cancel
Showing results for 
Search instead for 
Did you mean: 

Secure Manager in DFU Mode

Hitesh
Associate III

Hello,

Actually am using STM32H5 board am able to load the secure manager using ST-Link Debugger but i would like to load the secure manager using usb dfu mode, is there any possiblity to load it.

1 ACCEPTED SOLUTION

Accepted Solutions
Jocelyn RICARD
ST Employee

Hello @Hitesh ,

Here are the steps:

1- Go to directory STM32Cube_FW_H5_V1.1.1\Projects\STM32H573I-DK\ROT_Provisioning\SM\

2- Launch provisioning.bat : It will fail at the end because you don't have the board connected but all necessary files have been created

3- Open a command line in same directory

4- set BOOT0 to VDD, power your board, connect USB DFU cable

5- Check DFU connection:

"c:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\STM32_Programmer_CLI.exe" -c port=USB1
      -------------------------------------------------------------------
                       STM32CubeProgrammer v2.15.0
      -------------------------------------------------------------------



USB speed   : Full Speed (12MBit/s)
Manuf. ID   : STMicroelectronics
Product ID  : DFU in FS Mode
SN          : 385E328D3332
DFU protocol: 1.1
Board       : --
Device ID   : 0x0484
Device name : STM32H5xx
Flash size  : 2 MBytes (default)
Device type : MCU
Revision ID : --
Device CPU  : Cortex-M33

6- Install secure manager

"c:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\STM32_Programmer_CLI.exe" -c port=USB1 -sfi Binary\SecureManagerPackage.sfi keys\SFI_Global_License.bin -rsse "c:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\RSSe\H5\enc_signed_RSSe_SFI_STM32H5_v2.0.0.0.bin"
      -------------------------------------------------------------------
                       STM32CubeProgrammer v2.15.0
      -------------------------------------------------------------------



USB speed   : Full Speed (12MBit/s)
Manuf. ID   : STMicroelectronics
Product ID  : DFU in FS Mode
SN          : 385E328D3332
DFU protocol: 1.1
Board       : --
Device ID   : 0x0484
Device name : STM32H5xx
Flash size  : 2 MBytes (default)
Device type : MCU
Revision ID : --
Device CPU  : Cortex-M33
  Protocol Information         : static

  SFI File Information         :

     SFI file path             : Binary\SecureManagerPackage.sfi
     SFI license file path     : keys\SFI_Global_License.bin
     SFI header information    :
         SFI protocol version        : 2
         SFI total number of areas   : 13
         SFI image version           : 0
     SFI Areas information     :

     Parsing Area 1/13    :
         Area type                   : H
         Area size                   : 16
         Area destination address    : 0x0

     Parsing Area 2/13    :
         Area type                   : O
         Area size                   : 112
         Area destination address    : 0xFFD0100

     Parsing Area 3/13    :
         Area type                   : O
         Area size                   : 192
         Area destination address    : 0xFFD09D0

     Parsing Area 4/13    :
         Area type                   : O
         Area size                   : 112
         Area destination address    : 0xFFD0A80

     Parsing Area 5/13    :
         Area type                   : O
         Area size                   : 272
         Area destination address    : 0xFFD0200

     Parsing Area 6/13    :
         Area type                   : S
         Area size                   : 110808
         Area destination address    : 0x0

     Parsing Area 7/13    :
         Area type                   : S
         Area size                   : 128184
         Area destination address    : 0x0

     Parsing Area 8/13    :
         Area type                   : S
         Area size                   : 128184
         Area destination address    : 0x0

     Parsing Area 9/13    :
         Area type                   : S
         Area size                   : 31628
         Area destination address    : 0x0

     Parsing Area 10/13    :
         Area type                   : F
         Area size                   : 14848
         Area destination address    : 0x806E400

     Parsing Area 11/13    :
         Area type                   : F
         Area size                   : 528
         Area destination address    : 0x8192000

