FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Serial DFU of Secure Firmware Fails

Go to solution
MBand.3
Associate III

‎2022-02-14 08:27 AM

I'm attempting to use the serial bootloader to load a secure firmware image to an STM32L5 using STM32CubeProgrammer. I can successfully connect to the board in bootloader mode and perform a full-chip erase, but attempting to download the image (either a .hex or a .out) results in an error:

10:20:33 : Memory Programming ...
  10:20:33 : Opening and parsing file: project.out
  10:20:33 :   File          : project.out
  10:20:33 :   Size          : 256 KBytes
  10:20:33 :   Address       : 0x0C000000 
  10:20:33 : Erasing memory corresponding to segment 0:
  10:20:33 : Not flash Memory : No erase done
  10:20:33 : Download in Progress:
  10:20:34 : Response received from device: NACK
  10:20:34 : Error: Write address not acknowledged: 0xC000000
  10:20:34 : Error: failed to download Segment[0]
  10:20:34 : Error: failed to download the File

TrustZone is enabled (FLASH_OPTR->TZEN=1) on this device. Reading 0x0BF97FFE returns a bootloader ID of 0x92.

Is there a way to apply a secure image via the serial bootloader?

Thanks!

Update:

I tried converting my project to a raw binary and uploading it to address 0x0800'0000. The upload reports success, but verification fails and reading back the memory shows that it was not programmed.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Jocelyn RICARD
ST Employee

‎2022-02-15 04:23 AM

Hello @MBand.3​ ,

yes the embedded bootloader runs in non secure environment.

So, if you activated trustzone, the default configuration is that flash is fully secure.

You can still change this configuration to make it full non secure and you will be able to write your firmware. Then you should be able to set again the secure area through option bytes.

Other way could be to program your software with TZEN=0, and then activate it and set the correct secure watermark. This could also be done by your firmware.

Regarding addressing the secure alias (0x0C000000) I think this will not work anyway. The system bootloader checks the address range, and I think this one was not included.

So, I need to use binary download instead of elf or hex.

Best regards

Jocelyn

Best regards

Jocelyn

View solution in original post

0 Kudos
1 REPLY 1
Go to solution
Jocelyn RICARD
ST Employee

‎2022-02-15 04:23 AM

Hello @MBand.3​ ,

yes the embedded bootloader runs in non secure environment.

So, if you activated trustzone, the default configuration is that flash is fully secure.

You can still change this configuration to make it full non secure and you will be able to write your firmware. Then you should be able to set again the secure area through option bytes.

Other way could be to program your software with TZEN=0, and then activate it and set the correct secure watermark. This could also be done by your firmware.

Regarding addressing the secure alias (0x0C000000) I think this will not work anyway. The system bootloader checks the address range, and I think this one was not included.

So, I need to use binary download instead of elf or hex.

Best regards

Jocelyn

Best regards

Jocelyn

0 Kudos
Top