cancel
Showing results for 
Search instead for 
Did you mean: 

Nucleo-H563ZI Debug Authentication Regression fails

jho
Associate

Hi everyone,

I tried Secure Firmware Install (SFI) with the Nucleo-H563ZI. The process failed, however my device is still accessible. 

By connecting to the device via Hot plug and Access port 1 I am able to see that the device is in "Provisioning" state.
The option bytes are as follows:

{
  "deviceId" : 1156,
  "bitNameToValue" : {
    "PRODUCT_STATE" : 23,
    "BOR_LEV" : 0,
    "BORH_EN" : 0,
    "IO_VDD_HSLV" : 0,
    "IO_VDDIO2_HSLV" : 0,
    "IWDG_STOP" : 1,
    "IWDG_STDBY" : 1,
    "BOOT_UBE" : 195,
    "SWAP_BANK" : 0,
    "IWDG_SW" : 1,
    "NRST_STOP" : 1,
    "NRST_STDBY" : 1,
    "TZEN" : 180,
    "SRAM2_ECC" : 1,
    "SRAM3_ECC" : 1,
    "BKPRAM_ECC" : 1,
    "SRAM2_RST" : 1,
    "SRAM1_3_RST" : 1,
    "NSBOOTADD" : 524288,
    "NSBOOT_LOCK" : 195,
    "SECBOOT_LOCK" : 0,
    "SECBOOTADD" : 0,
    "SECWM1_STRT" : 0,
    "SECWM1_END" : 127,
    "WRPSGn1" : -1,
    "SECWM2_STRT" : 0,
    "SECWM2_END" : 127,
    "WRPSGn2" : -1,
    "LOCKBL" : 0,
    "EDATA1_EN" : 0,
    "EDATA1_STRT" : 0,
    "EDATA2_EN" : 0,
    "EDATA2_STRT" : 0,
    "HDP1_STRT" : 1,
    "HDP1_END" : 0,
    "HDP2_STRT" : 1,
    "HDP2_END" : 0
  }
}

I want to go back to "Open" state. While setting up the SFI-Image I introduced a password authentication, not a certificate.

After the failed SFI-installation process I encountered that the device however had TrustZone enabled, which did not align with the password authentication. So I changed TZEN to 0xC3 instead of 0xB4. After that I performed a debug authentication with my password.bin - without success.

19:22:18 : Start Debug Authentication Sequence
19:22:18 : SDMOpen                       :   624 : open       : SDM API v1.0
19:22:18 : SDMOpen                       :   625 : open       : SDM Library version v1.2.0
19:22:18 : open_comms                    :   513 : open       : Asserting target reset
19:22:18 : open_comms                    :   517 : open       : Writing magic number
19:22:18 : open_comms                    :   537 : open       : De-asserting target reset
19:22:18 : open_comms                    :   584 : open       : Communication with the target established successfully
19:22:18 : discovery: target ID.......................:0x484
19:22:18 : discovery: SoC ID..........................:0x00000000_31393834_32335111_0051003D
19:22:18 : discovery: SDA version.....................:2.4.0
19:22:18 : discovery: Vendor ID.......................:STMicroelectronics
19:22:18 : discovery: PSA lifecycle...................:ST_LIFECYCLE_PROVISIONING
19:22:18 : discovery: PSA auth version................:1.0
19:22:18 : discovery: ST HDPL1 status.................:0xfffffffe
19:22:18 : discovery: ST HDPL2 status.................:0xfffffffe
19:22:18 : discovery: ST HDPL3 status.................:0xfffffffe
19:22:18 : discovery: Token Formats...................:0x200
19:22:18 : discovery: Certificate Formats.............:0x201
19:22:18 : discovery: cryptosystems...................:ST Password
19:22:18 : discovery: ST provisioning integrity status:0xf5f5f5f5
19:22:18 : discovery: permission if authorized...........:Full Regression
19:22:35 : UR connection mode is defined with the HWrst reset mode
19:22:35 : Start Debug Authentication Sequence
19:22:35 : SDMOpen                       :   624 : open       : SDM API v1.0
19:22:35 : SDMOpen                       :   625 : open       : SDM Library version v1.2.0
19:22:35 : open_comms                    :   513 : open       : Asserting target reset
19:22:35 : open_comms                    :   517 : open       : Writing magic number
19:22:35 : open_comms                    :   537 : open       : De-asserting target reset
19:22:35 : open_comms                    :   584 : open       : Communication with the target established successfully
19:22:35 : [00%]	discovery command
19:22:35 : [10%]	sending discovery command
19:22:35 : [20%]	receiving discovery
19:22:35 : [40%]	loading credentials
19:22:35 : [50%]	sending challenge request
19:22:35 : [60%]	receiving challenge
19:22:35 : Error: Debug Authentication Failed
19:22:35 : Disconnected from device.