     Parsing Area 12/13    :
         Area type                   : F
         Area size                   : 48
         Area destination address    : 0x8193FD0

     Parsing Area 13/13    :
         Area type                   : C
         Area size                   : 48
         Area destination address    : 0x0



Reconnecting...
Time elapsed during option Bytes configuration: 00:00:00.094
Warning: Option Byte: BOOT_UBE, value: 0xB4, was not modified.
Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.006
Warning: Option Byte: SECBOOT_LOCK, value: 0xC3, was not modified.
Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.003
Warning: Option Byte: SECBOOTADD, value: 0xC0000, was not modified.
Warning: Option Byte: SECWM1_STRT, value: 0x0, was not modified.
Warning: Option Byte: SRAM1_3_RST, value: 0x1, was not modified.
Warning: Option Byte: SRAM2_ECC, value: 0x0, was not modified.
Warning: Option Byte: SRAM2_RST, value: 0x0, was not modified.


Reconnecting...


Reconnecting...
Time elapsed during option Bytes configuration: 00:00:00.177


Reconnecting...


Reconnecting...
Reconnected !
Time elapsed during option Bytes configuration: 00:00:01.242
Installing RSSe


Memory Programming ...
Opening and parsing file: enc_signed_RSSe_SFI_STM32H5_v2.0.0.0.bin
  File          : enc_signed_RSSe_SFI_STM32H5_v2.0.0.0.bin
  Size          : 53.78 KB
  Address       : 0x20054100


Erasing memory corresponding to segment 0:
Not flash Memory : No erase done
Download in Progress:


File download complete
Time elapsed during download operation: 00:00:00.106
Get RSSe status...


RSS version = 2.2.0


RSSe version = 2.0.0

Starting SFI

Processing license...
Get RSSe status...
Processing Image Header
Get RSSe status...
Processing Area 1...
Get RSSe status...
Area Address = 0x0
Area Type    = H
Processing Area 2...
Get RSSe status...
Area Address = 0xFFD0100
Area Type    = O
Processing Area 3...
Get RSSe status...
Area Address = 0xFFD09D0
Area Type    = O
Processing Area 4...
Get RSSe status...
Area Address = 0xFFD0A80
Area Type    = O
Processing Area 5...
Get RSSe status...
Area Address = 0xFFD0200
Area Type    = O
Processing Area 6...
Get RSSe status...
Area Address = 0x0
Area Type    = S
Processing Area 7...
Get RSSe status...
Area Address = 0x0
Area Type    = S
Processing Area 8...
Get RSSe status...
Area Address = 0x0
Area Type    = S
Processing Area 9...
Get RSSe status...
Area Address = 0x0
Area Type    = S
Processing Area 10...
Get RSSe status...
Area Address = 0x806E400
Area Type    = F
Processing Area 11...
Get RSSe status...
Area Address = 0x8192000
Area Type    = F
Processing Area 12...
Get RSSe status...
Area Address = 0x8193FD0
Area Type    = F
Processing Area 13...
Can not verify last area
Area Address = 0x0
Area Type    = C
SFI Process Finished!
SFI file Binary\SecureManagerPackage.sfi Install Operation Success

Time elapsed during SFI install operation: 00:00:12.703

 

Best regards

Jocelyn

View solution in original post

10 REPLIES 10
CMYL
ST Employee

Hello @Hitesh 

could you please specify which STM32H5 board your are using ?

 

Best regards

CMYL
ST Employee

Hi @Hitesh 

I checked with the team, yes it is possible to load the secure manager using the USB DFU mode. This can be done using the same operations in STM32CubeProgrammer with DFU mode.

