Hello!
I a new in this.
I have two sets of DA files: for password access and for access via certificate.
I've tried to flash a NS-firmware, provision a password.obk, then change Product state to Provisioned/closed.
Thas was successful. I can perform a regression from this state.
But i also tried to open a debug session. Without success. CubeProgrammer says, that I am able to make full regression only, while Cube IDE asks for certificate DA.
I know, that certificate auth method is valid with TZEN=1 only, but I tried to provision that obk with TZEN=0.
As a result, I Have this:
The default ST password from CubeProgrammer's folder is not working,
I tried to provide all-zeros and all-FF password without success.
But maybe I need to change something in the header. Or change a password length.
So, 3 questions:
1. Is this device totally bricked, or I can some-how calculate a password.bin
2. How to perform debug in closed product state on STM32H563 if TZEN=0 ?
3. How to perform debug of the the secured firmware when TZEN=1
Can somebody clarify the boot/DA process when TZ=1.
As I can understand, If the TZEN=1, MCU boots from 0x0C000000. And If I want to have ability to perform a regression or debug, I need a code on this address, that can receive user credentials and open debug. Right?
Or this auth functionality is done with RSS from system memory, without touching flash?
Thanks!
1 ACCEPTED SOLUTION
Accepted Solutions
Solution for the case where you provisioned ConfigWithCertificate.obk, with TZEN=0 and push ProductState to Closed :
- Ensure, the DA Discover is working for you. (Do not forget to connect Reset Line on ST-Link)
- Ensure, You still have Da_root_key_pub.pem and ConfigWithCertificate.obk
- Open ConfigWithCertificate.obk with Hex Editor and take 32 bytes from 0x2C offset:
hash in OBK
this is a hash, stored in stm32 chip. - run shell command openssl ec -pubin -in Da_root_key_pub.pem -text
,
You will see 65 bytes of the public key. We need the 64 bytes from the second byte only. Copy them to your Hex Editor and give a filename password.bin - Check the SHA-256 hash of this file. Here, for example. The hash should be the same as one at the 3rd stage.
- Add the header "00 00 00 80 40 00 00 00" to your password.bin
- Use this password.bin with the DA autentification and make a full regression.
- Done!
Solution for the case where you provisioned ConfigWithCertificate.obk, with TZEN=0 and push ProductState to Closed :
- Ensure, the DA Discover is working for you. (Do not forget to connect Reset Line on ST-Link)
- Ensure, You still have Da_root_key_pub.pem and ConfigWithCertificate.obk
- Open ConfigWithCertificate.obk with Hex Editor and take 32 bytes from 0x2C offset:
this is a hash, stored in stm32 chip. - run shell command openssl ec -pubin -in Da_root_key_pub.pem -text
You will see 65 bytes of the public key. We need the 64 bytes from the second byte only. Copy them to your Hex Editor and give a filename password.bin - Check the SHA-256 hash of this file. Here, for example. The hash should be the same as one at the 3rd stage.
- Add the header "00 00 00 80 40 00 00 00" to your password.bin
- Use this password.bin with the DA autentification and make a full regression.
- Done!
