cancel
Showing results for 
Search instead for 
Did you mean: 

Issue when enabling Secure User Memory on STM32H7B3

aco990
Associate III

Hello everyone,

i am trying the secure user memory on the stm32h7b3 using the examples provided by ST. In want to enable secure user memory for a 230KB area starting from the begin of the flash: 0x08000000. The function RSS_API->resetAndInitializeSecureAreas(1, aSecureAreas) triggers a reset but the secure user memory is to enabled. 
Here is my code:

 

 

typedef struct
{
	uint32_t sizeInBytes;           /*!< pass 0 for an empty secure area */
	uint32_t startAddress;          /*!< pass NULL for an empty secure area */
	uint32_t removeDuringBankErase; /*!< if 0, keep area during bank/mass erase. else area will be removed */
} RSS_SecureArea_t;


typedef struct
{
	/**
    * This service is used to exit from secure user software and jump to user main application.
    * There is no system reset triggered by this service
	 */
	void (*exitSecureArea)(uint32_t vectors);
	/**
    * This service sets Secure user area boundaries.
    * This service can be used only when a secure area is set for the first time.
    * A system reset is triggered after service completion.
	 */
	void (*resetAndInitializeSecureAreas)(uint32_t nbAreas, RSS_SecureArea_t *areas); /*!< nbAreas=1 or 2;
	                                                                                              1 per bank */
} RSS_API_Table_t;

#define RSS_API ((RSS_API_Table_t*)0x1FF09514)

static void SetSecurityBit(uint32_t enable)
{
	uint32_t flashUserOptOrig;
	uint32_t flashUserOptToSet;
	HAL_StatusTypeDef error;

	printf("Program Security bit\r\n");

	/* Clear Bank1 error flags */
	__HAL_FLASH_CLEAR_FLAG_BANK1(FLASH_FLAG_ALL_ERRORS_BANK1);


	flashUserOptOrig = FLASH->OPTSR_CUR;
	printf("flashUserOpt before: 0x%lx\r\n", flashUserOptOrig);
	if (enable)
	{
		flashUserOptToSet = flashUserOptOrig | FLASH_OPTSR_SECURITY;
	}
	else
	{
		flashUserOptToSet = flashUserOptOrig & ~ FLASH_OPTSR_SECURITY;
	}
	if (flashUserOptToSet == flashUserOptOrig)
	{
		printf("Value already set to %ld\r\n", enable);
	}
	else
	{
		printf("flashUserOpt after : 0x%lx\r\n", flashUserOptToSet);
		if (HAL_FLASH_OB_Unlock() != HAL_OK)
		{
			printf("Error HAL_FLASH_OB_Unlock\r\n");
			return;
		}
		FLASH->OPTSR_PRG = flashUserOptToSet;

		if ((error=HAL_FLASH_OB_Launch()) != HAL_OK)
		{
			printf("HAL_FLASH_OB_Launch failed. HAL_ERROR: %d Error code : %8.8lx ...\r\n", error, pFlash.ErrorCode);
			printf("Flash->SR1: 0x%8.8lx\r\n", FLASH->SR1);
			return;
		}
		if (HAL_FLASH_OB_Lock()!= HAL_OK)
		{
			printf("Error HAL_FLASH_OB_Lock\r\n");
			return;
		}
		printf("Security bit change successful!");
	}
}

static void SetSecureMem(void)
{

	printf("Set secure memory on first flash sector calling RSS\r\n");
	RSS_SecureArea_t aSecureAreas[2];

	aSecureAreas[0].sizeInBytes = 230 * 1024;
	aSecureAreas[0].startAddress = 0x08000000;
	aSecureAreas[0].removeDuringBankErase = 1;
	/* Only 1 secure area is used */
	aSecureAreas[1].sizeInBytes = 0;
	aSecureAreas[1].startAddress = (uint32_t) NULL;
	aSecureAreas[1].removeDuringBankErase = 1;

	printf("Setting secure area : SecArea.size: %ld SecArea.addr:0x%8.8lx", aSecureAreas[0].sizeInBytes, aSecureAreas[0].startAddress);

	/* no need to set pbIsProtectionToBeApplied and e_ret_status because the next function triggers a RESET */
	RSS_API->resetAndInitializeSecureAreas(1, aSecureAreas);
}

static uint32_t CheckSecureMem(void)
{
	printf("Checking secure mem settings ...\r\n");

	if (FLASH->OPTSR_CUR & FLASH_OPTSR_SECURITY)
	{
		printf("Security bit OK ...\r\n");
		if (FLASH->SCAR_CUR1 == 0x83970000)
		{
			printf("Secure memory configuration OK : 0x%8.8lx\r\n", FLASH->SCAR_CUR1 );
			return 1;
		}
		else
		{
			printf("Secure memory configuration NOK : 0x%8.8lx\r\n", FLASH->SCAR_CUR1 );
			return 0;
		}
	}
	else
	{
		printf("Security bit not set \r\n");
		return 0;
	}
}

void startApp(size_t startAddress) {
	SetSecurityBit(1);
	if (!CheckSecureMem())
	{
	    SetSecureMem();
	}

     RSS_API->exitSecureArea(startAddress);
}

int main() {
   EnableJTAG();
   
   for(int i = 0; i < 10; ++i) {
	 HAL_Delay(1000);
   }
   startApp(FLASH_BANK1_BASE + 250 * 1024);

   while (true); 
	 
}

 

 

 

 

 

I also tried to enable it using CubeProgrammer and get this error, does anyone know what is wrong here?

aco990_0-1736782475126.pngaco990_1-1736782522695.png

aco990_2-1736782571421.png

 

@Jocelyn RICARD , @Fred 

 



1 REPLY 1
aco990
Associate III

@Jocelyn RICARD@Fred@Tesla DeLorean@STea
Do you have any idea?

Thanks!