_ENABLE_JTAG_AT_EXIT.

Thank you for helping!

Top