2025-01-13 07:41 AM - edited 2025-01-13 07:46 AM
Hello everyone,
i am trying the secure user memory on the stm32h7b3 using the examples provided by ST. In want to enable secure user memory for a 230KB area starting from the begin of the flash: 0x08000000. The function RSS_API->resetAndInitializeSecureAreas(1, aSecureAreas) triggers a reset but the secure user memory is to enabled.
Here is my code:
typedef struct
{
uint32_t sizeInBytes; /*!< pass 0 for an empty secure area */
uint32_t startAddress; /*!< pass NULL for an empty secure area */
uint32_t removeDuringBankErase; /*!< if 0, keep area during bank/mass erase. else area will be removed */
} RSS_SecureArea_t;
typedef struct
{
/**
* This service is used to exit from secure user software and jump to user main application.
* There is no system reset triggered by this service
*/
void (*exitSecureArea)(uint32_t vectors);
/**
* This service sets Secure user area boundaries.
* This service can be used only when a secure area is set for the first time.
* A system reset is triggered after service completion.
*/
void (*resetAndInitializeSecureAreas)(uint32_t nbAreas, RSS_SecureArea_t *areas); /*!< nbAreas=1 or 2;
1 per bank */
} RSS_API_Table_t;
#define RSS_API ((RSS_API_Table_t*)0x1FF09514)
static void SetSecurityBit(uint32_t enable)
{
uint32_t flashUserOptOrig;
uint32_t flashUserOptToSet;
HAL_StatusTypeDef error;
printf("Program Security bit\r\n");
/* Clear Bank1 error flags */
__HAL_FLASH_CLEAR_FLAG_BANK1(FLASH_FLAG_ALL_ERRORS_BANK1);
flashUserOptOrig = FLASH->OPTSR_CUR;
printf("flashUserOpt before: 0x%lx\r\n", flashUserOptOrig);
if (enable)
{
flashUserOptToSet = flashUserOptOrig | FLASH_OPTSR_SECURITY;
}
else
{
flashUserOptToSet = flashUserOptOrig & ~ FLASH_OPTSR_SECURITY;
}
if (flashUserOptToSet == flashUserOptOrig)
{
printf("Value already set to %ld\r\n", enable);
}
else
{
printf("flashUserOpt after : 0x%lx\r\n", flashUserOptToSet);
if (HAL_FLASH_OB_Unlock() != HAL_OK)
{
printf("Error HAL_FLASH_OB_Unlock\r\n");
return;
}
FLASH->OPTSR_PRG = flashUserOptToSet;
if ((error=HAL_FLASH_OB_Launch()) != HAL_OK)
{
printf("HAL_FLASH_OB_Launch failed. HAL_ERROR: %d Error code : %8.8lx ...\r\n", error, pFlash.ErrorCode);
printf("Flash->SR1: 0x%8.8lx\r\n", FLASH->SR1);
return;
}
if (HAL_FLASH_OB_Lock()!= HAL_OK)
{
printf("Error HAL_FLASH_OB_Lock\r\n");
return;
}
printf("Security bit change successful!");
}
}
static void SetSecureMem(void)
{
printf("Set secure memory on first flash sector calling RSS\r\n");
RSS_SecureArea_t aSecureAreas[2];
aSecureAreas[0].sizeInBytes = 230 * 1024;
aSecureAreas[0].startAddress = 0x08000000;
aSecureAreas[0].removeDuringBankErase = 1;
/* Only 1 secure area is used */
aSecureAreas[1].sizeInBytes = 0;
aSecureAreas[1].startAddress = (uint32_t) NULL;
aSecureAreas[1].removeDuringBankErase = 1;
printf("Setting secure area : SecArea.size: %ld SecArea.addr:0x%8.8lx", aSecureAreas[0].sizeInBytes, aSecureAreas[0].startAddress);
/* no need to set pbIsProtectionToBeApplied and e_ret_status because the next function triggers a RESET */
RSS_API->resetAndInitializeSecureAreas(1, aSecureAreas);
}
static uint32_t CheckSecureMem(void)
{
printf("Checking secure mem settings ...\r\n");
if (FLASH->OPTSR_CUR & FLASH_OPTSR_SECURITY)
{
printf("Security bit OK ...\r\n");
if (FLASH->SCAR_CUR1 == 0x83970000)
{
printf("Secure memory configuration OK : 0x%8.8lx\r\n", FLASH->SCAR_CUR1 );
return 1;
}
else
{
printf("Secure memory configuration NOK : 0x%8.8lx\r\n", FLASH->SCAR_CUR1 );
return 0;
}
}
else
{
printf("Security bit not set \r\n");
return 0;
}
}
void startApp(size_t startAddress) {
SetSecurityBit(1);
if (!CheckSecureMem())
{
SetSecureMem();
}
RSS_API->exitSecureArea(startAddress);
}
int main() {
EnableJTAG();
for(int i = 0; i < 10; ++i) {
HAL_Delay(1000);
}
startApp(FLASH_BANK1_BASE + 250 * 1024);
while (true);
}
I also tried to enable it using CubeProgrammer and get this error, does anyone know what is wrong here?
2025-01-14 10:09 AM
@Jocelyn RICARD, @Fred, @Tesla DeLorean, @STea
Do you have any idea?
Thanks!