I'm searching if there is any demo or documentation available to share, I let you know.

best regards,

Younes

 

 

Hitesh
Associate III

Hi am using STM32H573I-DK board.
Kindly explain the process how to load the manager in DFU Mode

Thanks

Jocelyn RICARD
ST Employee

Hello @Hitesh ,

Here are the steps:

1- Go to directory STM32Cube_FW_H5_V1.1.1\Projects\STM32H573I-DK\ROT_Provisioning\SM\

2- Launch provisioning.bat : It will fail at the end because you don't have the board connected but all necessary files have been created

3- Open a command line in same directory

4- set BOOT0 to VDD, power your board, connect USB DFU cable

5- Check DFU connection:

"c:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\STM32_Programmer_CLI.exe" -c port=USB1
      -------------------------------------------------------------------
                       STM32CubeProgrammer v2.15.0
      -------------------------------------------------------------------



USB speed   : Full Speed (12MBit/s)
Manuf. ID   : STMicroelectronics
Product ID  : DFU in FS Mode
SN          : 385E328D3332
DFU protocol: 1.1
Board       : --
Device ID   : 0x0484
Device name : STM32H5xx
Flash size  : 2 MBytes (default)
Device type : MCU
Revision ID : --
Device CPU  : Cortex-M33

6- Install secure manager

"c:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\STM32_Programmer_CLI.exe" -c port=USB1 -sfi Binary\SecureManagerPackage.sfi keys\SFI_Global_License.bin -rsse "c:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\RSSe\H5\enc_signed_RSSe_SFI_STM32H5_v2.0.0.0.bin"
      -------------------------------------------------------------------
                       STM32CubeProgrammer v2.15.0
      -------------------------------------------------------------------



USB speed   : Full Speed (12MBit/s)
Manuf. ID   : STMicroelectronics
Product ID  : DFU in FS Mode
SN          : 385E328D3332
DFU protocol: 1.1
Board       : --
Device ID   : 0x0484
Device name : STM32H5xx
Flash size  : 2 MBytes (default)
Device type : MCU
Revision ID : --
Device CPU  : Cortex-M33
  Protocol Information         : static

  SFI File Information         :

     SFI file path             : Binary\SecureManagerPackage.sfi
     SFI license file path     : keys\SFI_Global_License.bin
     SFI header information    :
         SFI protocol version        : 2
         SFI total number of areas   : 13
         SFI image version           : 0
     SFI Areas information     :

     Parsing Area 1/13    :
         Area type                   : H
         Area size                   : 16
         Area destination address    : 0x0

     Parsing Area 2/13    :
         Area type                   : O
         Area size                   : 112
         Area destination address    : 0xFFD0100

     Parsing Area 3/13    :
         Area type                   : O
         Area size                   : 192
         Area destination address    : 0xFFD09D0

     Parsing Area 4/13    :
         Area type                   : O
         Area size                   : 112
         Area destination address    : 0xFFD0A80

     Parsing Area 5/13    :
         Area type                   : O
         Area size                   : 272
         Area destination address    : 0xFFD0200

     Parsing Area 6/13    :
         Area type                   : S
         Area size                   : 110808
         Area destination address    : 0x0

     Parsing Area 7/13    :
         Area type                   : S
         Area size                   : 128184
         Area destination address    : 0x0

     Parsing Area 8/13    :
         Area type                   : S
         Area size                   : 128184
         Area destination address    : 0x0

     Parsing Area 9/13    :
         Area type                   : S
         Area size                   : 31628
         Area destination address    : 0x0

     Parsing Area 10/13    :
         Area type                   : F
         Area size                   : 14848
         Area destination address    : 0x806E400

     Parsing Area 11/13    :
         Area type                   : F
         Area size                   : 528
         Area destination address    : 0x8192000

     Parsing Area 12/13    :
         Area type                   : F
         Area size                   : 48
         Area destination address    : 0x8193FD0

     Parsing Area 13/13    :
         Area type                   : C
         Area size                   : 48
         Area destination address    : 0x0



Reconnecting...
Time elapsed during option Bytes configuration: 00:00:00.094
Warning: Option Byte: BOOT_UBE, value: 0xB4, was not modified.
Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.006
Warning: Option Byte: SECBOOT_LOCK, value: 0xC3, was not modified.
Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.003
Warning: Option Byte: SECBOOTADD, value: 0xC0000, was not modified.
Warning: Option Byte: SECWM1_STRT, value: 0x0, was not modified.
Warning: Option Byte: SRAM1_3_RST, value: 0x1, was not modified.
Warning: Option Byte: SRAM2_ECC, value: 0x0, was not modified.
Warning: Option Byte: SRAM2_RST, value: 0x0, was not modified.


