OEMiROT for STM32H523 MCU

hakeila · ‎2025-02-09

Hi,

I am working on OEMiROT bootloader for STM32H523. I have copied big parts of the ST OEMiROT example project from H533 example as this is the closest MCU to H523 from the flash memory layout perspectives.

However, it is taking ridiculously too long time to refactor the security parts of the project as the H533 does have more hardware security peripherals than H523.

I have cloned the STM MCUBoot and the ST Mbedtls repos in my project.

I would love to know if there is an OEMiROT project example(s) for H523 and if you have any recommendation on how to process this faster as it has been taking forever to refactor and recompile the H533 example on H523 MCU.

Cheers,

Hani

Jocelyn RICARD · ‎2025-03-06

Hello @hakeila ,

It is possible to have only secure application running. But you need to enable TrustZone anyway.

The addresses 0x08000000 and 0xC0000000 are pointing to the same physical flash address.

This address aliasing allows easier secure configurations.

Regarding your point : "I meant in my last sentence is that I thought that I won't be able to use TrustZone on H523 when developing OEMiROT as the H523 does have very limited Cryptographic hardware accelerators, and thus I will encounter complexity in decoding using the provisioned keys."

The STM32H523 had PKA signature verification and hash accelerators. They can be used in secure and non secure context. By default all peripherals are assigned to non secure so can be used either from secure or non secure. Better to assign them to secure though.

So, I don't see any issue here

Best regards

Jocelyn