Showing results for 
Search instead for 
Did you mean: 

OEMiROT example flash protect sector problem

Associate II



I'm run a STM32H573DK in OEMiROT example.

but following errors occured.

[INF] TAMPER Activated
[INF] BANK 1 secure flash [0, 15] : OB [0, 14]
[ERR] Unexpected value for secure flash protection


so, I find why occurred this error. 



In the ob_flash_programming.bat file, sec1_end was set to 0x0E.



but In the code end value is set to 0x0F



( end = 0x1E000 / 0x2000 = 0x0F )


what is correct? 

what do i fix?



ps. I'm using STM32Cube_FW_H5_V1.1.1


Jocelyn RICARD
ST Employee

Hello @Choppa ,

I have just checked the OEMiROT projects (Boot + secure/non secure application) and I don't get this issue.

On my side 



This makes 18000 + 6000 - 1 = 0x1DFFF

Divided by sector size 0x2000, I get 0xE

Did you change anything on the default configuration ?

For your information, you can debug this setup in full open state.

Select OPEN finale state during the provisioning script. Set BOOT0 switch SW1 as requested and you can then attach debugger to check what exactly fails.

Best regards


hello, Jocelyn

No, I didn't change configurations. 

but I find diffrent points.

        FLASH_AREA_4_SIZE = 0x2000





is this issue causing from configuration?


Jocelyn RICARD
ST Employee

Hello @Choppa,


if FLASH_AREA_4_SIZE = 0x2000, this means you have changed the configuration in flash_layout.h adding the secure data image setting MCUBOOT_S_DATA_IMAGE_NUMBER to 1 instead of 0.

Could you please, clean all your projects, rebuild everything, and then launch the provisioning.bat file provided in the ROT_Provisioning\OEMiROT.

I think it should solve your issue.

Best regards


you mean. should I MCUBOOT_S_DATA_IMAGE_NUMBER  set to 0?

but according to example  MCUBOOT_S_DATA_IMAGE_NUMBER is set to 1




and I set the MCUBOOT_S_DATA_IMAGE_NUMBER to 0. 


occured the following problem

[INF] TAMPER Activated
[INF] Flash operation: Op=0x0, Area=0x0, Address=0x0
[INF] Starting bootloader
[INF] Swap type: test
[INF] 76, dc, 89, 47, eb, 87 , 5d ,a0,
[INF] 4e, f0, ec, ca, 87, 96 , 96 ,51,
[INF] verify counter 0 1000000 0
[INF] counter 0 : ok
[INF] verify sig key id 0
[INF] checking public key 47 5b
[INF] verifying signature hlen 20
[INF] signature OK
[INF] Swap type: test
[INF] 6a, f5, 0, c2, b2, a4 , 2e ,8e,
[INF] b4, 4f, 53, 85, 52, e , de ,14,
[INF] verify counter 1 1000000 0
[INF] counter 1 : ok
[INF] verify sig key id 1
[INF] checking public key 47 5b
[INF] verifying signature hlen 20
[INF] signature OK
[INF] Swap type: none
[ERR] Unable to find bootable image
[INF] Jumping to bootloader
[INF] Disconnect COM port if used by bootloader


I guess it happens because the secure data is missing.


If MCUBOOT_S_DATA_IMAGE_NUMBER is set to 1, I got the same error as previous.

[INF] TAMPER Activated
[INF] BANK 1 secure flash [0, 15] : OB [0, 14]
[ERR] Unexpected value for secure flash protection


Is not there any way to use both secure and non-secure programs together?






Hello @Choppa ,

thanks to a customer having same issue as yours I could figure out the source of your issue.

In fact, the information I was missing is that you changed the configuration.

I guess you set MCUBOOT_S_DATA_IMAGE_NUMBER = 1 or something equivalent.

Setting this changes the flash mapping.

To make your life easy, the new flash mapping is automatically computed and the scripts setting the options bytes configuration are updated.

The point is that, when using STM32CubeIDE, only .sh scripts are updated, not bat scripts that are used in case of IAR or Keil.

So, if you launch instead of provisioning.bat it will work.

Launching the .sh scripts from windows requires that you have a bash available in your path

Best regards