FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secure Boot STiROT with Dual Bank STM32H573

epsilong
Associate II

‎2025-06-05 10:36 AM

I am trying to figure out if we can both use secure boot (with Trustzone) and dual bank at the same time. I see in AN0007 that "SWAP_BANK activation by option byte is not supported by STiRoT." Is there some other way to swap banks without using the option byte, or does STiROT effectively make dual bank unusable?

Labels:
0 Kudos
6 REPLIES 6
epsilong
Associate II

‎2025-06-05 10:49 AM

AN6007 *

0 Kudos
Jocelyn RICARD
ST Employee
In response to epsilong

‎2025-06-05 11:15 AM

Hello @epsilong,

STiROT does not permit usage of dual bank.

Dual bank update is very specific and usually not used in secureboot context.

Best regards

Jocelyn

0 Kudos
epsilong
Associate II
In response to Jocelyn RICARD

‎2025-06-06 9:12 AM

Hi @Jocelyn RICARD, thanks for the reply. Since STiRoT is required for debug authentication, does that mean debug authentication is also not compatible with dual bank swapping?

 

Also, maybe this is question is obvious but I couldn't find it from the documentation, but is there a way to use secure boot but skip encrypting the firmware image so that it can be placed directly into the execution area of flash and ran from there, but still allow the STiRoT to verify the identify of the image through the signature? This way we could skip allocating a "download area" of flash and directly run the downloaded image. We do not need the image to be encrypted as it is already encrypted over TLS.

 

0 Kudos
Jocelyn RICARD
ST Employee
In response to epsilong

‎2025-06-06 10:47 AM

Hello @epsilong ,

"Since STiRoT is required for debug authentication" : I'm not sure what you mean here.

Debug Authentication is independent from STiROT.

STiROT is a ROMed secure boot that you need to setup (wiki helps you with this)

Debug Authentication is used to reopen the device when it is closed, using authentication.

It is possible to run STiROT in open state, and keep the checking of the authenticity. For this you need to enable the system bootloader through the B00T0 pin.

The image can be placed directly in clear in the execution area. This is the purpose of appli_init_sign.hex.

I'm not sure how you can download through TLS and get rid of a download slot.

Where do you store the download firmware while it is downloading ?

Best regards

Jocelyn

0 Kudos
epsilong
Associate II
In response to Jocelyn RICARD

‎2025-06-06 12:23 PM - edited ‎2025-06-06 12:36 PM

"Where do you store the download firmware while it is downloading ?"

I am thinking during download we could store the binary directly into the execution area without saving it to a download slot first. This is only if signing the application binary does not render it unable to execute, I am not sure if that is the case.

Having the ability to execute the signed binary is a good sign, however, this point is probably irrelevant if dual bank is disabled when using STiRoT, because we are not planning on using OEMiRoT (developing our own). Are there any easy-to-use OEMiRoT binaries pre-made or is developing one from scratch the only option?

0 Kudos
Jocelyn RICARD
ST Employee

‎2025-06-09 2:31 AM

Hello @epsilong,

The application firmware that downloads the update binary cannot write it to itself. This is the reason for the download slot. I'm not sure what kind of setup you are thinking.

Regarding your second point, "this point is probably irrelevant if dual bank is disabled when using STiRoT, because we are not planning on using OEMiRoT (developing our own)."

I'm sorry I can't understand your point.  Could you please explain in more detail what you expect.

"Easy to use OEMiROT binaries pre-made" also does not make sense to me.

OEMiROT is provided as example in the STM32CubeH5. You can use it as basis for your own secure boot implementation.

Best regards

Jocelyn

 

0 Kudos
Top