Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- STMicroelectronics Community
- STM32 MCUs
- STM32 MCUs Security
- How to disable encryption and not using installati...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to disable encryption and not using installation slot
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2025-11-13 6:54 PM
Hi ST Team,
I am using STM32H7S78-DK development board.
I have read and tested following article:
https://wiki.st.com/stm32mcu/wiki/Security:STiRoT_for_STM32H7S
https://wiki.st.com/stm32mcu/wiki/Security:OEMiRoT_OEMuRoT_for_STM32H7S
https://wiki.st.com/stm32mcu/wiki/Security:How_to_start_with_STiRoT_OEMuRoT_on_STM32H7S
I need some help on my project.
In How_to_start_with_STiRoT_OEMuRoT_on_STM32H7S wiki page, I got the correct result following "1.5 Full regression" section. But for the "3.1 Debug Opening procedure" section, I got error message after clicking "Execute". The life cycle after clicking discover is "ST_LIFECYCLE_CLOSED (Debug opened)". Any method to fix this error?
10:31:36 : STM32CubeProgrammer API v2.20.0 | Windows-64Bits
10:37:49 : Start Debug Authentication Sequence
10:37:49 : SDMOpen : 624 : open : SDM API v1.0
10:37:49 : SDMOpen : 625 : open : SDM Library version v1.2.0
10:37:49 : open_comms : 513 : open : Asserting target reset
10:37:49 : open_comms : 517 : open : Writing magic number
10:37:49 : open_comms : 537 : open : De-asserting target reset
10:37:49 : open_comms : 584 : open : Communication with the target established successfully
10:37:49 : discovery: target ID.......................:0x485
10:37:49 : discovery: SoC ID..........................:0x00000000_33333539_32335113_004C0047
10:37:49 : discovery: SDA version.....................:1.0.0
10:37:49 : discovery: Vendor ID.......................:STMicroelectronics
10:37:49 : discovery: PSA lifecycle...................:ST_LIFECYCLE_CLOSED
10:37:49 : discovery: PSA auth version................:1.0
10:37:49 : discovery: ST HDPL1 status.................:0x2717
10:37:49 : discovery: ST HDPL2 status.................:0xa
10:37:49 : discovery: ST HDPL3 status.................:0x0
10:37:49 : discovery: Token Formats...................:0x200
10:37:49 : discovery: Certificate Formats.............:0x201
10:37:49 : discovery: cryptosystems...................:Ecdsa-P256 SHA256
10:37:49 : discovery: ST provisioning integrity status:0xeaeaeaea
10:37:49 : discovery: permission if authorized...........:Full Regression
10:37:49 : discovery: permission if authorized...........:Level 3 Intrusive Debug
10:37:49 : discovery: permission if authorized...........:Level 2 Intrusive Debug
10:37:49 : discovery: permission if authorized...........:Level 1 Intrusive Debug
10:37:49 : discovery: permission if authorized...........:Forced Download
10:39:39 : Start Debug Authentication Sequence
10:39:40 : SDMOpen : 624 : open : SDM API v1.0
10:39:40 : SDMOpen : 625 : open : SDM Library version v1.2.0
10:39:40 : open_comms : 513 : open : Asserting target reset
10:39:40 : open_comms : 517 : open : Writing magic number
10:39:40 : open_comms : 537 : open : De-asserting target reset
10:39:40 : open_comms : 584 : open : Communication with the target established successfully
10:39:40 : [00%] discovery command
10:39:40 : [10%] sending discovery command
10:39:40 : [20%] receiving discovery
10:39:40 : [40%] loading credentials
10:39:40 : [50%] sending challenge request
10:39:40 : [60%] receiving challenge
10:39:40 : [70%] signing token
10:39:40 : SDMAuthenticate : 1391 : client : Found 1 certificates
10:39:40 : [80%] sending response
10:39:40 : [90%] receiving status
10:39:40 : SDMAuthenticate : 1492 : client : Authentication successful
10:39:40 : [100%] finished authentication
10:39:40 : Error: Debug Authentication Failed
In OEMiRoT OEMuRoT for STM32H7S wiki (1.3.2. Two boot stages: STiRoT + OEMuRoT), there are user application download slot and user application installation slot.
1. Is it possible to not using installation slot. I would like to have 2 slots for application (A and B). The default slot is A which would be active slot. B would be download slot. After factory programming, OEMuRot would directly jump to slot A and excute the application after authentication. The OTA image would be downloaded and written into slot B. After rebooting, slot B would be active slot and slot A would be download slot (backup slot). And we could skip the installation time.
If this is possible, could you tell me how to do it?
2. How to disable encrpytion entirely? In the example, both OEMuRoT and application would be encrypted. I would like to keep the authentication but skip all the encryption part.
Labels:
- Labels:
-
SBSFU
-
STM32 Security
0 REPLIES 0
Related Content
- How to enable the STM32 H series microcontroller from accessing read and write through debugger and USB for unauthorized user in STM32 MCUs Security
- STM32 AES GCM Tag mismatch in STM32 MCUs Security
- STM32CubeProgrammer v2.20 released in STM32CubeProgrammer (MCUs)
- STM32CubeProgrammer v2.19 released in STM32CubeProgrammer (MCUs)