Issues with OEMiRoT Boot build(postbuild.bat) and terminal output on Nucleo-STM32U385RG

Juno- · ‎2025-08-27

Hello,

I am working with Nucleo-STM32U385RG to implement the Root of Trust (Secure Boot) feature, following the wiki guide: https://wiki.st.com/stm32mcu/wiki/Security:How_to_start_with_OEMiRoT_on_STM32U3

My test environment is STM32Cube_FW_U3_V1.2.0.
During step-by-step testing, I faced two issues that I need help with:.

(1) OEMiRoT_Boot build error (postbuild.bat)

When I build OEMiRoT_Boot with EWARM IAR v9.32 + STM32U3 patch, the build finishes but throws an error during the postbuild.bat step.

The wiki doesn’t explain anything about postbuild in this step.
Still, I got a binary file, so I could continue the flow.

https://wiki.st.com/stm32mcu/wiki/Security:How_to_start_with_OEMiRoT_on_STM32U3#OEMiRoT_Boot_firmware_compilation

For comparison, I also tried with STM32H5 OEMiRoT_Boot build, but I encountered a very similar error: https://wiki.st.com/stm32mcu/wiki/Security:How_to_start_with_OEMiRoT_on_STM32H573_and_563%E2%80%93TrustZone_enabled#STM32CubeFW_provided_code_compilation

Error Log:

FAILED: E:/ST_CubeMx_Repository/Repository/STM32Cube_FW_H5_V1.5.0/Projects/STM32H573I-DK/Applications/ROT/OEMiROT_Boot/EWARM/STM32H573I-DK_OEMiROT_Boot/postbuild.stamp

cmd.exe /C cd E:\ST_CubeMx_Repository\Repository\STM32Cube_FW_H5_V1.5.0\Projects\STM32H573I-DK\Applications\ROT\OEMiROT_Boot\EWARM\STM32H573I-DK_OEMiROT_Boot && cmd /C "cmd /C E:\ST_CubeMx_Repository\Repository\STM32Cube_FW_H5_V1.5.0\Projects\STM32H573I-DK\Applications\ROT\OEMiROT_Boot\EWARM\postbuild.bat" && copy /Y nul E:\ST_CubeMx_Repository\Repository\STM32Cube_FW_H5_V1.5.0\Projects\STM32H573I-DK\Applications\ROT\OEMiROT_Boot\EWARM\STM32H573I-DK_OEMiROT_Boot\postbuild.stamp > nul

run config Appli with windows executable

=====

===== Error occurred.

===== See "E:\ST_CubeMx_Repository\Repository\STM32Cube_FW_H5_V1.5.0\Projects\STM32H573I-DK\Applications\ROT\OEMiROT_Boot\EWARM\\postbuild.log" for details. Then try again.

=====

(2) Unexpected terminal messages after application build

After building the "secure" and "nonsecure" applications, I reached the execution step:
https://wiki.st.com/stm32mcu/wiki/Security:How_to_start_with_OEMiRoT_on_STM32U3#Execution_of_the_installed_application

I could connect the Nucleo board via Tera Term, but the messages I see are different from the wiki screenshot.

Here is my terminal output:

[INF] TAMPER Activated
[INF] Flash operation: Op=0x0, Area=0x0, Address=0x0
[INF] Starting bootloader OEMiROT
[INF] Checking BL2 NV area
[INF] Checking BL2 NV area header
[INF] Checking BL2 NV Counter consistency
[INF] Consistent BL2 NV Counter 0 = 0x1000000
[INF] Consistent BL2 NV Counter 1 = 0x1000000
[INF] Consistent BL2 NV Counter 2 = 0x1000000
[INF] Consistent BL2 NV Counter 3 = 0x1000000
[INF] Swap type: none
[INF] Swap type: none
[INF] Swap type: none
[INF] Swap type: none
[INF] Starting validation of primary slot(s)
[INF] verify counter 0 1000000 1000000
[INF] counter 0 : ok
[INF] hash ref OK
[INF] verify counter 1 1000000 1000000
[INF] counter 1 : ok
[INF] hash ref OK
[INF] verify counter 2 1000000 1000000
[INF] counter 2 : ok
[INF] hash ref OK
[INF] verify counter 3 1000000 1000000
[INF] counter 3 : ok
[INF] hash ref OK
[INF] Bootloader chainload address offset: 0x18000
[INF] Jumping to the first image slot

My questions:

How should I handle or fix the postbuild.bat error during OEMiRoT_Boot build (both STM32U3 and STM32H5)? Is this expected or is something missing in my setup?
Why is my terminal log different from the wiki example? Does this indicate a problem in my configuration, or is it still a valid behavior?

Any advice or guidance would be greatly appreciated.

Thanks in advance!