 

 Afterwards I tried provisioning a new .obk file successfully:

19:24:45 : ST-LINK SN  : 001C00303433510D37363934
19:24:45 : ST-LINK FW  : V3J10M3
19:24:45 : Board       : NUCLEO-H563ZI
19:24:45 : Voltage     : 3.27V
19:24:45 : SWD freq    : 8000 KHz
19:24:45 : Connect mode: Hot Plug
19:24:45 : Reset mode  : Core reset
19:24:45 : Device ID   : 0x484
19:24:45 : Revision ID : Rev X
19:24:45 : Secure Data Provisioning Start. OBK Input file : C:\...\STM32H523-H56x_ConfigWithPassword.obk
19:24:45 : OBKey Provisioned successfully C:\Users\...\STM32H523-H56x_ConfigWithPassword.obk 

Then I disconnected, power-on reset and again same error:

19:26:47 : Start Debug Authentication Sequence
19:26:47 : SDMOpen                       :   624 : open       : SDM API v1.0
19:26:47 : SDMOpen                       :   625 : open       : SDM Library version v1.2.0
19:26:47 : open_comms                    :   513 : open       : Asserting target reset
19:26:47 : open_comms                    :   517 : open       : Writing magic number
19:26:47 : open_comms                    :   537 : open       : De-asserting target reset
19:26:47 : open_comms                    :   584 : open       : Communication with the target established successfully
19:26:47 : discovery: target ID.......................:0x484
19:26:47 : discovery: SoC ID..........................:0x00000000_31393834_32335111_0051003D
19:26:47 : discovery: SDA version.....................:2.4.0
19:26:47 : discovery: Vendor ID.......................:STMicroelectronics
19:26:47 : discovery: PSA lifecycle...................:ST_LIFECYCLE_PROVISIONING
19:26:47 : discovery: PSA auth version................:1.0
19:26:47 : discovery: ST HDPL1 status.................:0xfffffffe
19:26:47 : discovery: ST HDPL2 status.................:0xfffffffe
19:26:47 : discovery: ST HDPL3 status.................:0xfffffffe
19:26:47 : discovery: Token Formats...................:0x200
19:26:47 : discovery: Certificate Formats.............:0x201
19:26:47 : discovery: cryptosystems...................:ST Password
19:26:47 : discovery: ST provisioning integrity status:0xf5f5f5f5
19:26:47 : discovery: permission if authorized...........:Full Regression
19:27:01 : UR connection mode is defined with the HWrst reset mode
19:27:01 : Start Debug Authentication Sequence
19:27:01 : SDMOpen                       :   624 : open       : SDM API v1.0
19:27:01 : SDMOpen                       :   625 : open       : SDM Library version v1.2.0
19:27:01 : open_comms                    :   513 : open       : Asserting target reset
19:27:01 : open_comms                    :   517 : open       : Writing magic number
19:27:01 : open_comms                    :   537 : open       : De-asserting target reset
19:27:01 : open_comms                    :   584 : open       : Communication with the target established successfully
19:27:01 : [00%]	discovery command
19:27:01 : [10%]	sending discovery command
19:27:01 : [20%]	receiving discovery
19:27:01 : [40%]	loading credentials
19:27:01 : [50%]	sending challenge request
19:27:01 : [60%]	receiving challenge
19:27:01 : Error: Debug Authentication Failed
19:27:01 : Disconnected from device.

Then I changed back to TrustZone enabled and provisioned with certificates:

19:51:46 : Secure Data Provisioning Start. OBK Input file : C:\workspace\STM32Cube_FW_H5_V1.5.0\Projects\NUCLEO-H563ZI\ROT_Provisioning\DA\Binary\DA_Config.obk
19:51:46 : OBKey Provisioned successfully C:\workspace\STM32Cube_FW_H5_V1.5.0\Projects\NUCLEO-H563ZI\ROT_Provisioning\DA\Binary\DA_Config.obk 
19:52:04 : Disconnected from device.

