OEMiROT example flash protect sector problem

Choppa · ‎2024-01-02

hello,

I'm run a STM32H573DK in OEMiROT example.

but following errors occured.

[INF] TAMPER Activated
[INF] BANK 1 secure flash [0, 15] : OB [0, 14]
[ERR] Unexpected value for secure flash protection

so, I find why occurred this error.

In the ob_flash_programming.bat file, sec1_end was set to 0x0E.

but In the code end value is set to 0x0F

end = (S_IMAGE_PRIMARY_PARTITION_OFFSET + FLASH_S_PARTITION_SIZE - 1) / PAGE_SIZE;

( end = 0x1E000 / 0x2000 = 0x0F )

what is correct?

what do i fix?

ps. I'm using STM32Cube_FW_H5_V1.1.1

Jocelyn RICARD · ‎2024-01-02

Hello @Choppa ,

I have just checked the OEMiROT projects (Boot + secure/non secure application) and I don't get this issue.

On my side

S_IMAGE_PRIMARY_PARTITION_OFFSET = 0x18000

FLASH_S_PARTITION_SIZE = 0x6000

This makes 18000 + 6000 - 1 = 0x1DFFF

Divided by sector size 0x2000, I get 0xE

Did you change anything on the default configuration ?

For your information, you can debug this setup in full open state.

Select OPEN finale state during the provisioning script. Set BOOT0 switch SW1 as requested and you can then attach debugger to check what exactly fails.

Best regards

Jocelyn

Choppa · ‎2024-01-07

hello, Jocelyn

No, I didn't change configurations.

but I find diffrent points.

S_IMAGE_PRIMARY_PARTITION_OFFSET = 0x1a000
==> FLASH_AREA_BEGIN_OFFSET = 0x18000
FLASH_AREA_4_SIZE = 0x2000

and FLASH_S_PARTITION_SIZE = 0x6000.

is this issue causing from configuration?

Jocelyn RICARD · ‎2024-01-08

Hello @Choppa,

if FLASH_AREA_4_SIZE = 0x2000, this means you have changed the configuration in flash_layout.h adding the secure data image setting MCUBOOT_S_DATA_IMAGE_NUMBER to 1 instead of 0.

Could you please, clean all your projects, rebuild everything, and then launch the provisioning.bat file provided in the ROT_Provisioning\OEMiROT.

I think it should solve your issue.

Best regards

Jocelyn

Choppa · ‎2024-01-09

you mean. should I MCUBOOT_S_DATA_IMAGE_NUMBER set to 0?

but according to example MCUBOOT_S_DATA_IMAGE_NUMBER is set to 1

and I set the MCUBOOT_S_DATA_IMAGE_NUMBER to 0.

occured the following problem

[INF] TAMPER Activated
[INF] Flash operation: Op=0x0, Area=0x0, Address=0x0
[INF] Starting bootloader
[INF] Swap type: test
[INF] 76, dc, 89, 47, eb, 87 , 5d ,a0,
[INF] 4e, f0, ec, ca, 87, 96 , 96 ,51,
[INF] verify counter 0 1000000 0
[INF] counter 0 : ok
[INF] verify sig key id 0
[INF] checking public key 47 5b
[INF] verifying signature hlen 20
[INF] signature OK
[INF] Swap type: test
[INF] 6a, f5, 0, c2, b2, a4 , 2e ,8e,
[INF] b4, 4f, 53, 85, 52, e , de ,14,
[INF] verify counter 1 1000000 0
[INF] counter 1 : ok
[INF] verify sig key id 1
[INF] checking public key 47 5b
[INF] verifying signature hlen 20
[INF] signature OK
[INF] Swap type: none
[ERR] Unable to find bootable image
[INF] Jumping to bootloader
[INF] Disconnect COM port if used by bootloader

I guess it happens because the secure data is missing.

If MCUBOOT_S_DATA_IMAGE_NUMBER is set to 1, I got the same error as previous.

[INF] TAMPER Activated
[INF] BANK 1 secure flash [0, 15] : OB [0, 14]
[ERR] Unexpected value for secure flash protection

Is not there any way to use both secure and non-secure programs together?

Jocelyn RICARD · ‎2024-02-23

Hello @Choppa ,

thanks to a customer having same issue as yours I could figure out the source of your issue.

In fact, the information I was missing is that you changed the configuration.

I guess you set MCUBOOT_S_DATA_IMAGE_NUMBER = 1 or something equivalent.

Setting this changes the flash mapping.

To make your life easy, the new flash mapping is automatically computed and the scripts setting the options bytes configuration are updated.

The point is that, when using STM32CubeIDE, only .sh scripts are updated, not bat scripts that are used in case of IAR or Keil.

So, if you launch provisioning.sh instead of provisioning.bat it will work.

Launching the .sh scripts from windows requires that you have a bash available in your path

Best regards

Jocelyn