Hello!
Using h563zi I am trying to update the second bank firmware using an application that has a Secure Part (sectors 0-9) and a Non Secure part with Trust Zone enabled. For easier maintenance the update is done from the Non-Secure part.
Settings:
SECWM1_STRT = 0x0
SECWM1_END = 0x9
SECWM2_STRT = 0x0
SECWM2_END = 0x9
What we do:
1) Disable the secure watermark from the second bank (can also be done in STM32CubeProgrammer)
ob_program.OptionType = OPTIONBYTE_WMSEC;
ob_program.Banks = FLASH_BANK2;
// Using 1 for start and 0 for end practically unlocks
ob_program.WMSecStartSector = 0x1;
ob_program.WMSecEndSector = 0x0;
HAL_FLASHEx_OBProgram(&ob_program)
HAL_FLASH_OB_Launch();
HAL_NVIC_SystemReset();
2) Write the sectors from bank 2 from 0x0 to 0x9 from the Non-Secure application (since the watermark protection is off)
3) Do a checksum on the written data (read back from sectors 0x0 to 0x9) and check it
4) Check in STM32CubeProgrammer the data manually
5) Enable the secure watermark for the second bank from [STRT = 0x1 END = 0x0] to [STRT = 0x0 END = 0x9]
Here the problems start, if i enable the watermark security (either via STM32CubeProgrammer or in code) when I look with the debugger at the start address of the second bank it shows only 0x0 bytes. After disabling the STRT/END (with STM32CubeProgrammer) with 0x1 and 0x0 and look in the memory with the debugger the data shows back normally.
If I do a SWAP_BANK and enable the watermark security and try to boot from the second bank I get a hard fault.
It looks to me that setting the SECWM2_STRT/END does not actually watermark the flash but it seems that it it maps the flash to entirely another region that seems to be empty.
Note: The behavior for the BANK1 is similar, when enabling/disabling the security watermark the data seems to be inited to 0x0.
Question: Is it possible to temporarly disable the watermark protection, write the flash from the non-secure part and enable back protection and boot from that written firmware?