And tried regression via Debug Authentication:

19:52:24 : Start Debug Authentication Sequence
19:52:24 : SDMOpen                       :   624 : open       : SDM API v1.0
19:52:24 : SDMOpen                       :   625 : open       : SDM Library version v1.2.0
19:52:24 : open_comms                    :   513 : open       : Asserting target reset
19:52:24 : open_comms                    :   517 : open       : Writing magic number
19:52:24 : open_comms                    :   537 : open       : De-asserting target reset
19:52:24 : open_comms                    :   584 : open       : Communication with the target established successfully
19:52:24 : discovery: target ID.......................:0x484
19:52:24 : discovery: SoC ID..........................:0x00000000_31393834_32335111_0051003D
19:52:24 : discovery: SDA version.....................:2.4.0
19:52:24 : discovery: Vendor ID.......................:STMicroelectronics
19:52:24 : discovery: PSA lifecycle...................:ST_LIFECYCLE_PROVISIONING
19:52:24 : discovery: PSA auth version................:1.0
19:52:24 : discovery: ST HDPL1 status.................:0xfffffffe
19:52:24 : discovery: ST HDPL2 status.................:0xfffffffe
19:52:24 : discovery: ST HDPL3 status.................:0xfffffffe
19:52:24 : discovery: Token Formats...................:0x200
19:52:24 : discovery: Certificate Formats.............:0x201
19:52:24 : discovery: cryptosystems...................:Ecdsa-P256 SHA256
19:52:24 : discovery: ST provisioning integrity status:0xf5f5f5f5
19:52:24 : discovery: permission if authorized...........:Full Regression
19:52:24 : discovery: permission if authorized...........:To TZ Regression
19:52:24 : discovery: permission if authorized...........:Level 3 Intrusive Debug
19:52:24 : discovery: permission if authorized...........:Level 2 Intrusive Debug
19:52:24 : discovery: permission if authorized...........:Level 1 Intrusive Debug
19:52:24 : discovery: permission if authorized...........:Level 3 Intrusive Non Secure Debug
19:52:24 : discovery: permission if authorized...........:Level 2 Intrusive Non Secure Debug
19:52:24 : discovery: permission if authorized...........:Level 1 Intrusive Non Secure Debug
19:53:14 : Start Debug Authentication Sequence
19:53:14 : SDMOpen                       :   624 : open       : SDM API v1.0
19:53:14 : SDMOpen                       :   625 : open       : SDM Library version v1.2.0
19:53:14 : open_comms                    :   513 : open       : Asserting target reset
19:53:14 : open_comms                    :   517 : open       : Writing magic number
19:53:14 : open_comms                    :   537 : open       : De-asserting target reset
19:53:14 : open_comms                    :   584 : open       : Communication with the target established successfully
19:53:14 : [00%]	discovery command
19:53:14 : [10%]	sending discovery command
19:53:14 : [20%]	receiving discovery
19:53:14 : [40%]	loading credentials
19:53:14 : [50%]	sending challenge request
19:53:14 : [60%]	receiving challenge
19:53:14 : Error: Debug Authentication Failed

 The integrity status is definetley wrong according to:

• ST provisioning integrity: indicates if integrity of provisioned DA data is correct (0xeaeaeaea) or wrong
(0xf5f5f5f5).

Question:

Is there a way to fix the integrity status 0xf5f5f5f5 and hence perform a full regression?

 

Best regards

5 REPLIES 5
Jocelyn RICARD
ST Employee

Hi @jho ,

it looks like you don't use last version of STM32CubeProgrammer but I doubt this could be the issue.

 

The fact that you get this integrity status to 0xf5f5f5f5 after provisioning the DA obk, probably means that you have provided an obk with encryption flag.

The obk is valid for provisioning but is invalid as H563 does not have crypto available.

Could you please check this point ?

Best regards

Jocelyn

 

Hi Jocelyn,

I've explicitly selected the DA for the H563 from

STM32Cube_FW_H5_V1.5.0\Projects\NUCLEO-H563ZI\ROT_Provisioning\DA\Binary\DA_Config.obk

Is that correct?

 

Best regards,

jho

Hi jho,

my point was to check that this DA_Config.obk or DA_ConfigWithPassword.obk were correct, in case they have been regenerated.

Now if they are correct, could you please try with latest version of STM32CubeProgrammer.

One last point is regarding your OB setup.

You have BOOT_UBE=0xC3 and TZEN=0xB4 this is configuration to enable STiROT.

But you have BOOT_LOCK and SECBOOT_ADDR that are set to 0 which is not normal or related to the programmer version you have.

Could you check setting BOOT_UBE=0xB4 and try again

Best regards

Jocelyn

 

jho
Associate

 

1. I regenerated a valid DA_Config.obk, completed the provisioning, and reran the regression - but the integrity status is still incorrect.

