Setting product state CLOSED without keys loaded

RomThi · ‎2024-07-08

Hello,

I have done a big mistake. I was testing a provisioning using the system bootloader. For that I have changed the provisioning batch files. As a result I have set the product state to closed, before the keys where loaded.

Now I can not connect to the target and the standard regression does not work. Is there a way to get the device working again?

Best regards,

Roman

Here the log:
10:48:50 : Start Debug Authentication Sequence
10:48:50 : SDMOpen : 602 : open : SDM API v1.0
10:48:50 : SDMOpen : 603 : open : SDM Library version v1.1.0
10:48:50 : open_comms : 495 : open : Asserting target reset
10:48:50 : open_comms : 499 : open : Writing magic number
10:48:50 : open_comms : 509 : open : De-asserting target reset
10:48:50 : open_comms : 561 : open : Communication with the target established successfully
10:48:50 : discovery: target ID.......................:0x484
10:48:50 : discovery: SoC ID..........................:0x00000000_38363236_33325117_003D005E
10:48:50 : discovery: SDA version.....................:2.4.0
10:48:50 : discovery: Vendor ID.......................:STMicroelectronics
10:48:50 : discovery: PSA lifecycle...................:ST_LIFECYCLE_CLOSED
10:48:50 : discovery: PSA auth version................:1.0
10:48:50 : discovery: ST HDPL1 status.................:0x1
10:48:50 : discovery: ST HDPL2 status.................:0xffffffff
10:48:50 : discovery: ST HDPL3 status.................:0xffffffff
10:48:50 : discovery: Token Formats...................:0x200
10:48:50 : discovery: Certificate Formats.............:0x201
10:48:50 : discovery: cryptosystems...................:Ecdsa-P256 SHA256
10:48:50 : discovery: ST provisioning integrity status:0xf5f5f5f5
10:48:50 : discovery: permission if authorized...........:Full Regression
10:48:50 : discovery: permission if authorized...........:To TZ Regression
10:48:50 : discovery: permission if authorized...........:Level 3 Intrusive Debug
10:48:50 : discovery: permission if authorized...........:Level 2 Intrusive Debug
10:48:50 : discovery: permission if authorized...........:Level 1 Intrusive Debug
10:48:50 : discovery: permission if authorized...........:Level 3 Intrusive Non Secure Debug
10:48:50 : discovery: permission if authorized...........:Level 2 Intrusive Non Secure Debug
10:48:50 : discovery: permission if authorized...........:Level 1 Intrusive Non Secure Debug
10:53:32 : UR connection mode is defined with the HWrst reset mode
10:53:32 : ST-LINK SN : 004A00233232511639353236
10:53:32 : ST-LINK FW : V3J12M3
10:53:32 : Board : STM32H573I-DK
10:53:32 : Voltage : 3.26V
10:53:32 : Error: No STM32 target found! If your product embeds Debug Authentication, please perform a discovery using Debug Authentication

Jocelyn RICARD · ‎2024-07-08

Hell @RomThi ,

As you can see in the Discovery log "ST provisioning integrity status:0xf5f5f5f5" means that integrity is wrong.

When provisioning is OK, you get 0xeaeaeaea as a integrity status.

The only way you could recover from such situation would be to have code running after reset would include an option to perform regression.

If you don't have such code, then there is no way to open the device.

This is actually the purpose of this security feature.

For your information, when testing you can just stay in provisioning product state.

In this state you can check that provisioning was done properly and regression is working fine.

If something goes wrong you can provision again debug authentication credentials and test them

Best regards

Jocelyn

View solution in original post

Jocelyn RICARD · ‎2024-07-08