Reconnecting...


Reconnecting...
Time elapsed during option Bytes configuration: 00:00:00.177


Reconnecting...


Reconnecting...
Reconnected !
Time elapsed during option Bytes configuration: 00:00:01.242
Installing RSSe


Memory Programming ...
Opening and parsing file: enc_signed_RSSe_SFI_STM32H5_v2.0.0.0.bin
  File          : enc_signed_RSSe_SFI_STM32H5_v2.0.0.0.bin
  Size          : 53.78 KB
  Address       : 0x20054100


Erasing memory corresponding to segment 0:
Not flash Memory : No erase done
Download in Progress:


File download complete
Time elapsed during download operation: 00:00:00.106
Get RSSe status...


RSS version = 2.2.0


RSSe version = 2.0.0

Starting SFI

Processing license...
Get RSSe status...
Processing Image Header
Get RSSe status...
Processing Area 1...
Get RSSe status...
Area Address = 0x0
Area Type    = H
Processing Area 2...
Get RSSe status...
Area Address = 0xFFD0100
Area Type    = O
Processing Area 3...
Get RSSe status...
Area Address = 0xFFD09D0
Area Type    = O
Processing Area 4...
Get RSSe status...
Area Address = 0xFFD0A80
Area Type    = O
Processing Area 5...
Get RSSe status...
Area Address = 0xFFD0200
Area Type    = O
Processing Area 6...
Get RSSe status...
Area Address = 0x0
Area Type    = S
Processing Area 7...
Get RSSe status...
Area Address = 0x0
Area Type    = S
Processing Area 8...
Get RSSe status...
Area Address = 0x0
Area Type    = S
Processing Area 9...
Get RSSe status...
Area Address = 0x0
Area Type    = S
Processing Area 10...
Get RSSe status...
Area Address = 0x806E400
Area Type    = F
Processing Area 11...
Get RSSe status...
Area Address = 0x8192000
Area Type    = F
Processing Area 12...
Get RSSe status...
Area Address = 0x8193FD0
Area Type    = F
Processing Area 13...
Can not verify last area
Area Address = 0x0
Area Type    = C
SFI Process Finished!
SFI file Binary\SecureManagerPackage.sfi Install Operation Success

Time elapsed during SFI install operation: 00:00:12.703

 

Best regards

Jocelyn

Hitesh
Associate III

Hi, @Jocelyn RICARD 
Thanks for the quick response, it worked as you mentioned.
Please also let me know the process of regression (Debug Authentication)

Jocelyn RICARD
ST Employee

Hello @Hitesh ,

Debug authentication requires usage of JTAG/SWD. No possibility to do this through USB.

So, you just need to use the regression.bat located in 

STM32Cube_FW_H5_V1.1.1\Projects\STM32H573I-DK\ROT_Provisioning\DA\Certificates\

Best regards

Jocelyn

Hitesh
Associate III

Thanks @Jocelyn RICARD , for your support.