2. The attempt to change BOOT_UBE to 0xB4 raised an error:

12:45:56 : OPTION BYTE PROGRAMMING VERIFICATION:
12:45:56 : Error: Expected value for Option Byte "BOOT_UBE": 0xB4, found: 0xC3
12:45:56 : Error: Option Byte Programming failed Or modified by application after OB_LAUNCH

Similarly, attempts to change other option bytes such as SECBOOT_LOCK to 0xC3, SECWM1,2_STRT,END to factory default also fail with the same output: "Expected value for Option Byte [...], found [...]"

Overall the option bytes seem pretty out of order - is there a certain order I have to follow to change them back from my current configuration (first message) to a configuration where e.g. BOOT_UBE can be changed?

 

Thank you very much for your help!
Best regards

jho
Associate

Update: @Jocelyn RICARD 

I compared the option bytes of a brand-new Nucleo-H563ZI with thos of the "broken" board. Aside from BOOT_UBE and PRODUCT_STATE, every other field is identical. I am using STM32CubeProgrammer V2.20.0

 

Factory new Nucleo-H563ZI:

{
  "deviceId" : 1156,
  "bitNameToValue" : {
    "PRODUCT_STATE" : 237,
    "BOR_LEV" : 0,
    "BORH_EN" : 0,
    "IO_VDD_HSLV" : 0,
    "IO_VDDIO2_HSLV" : 0,
    "IWDG_STOP" : 1,
    "IWDG_STDBY" : 1,
    "BOOT_UBE" : 180,
    "SWAP_BANK" : 0,
    "IWDG_SW" : 1,
    "NRST_STOP" : 1,
    "NRST_STDBY" : 1,
    "TZEN" : 195,
    "USBPD_DIS" : 1,
    "SRAM2_ECC" : 1,
    "SRAM3_ECC" : 1,
    "BKPRAM_ECC" : 1,
    "SRAM2_RST" : 1,
    "SRAM1_3_RST" : 1,
    "NSBOOTADD" : 524288,
    "NSBOOT_LOCK" : 195,
    "SECBOOT_LOCK" : 0,
    "SECBOOTADD" : 0,
    "SECWM1_STRT" : 0,
    "SECWM1_END" : 127,
    "WRPSGn1" : 4294967295,
    "SECWM2_STRT" : 0,
    "SECWM2_END" : 127,
    "WRPSGn2" : 4294967295,
    "LOCKBL" : 0,
    "EDATA1_EN" : 0,
    "EDATA1_STRT" : 0,
    "EDATA2_EN" : 0,
    "EDATA2_STRT" : 0,
    "HDP1_STRT" : 1,
    "HDP1_END" : 0,
    "HDP2_STRT" : 1,
    "HDP2_END" : 0
  }
}

 "Broken" Nucleo-H563ZI:

{
  "deviceId" : 1156,
  "bitNameToValue" : {
    "PRODUCT_STATE" : 23,
    "BOR_LEV" : 0,
    "BORH_EN" : 0,
    "IO_VDD_HSLV" : 0,
    "IO_VDDIO2_HSLV" : 0,
    "IWDG_STOP" : 1,
    "IWDG_STDBY" : 1,
    "BOOT_UBE" : 195,
    "SWAP_BANK" : 0,
    "IWDG_SW" : 1,
    "NRST_STOP" : 1,
    "NRST_STDBY" : 1,
    "TZEN" : 195,
    "USBPD_DIS" : 1,
    "SRAM2_ECC" : 1,
    "SRAM3_ECC" : 1,
    "BKPRAM_ECC" : 1,
    "SRAM2_RST" : 1,
    "SRAM1_3_RST" : 1,
    "NSBOOTADD" : 524288,
    "NSBOOT_LOCK" : 195,
    "SECBOOT_LOCK" : 0,
    "SECBOOTADD" : 0,
    "SECWM1_STRT" : 0,
    "SECWM1_END" : 127,
    "WRPSGn1" : 4294967295,
    "SECWM2_STRT" : 0,
    "SECWM2_END" : 127,
    "WRPSGn2" : 4294967295,
    "LOCKBL" : 0,
    "EDATA1_EN" : 0,
    "EDATA1_STRT" : 0,
    "EDATA2_EN" : 0,
    "EDATA2_STRT" : 0,
    "HDP1_STRT" : 1,
    "HDP1_END" : 0,
    "HDP2_STRT" : 1,
    "HDP2_END" : 0
  }
}