OBK unusable in non TZ STM32H5

_EFrie · ‎2026-01-08

At present, as of the last Hal version as far as I know, obk cannot be used in a non trust zone project.

FLASH_TYPEPROGRAM_QUADWORD_OBK fails because the NS bits aren't set, among other issues.

Is this by design, IE obk can't be used by non TZ, or is this just simply not a completed or fully fixed feature?

Here is what I'm doing

I've edited HAL_FLASHEx_Erase like

#if defined (FLASH_SR_OBKERR)
    else if ((pEraseInit->TypeErase&~(FLASH_NON_SECURE_MASK)) == FLASH_TYPEERASE_OBK_ALT)
    {
      /* OBK erase to be done */
      FLASH_OBKErase();

      /* Wait for last operation to be completed */
      status = FLASH_WaitForLastOperation(FLASH_TIMEOUT_VALUE);
    }
#endif /* FLASH_SR_OBKERR */

And my code is:

int keyStorageSavePrivate(char* key) {
  uint32_t status;
  uint32_t len = strnlen(key, KEY_STORAGE_SIZE - 16);
  int ret = 0;
  static uint32_t FlashWord[4];
  if (len >= KEY_STORAGE_SIZE - 16) {
    return 1;
  }
  len += 1;  // Add string 0
  HAL_FLASH_Unlock();
  HAL_FLASHEx_OBK_Unlock();
  if (len & 0b1111) {
    len &= ~(0b1111);
    len += 16;
  }
  uint32_t Address = (uint32_t)private_key;
  uint32_t EndAddress = Address + len;
  const char* next = key;


  static uint32_t SectorError;
  static FLASH_EraseInitTypeDef EraseInitStruct;
  pFlash.ProcedureOnGoing = FLASH_NON_SECURE_MASK;
  FLASH_WaitForLastOperation(FLASH_TIMEOUT_VALUE);//Clear
  EraseInitStruct.TypeErase = FLASH_TYPEERASE_OBK_ALT | FLASH_NON_SECURE_MASK;
  if (HAL_FLASHEx_Erase(&EraseInitStruct, &SectorError) != HAL_OK) {
    ret = 6;
    goto lock;
  }

  while (Address < EndAddress) {
    memcpy(FlashWord, next, 16);
    status = HAL_FLASH_Program(
        FLASH_TYPEPROGRAM_QUADWORD_OBK | FLASH_NON_SECURE_MASK, Address,
        (uint32_t)FlashWord);
    if (status == HAL_OK) {
      Address = Address + 16; /* increment for the next Flash word*/
      next += 16;
    } else {
      /* Error occurred while programming */
      ret = 2;
      break;
    }
  }
  if (ret == 0) {
    if (HAL_FLASHEx_OBK_Swap(FLASH_OBK_SWAP_OFFSET_ALL) != HAL_OK) {
      ret = 3;
    }
  }
  HAL_ICACHE_Invalidate();
  lock:
  HAL_FLASH_Lock();
  HAL_FLASHEx_OBK_Lock();
  if (memcmp(private_key, key, len)) {
    ret = 3;
  }
  return ret;
}

Andrew Neil · ‎2026-01-08

https://community.st.com/t5/stm32-mcus-security/stm32h562-reading-obk-in-nonsecure-application-with-trustzone/m-p/746935/highlight/true#M7819 ?

A complex system that works is invariably found to have evolved from a simple system that worked.
A complex system designed from scratch never works and cannot be patched up to make it work.

_EFrie · ‎2026-01-08

I've looked at that link quite a few times, but the OP ended up using a secure zone to do this.

Jocelyn RICARD · ‎2026-01-09

Hello @_EFrie ,

Please remove FLASH_NON_SECURE_MASK from your code, it should work.

This non secure mask is used only when TZ is enabled, and when executing in secure, to be able to write in non secure flash.

Best regards

Jocelyn

_EFrie · ‎2026-01-09

I couldn’t get it to work at all, are you sure? I just went through this with Hal. The problem is that without tweaking it tries to use the 0x5000 secure flash registers which just doesn’t write any flash.

_EFrie · ‎2026-01-09

Just to recap, I just went through this on regular flash, nothing would erase or write until I made sure flash_ns with 4000 base was being used. The way the obk library is presently written only uses the secure 5000 flash base.