Hello ST Community,
I’m working on a project using STiROT with TrustZone on an STM32H533, based on the example STiROT_Appli_TrustZone provided in the STM32Cube_FW_H5_V1.5.0 firmware package for the STM32H573. I adapted this example to the H533 and generated the project using CubeMX.
CubeMX successfully created the ROT_Provisioning folder with all necessary scripts (postbuild.bay, XML files, etc.), and I’m using Keil uVision5 for building the project.
However, I’m facing two key issues:
Provisioning and Postbuild Issues:
- When running the provisioning.bat script, I get this error:
"Error: appli_enc_sign.hex does not exist use TPC to generate it."
Checking the log file (ob_flash_programming.log), this suggests the postbuild process isn’t properly generating the encrypted and signed image.
- The postbuild.bat script also reports:
"Imgtool :: Input file not found"
The binary is being generated in this directory: "C:\ProjectRoot\Binary\appli_s.bin"But my project is located here: "C:ProjectRoot\App_STiRoT_TZ"
TheSTiRoT_Code_Image.xml references the binary with this relative path:<Value>../../../Binary/appli_s.bin</Value>
<Default>../../../Binary/appli_s.bin</Default>
I’m wondering if this is the right structure or if the binary should be inside the project folder, like: "C:\ProjectRoot\App_STiRoT_TZ\Binary"
Application Not Executing:
Even when I manage to provision the board without errors, the application doesn’t seem to execute. For example, the LED that should turn on in my application doesn’t light up — indicating the firmware might not be running or jumping to the non-secure application as expected.
Question:
- Are the provisioning files generated by CubeMX meant to work without modification, or do they require adjustments?
- What could cause the application not to start after provisioning, even if there are no reported errors?
- Are there any checks I can do to confirm if the firmware is being validated and executed by STiROT?
Any help would be greatly appreciated!
Best regards,
Lautaro