FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setting Option Bytes in Firmware with Secure Manager

Go to solution
Shizu_T
Associate

‎2024-10-29 09:54 PM

Hello,

I am implementing Secure Manager V1.2.0 from X-CUBE-SEC-M-H5 in my firmware. I am following the instructions provided in the "How to start with Secure Manager (customized configuration) on STM32H5" page.

Is it possible to configure Option Bytes outside of the specific registers described on that page?
Option.JPG

To clarify, I am developing firmware for the STM32H573VI and plan to incorporate Secure Manager V1.2.0. My non-secure application requires High-Cycle Data, which can be set through the EDATA1R_PRG register.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Bubbles
ST Employee

‎2024-11-04 03:13 AM

Hello @Shizu_T ,

sorry, I learned that the SM does not work with memory mapping that supports the EDATA. It's however still possible to use secure boot, iRoT and TF-M, it will only be more complex to set up than just a secure manager configuration.

Br,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

View solution in original post

0 Kudos
4 REPLIES 4
Go to solution
Bubbles
ST Employee

‎2024-10-31 07:27 AM

Hello @Shizu_T ,

I believe this is a mistake in the wiki article. The EDATAxR_PRG should be configurable using the TPC tool. 

The note regarding ignored settings is only valid for the security settings used to support the Secure Manager.

I'll check the actual state ASAP and request update of the Wiki.

Thanks for reporting us the problem.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
Go to solution
Bubbles
ST Employee

‎2024-11-04 03:13 AM

Hello @Shizu_T ,

sorry, I learned that the SM does not work with memory mapping that supports the EDATA. It's however still possible to use secure boot, iRoT and TF-M, it will only be more complex to set up than just a secure manager configuration.

Br,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
Go to solution
Shizu_T
Associate
In response to Bubbles

‎2024-11-04 06:29 PM

Dear @Bubbles ,

Thank you very much for your response.

I understand now that it is not possible to configure EDATA within the Secure Manager (SM) environment.

Just to clarify, if I implement secure boot, iRoT, and TF-M individually without using SM, would it allow me to utilize the High-Cycle Data feature while achieving similar security functions provided by SM?

Best regards,
Shizu_T

0 Kudos
Go to solution
Bubbles
ST Employee
In response to Shizu_T

‎2024-11-07 07:28 AM - edited ‎2024-11-07 07:29 AM

Hello @Shizu_T ,

yes. The Secure Manager is essentially just a closed-source implementation of the TF-M, with security certifications to prove it's done correctly. By working with TF-M directly, the development will be more labor intensive and you will have the code instead of the certifications to have the certainty that all is well implemented.

But if done correctly, you will end up having same feature and practical security level.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
Top