2023-06-19 03:30 AM
Hi,
we are developing a firmware on the STM32U575QG MCU. Trustzone is enabled and configured as follows (DBANK active).
Flash memory size is 1MB, with DBANK active. So, from my understanding, it should be two different bank, each one composed by 64 pages of 8kB.
BANK1:
- secure from page 0 to page 63 (all bank is secure, 512kB);
BANK2:
- secure from page 0 to page 31 (256kB secure). From 32 to 63 unsecure flash;
We are now trying to erase NS pages from secure domain using interrupts. For instance:
FLASH_EraseInitTypeDef EraseInitStruct;
HAL_FLASH_Unlock ();
__HAL_FLASH_ENABLE_IT_NS (FLASH_IT_EOP);
__HAL_FLASH_ENABLE_IT_NS (FLASH_IT_OPERR);
HAL_NVIC_EnableIRQ (FLASH_IRQn);
__HAL_FLASH_CLEAR_FLAG_NS(FLASH_FLAG_EOP | FLASH_FLAG_OPERR | FLASH_FLAG_WRPERR | FLASH_FLAG_PGAERR | FLASH_FLAG_PGSERR);
EraseInitStruct.TypeErase = FLASH_TYPEERASE_PAGES_NS;
EraseInitStruct.Banks = FLASH_BANK_2;
EraseInitStruct.Page = 32;
EraseInitStruct.NbPages = NbOfPages;
HAL_FLASHEx_Erase_IT(&EraseInitStruct);
NS IRQ is triggering as expected, but NSSR register is reporting PGSERR.
I've read the datasheet and it says:
Is it possible to erase NS pages from secure domain? Am I doing something wrong?
Thanks.
Alessandro
2023-09-15 07:46 AM
The forum moderator had marked your post as needing a little more investigation and direct support. An online support case has been created on your behalf, please stand by for just a moment and you will hear from us.
Regards,
Billy
2023-10-24 10:03 AM
Hi @Billy OWEN ,
I was wondering if this question was ever resolved, since I have the same issue. In my case, I'm working with the STM32H5, but as with the U5, PGSERR is set if the nonsecure STRT is set from the secure domain. Is it possible to perform flash erase on nonsecure sectors from the secure domain, or is it recommended to only perform firmware updates of nonsecure flash from the nonsecure domain?
Thanks,
Declan
2023-10-25 06:37 AM
Hi @declan ,
Could you please submit a new conversation where you describe with more details your case under STM32 MCUs Security?
-Amel
To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
2023-10-25 07:58 AM
Hi @declan ,
I was able to resolve the problem, but right now I don't remember full details (no code under my nose at the moment).
It was something related to TZ_SAU_Setup: you should enable the SAU_INIT_REGION3 regarding the address space of non secure peripherals if I remember correctly.
2023-10-25 09:49 AM
Thanks @alessandro morniroli, I'll look into the SAU setup and see if I can fix things there.
If I'm not able to resolve it I'll start a new conversation.