FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

H563zi erase/program non-secure flash area from secure app

Go to solution
AssemblerJohn
Associate II

‎2025-06-24 3:03 AM - last edited on ‎2025-06-27 7:14 AM by

Hello!

I would have an app that is divided between a secure part and a non secure part.

The memory definition is as following in the secure linker script:

/* Memories definition */
MEMORY
{
RAM (xrw) : ORIGIN = 0x30000000, LENGTH = 320K
FLASH (rx) : ORIGIN = 0x0C000000, LENGTH = 64K
FLASH_NSC (rx) : ORIGIN = 0x0C010000, LENGTH = 8K
}

The first 9 sectors (0-8) are of the secure part.
When attempting to erase sector 9 (the 10th) sector from the Secure application part using:
'HAL_FLASHEx_Erase' I get a HAL_FLASH_ERROR_ECCD error.

I require this for software update, I am trying to do the following on the INACTIVE bank:
1) Delete the secure sectors and update with a new secure app
2) Delete the non-secure sectors and update with a new non-secure app

From my knowledge the secure part should be able to erase the non-secure part without any problems.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
AssemblerJohn
Associate II
In response to Bubbles

‎2025-06-27 7:06 AM

The complete answer:

1) if the sector is secure use

HAL_FLASH_Program(FLASH_TYPEPROGRAM_QUADWORD, (address + written), util::ptr_to_address(quad_word))

2) if the sector is non-secure use:

HAL_FLASH_Program(FLASH_TYPEPROGRAM_QUADWORD_NS, (address + written), util::ptr_to_address(quad_word))

 

3) Make sure that when programming/reading to use the 

FLASH_BASE_S            (0x0C000000UL)

address for secure sectors and

#define FLASH_BASE_NS            (0x08000000UL)

for non-secure sectors.

Also for erasing sectors, swap between 

FLASH_TYPEERASE_SECTORS and 
FLASH_TYPEERASE_SECTORS_NS
 

IMPORTANT NOTE: Make sure to have enabled the option -mcmse in the secure application, found at: C/C++ Build -> Settings -> MCU/MPU GCC Compiler -> Secure Mode

View solution in original post

6 REPLIES 6
Go to solution
Bubbles
ST Employee

‎2025-06-24 8:33 AM

Hi @AssemblerJohn ,

no, that's not how isolation works. Secure cannot access and erase non-secure. That's how privilege works. Privilege can manipulate unprivileged. You'll need to make a call to non-secure code to erase the non-secure pages. Or you can try to temporarily assign the pages secure attribute using FLASH_SECBB.

BR,

J

 

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
Go to solution
AssemblerJohn
Associate II
In response to Bubbles

‎2025-06-25 4:00 AM

Hello!

1) Thank you for the idea. How could I assign that secure attribute?

2) This sounds a bit weird, how does OEMiROT does it (h563zi)? From my understanding it erases the whole flash, including the non-secure part, since flash area where it is installed is immutable.

0 Kudos
Go to solution
Bubbles
ST Employee
In response to AssemblerJohn

‎2025-06-25 5:09 AM

Hi @AssemblerJohn,

I was reminded that the secure code has a simpler way of erasing non-secure pages, they can use the non-secure register to request the erase. You can have a look to the HAL flash where the secure non secure is managed using the input flat (type erase) and leads to using the secure or non secure register:

#if defined (FLASH_OPTSR2_TZEN)

  reg_cr = IS_FLASH_SECURE_OPERATION() ? &(FLASH->SECCR) : &(FLASH_NS->NSCR);

#else

  reg_cr = &(FLASH_NS->NSCR);

#endif /* FLASH_OPTSR2_TZEN */

So, using non secure alias + non secure type erase will do the job to erase a non secure page from secure code.

You just cannot use mass erase directly when there's a mix of secure and non-secure pages.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
Go to solution
AssemblerJohn
Associate II
In response to Bubbles

‎2025-06-25 7:58 AM

Many thanks for the advice. However, on a h563zi I don't seem to have that option.

 
#if defined (__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3U)
#define IS_FLASH_SECURE_OPERATION() ((pFlash.ProcedureOnGoing & FLASH_NON_SECURE_MASK) == 0U)
#else
#define IS_FLASH_SECURE_OPERATION() (1U == 0U)
#endif /* __ARM_FEATURE_CMSE */


for me the IS_FLASH_SECURE_OPERATION() always returns the second options (1 == 0). Do I have any workarounds?

0 Kudos
Go to solution
AssemblerJohn
Associate II
In response to Bubbles

‎2025-06-25 8:16 AM

PS: How does the OEMiROT do it? I've looked through the code and it seems to use the simple sector erase. Maybe we are missing some access rights?

0 Kudos
Go to solution
AssemblerJohn
Associate II
In response to Bubbles

‎2025-06-27 7:06 AM

The complete answer:

1) if the sector is secure use

HAL_FLASH_Program(FLASH_TYPEPROGRAM_QUADWORD, (address + written), util::ptr_to_address(quad_word))

2) if the sector is non-secure use:

HAL_FLASH_Program(FLASH_TYPEPROGRAM_QUADWORD_NS, (address + written), util::ptr_to_address(quad_word))

 

3) Make sure that when programming/reading to use the 

FLASH_BASE_S            (0x0C000000UL)

address for secure sectors and

#define FLASH_BASE_NS            (0x08000000UL)

for non-secure sectors.

Also for erasing sectors, swap between 

FLASH_TYPEERASE_SECTORS and 
FLASH_TYPEERASE_SECTORS_NS
 

IMPORTANT NOTE: Make sure to have enabled the option -mcmse in the secure application, found at: C/C++ Build -> Settings -> MCU/MPU GCC Compiler -> Secure Mode

Top