@Jocelyn RICARD I followed your steps to provision my H573I-DK board, but got the following error:

C:\projects\Secure\GSV1_SM\ROT_Provisioning\SM>"c:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\STM32_Programmer_CLI.exe" -c port=USB1 -sfi Binary\SecureManagerPackage.sfi keys\SFI_Global_License.bin -rsse "c:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\RSSe\H5\enc_signed_RSSe_SFI_STM32H5_2M_v2.0.1.0.bin"
-------------------------------------------------------------------
STM32CubeProgrammer v2.17.0
-------------------------------------------------------------------

 

USB speed : Full Speed (12MBit/s)
Manuf. ID : STMicroelectronics
Product ID : DFU in FS Mode
SN : 3658B23E3231
DFU protocol: 1.1
Board : --
Device ID : 0x0484
Device name : STM32H56x/573
Flash size : 2 MBytes (default)
Device type : MCU
Revision ID : --
Device CPU : Cortex-M33
Protocol Information : static

SFI File Information :

SFI file path : Binary\SecureManagerPackage.sfi
SFI license file path : keys\SFI_Global_License.bin
SFI header information :
SFI protocol version : 2
SFI total number of areas : 12
SFI image version : 0
SFI Areas information :

Parsing Area 1/12 :
Area type : H
Area size : 16
Area destination address : 0x0

Parsing Area 2/12 :
Area type : O
Area size : 112
Area destination address : 0xFFD0100

Parsing Area 3/12 :
Area type : O
Area size : 192
Area destination address : 0xFFD09D0

Parsing Area 4/12 :
Area type : O
Area size : 112
Area destination address : 0xFFD0A80

Parsing Area 5/12 :
Area type : O
Area size : 272
Area destination address : 0xFFD0200

Parsing Area 6/12 :
Area type : S
Area size : 110808
Area destination address : 0x0

Parsing Area 7/12 :
Area type : S
Area size : 128184
Area destination address : 0x0

Parsing Area 8/12 :
Area type : S
Area size : 77800
Area destination address : 0x0

Parsing Area 9/12 :
Area type : F
Area size : 15312
Area destination address : 0x805A400

Parsing Area 10/12 :
Area type : F
Area size : 528
Area destination address : 0x81A6000

Parsing Area 11/12 :
Area type : F
Area size : 48
Area destination address : 0x81A7FD0

Parsing Area 12/12 :
Area type : C
Area size : 48
Area destination address : 0x0

Warning: Option Byte: BOOT_UBE, value: 0xB4, was not modified.
Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.002
Warning: Option Byte: SECBOOT_LOCK, value: 0xC3, was not modified.
Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.003
Warning: Option Byte: SECBOOTADD, value: 0xC0000, was not modified.
Warning: Option Byte: SECWM1_END, value: 0x7F, was not modified.
Warning: Option Byte: SECWM1_STRT, value: 0x0, was not modified.
Warning: Option Byte: SECWM2_END, value: 0x7F, was not modified.
Warning: Option Byte: SECWM2_STRT, value: 0x0, was not modified.
Warning: Option Byte: SRAM1_3_RST, value: 0x1, was not modified.
Warning: Option Byte: SRAM2_ECC, value: 0x0, was not modified.
Warning: Option Byte: SRAM2_RST, value: 0x0, was not modified.
Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.003


Reconnecting...
Time elapsed during option Bytes configuration: 00:00:00.710
Installing RSSe


Memory Programming ...
Opening and parsing file: enc_signed_RSSe_SFI_STM32H5_2M_v2.0.1.0.bin
File : enc_signed_RSSe_SFI_STM32H5_2M_v2.0.1.0.bin
Size : 55.31 KB
Address : 0x20050300


Erasing memory corresponding to segment 0:
Not flash Memory : No erase done
Download in Progress:


File download complete
Time elapsed during download operation: 00:00:00.111
Get RSSe status...
Error: Failed to get RSSe Status!
Error: Cannot launch RSSe...

Error: Binary\SecureManagerPackage.sfi SFI file Install Operation Failure! Please, try again.

 

Any suggestions?

Thank you!

One difference in the output was that yours had a "Reconnected !" before Installing RSSe, not sure if that matters. 

 

Reconnecting...
Reconnected !
Time elapsed during option Bytes configuration: 00:00:01.242
Installing RSSe