FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STiROT provisioning on stm32h533

lautiq
Associate

‎2025-03-14 12:10 PM - edited ‎2025-03-14 12:14 PM

Hello ST Community,

I’m working on a project using STiROT with TrustZone on an STM32H533, based on the example STiROT_Appli_TrustZone provided in the STM32Cube_FW_H5_V1.5.0 firmware package for the STM32H573. I adapted this example to the H533 and generated the project using CubeMX.

CubeMX successfully created the ROT_Provisioning folder with all necessary scripts (postbuild.bay, XML files, etc.), and I’m using Keil uVision5 for building the project.

However, I’m facing two key issues:

  1. Provisioning and Postbuild Issues:

    • When running the provisioning.bat script, I get this error:
      "Error: appli_enc_sign.hex does not exist use TPC to generate it."
      Checking the log file (ob_flash_programming.log), this suggests the postbuild process isn’t properly generating the encrypted and signed image.

    • The postbuild.bat script also reports:
      "Imgtool ::  Input file not found"
      The binary is being generated in this directory: "C:\ProjectRoot\Binary\appli_s.bin"
      But my project is located here:  "C:ProjectRoot\App_STiRoT_TZ"
      TheSTiRoT_Code_Image.xml references the binary with this relative path:
      <Value>../../../Binary/appli_s.bin</Value>
      <Default>../../../Binary/appli_s.bin</Default>
      I’m wondering if this is the right structure or if the binary should be inside the project folder, like: "C:\ProjectRoot\App_STiRoT_TZ\Binary"

  2. Application Not Executing:
    Even when I manage to provision the board without errors, the application doesn’t seem to execute. For example, the LED that should turn on in my application doesn’t light up — indicating the firmware might not be running or jumping to the non-secure application as expected.

Question:

  • Are the provisioning files generated by CubeMX meant to work without modification, or do they require adjustments?
  • What could cause the application not to start after provisioning, even if there are no reported errors?
  • Are there any checks I can do to confirm if the firmware is being validated and executed by STiROT?

Any help would be greatly appreciated!
Best regards,
Lautaro

Labels:
0 Kudos
2 REPLIES 2
CMYL
ST Employee

‎2025-03-17 7:08 AM

Hello @lautiq 

The main differences between the STM32H573 and STM32H533 are the flash and RAM sizes: 2M/640K versus 512K/272K.

Can you double check the memory organisation and how the slots for application and downloads are defined in both implementations?

 

Best Regards,

Younes

0 Kudos
lautiq
Associate
In response to CMYL

‎2025-03-18 9:13 AM - edited ‎2025-03-18 9:14 AM

Hello @CMYL,

Thanks for your response. I have verified the memory organization, and I am using the default memory regions provided in the STiRoT configuration.

Here are the key parameters from my STiRoT configuration:

  • Number of images managed: 1
  • Full Secure Firmware: No (TrustZone is enabled)
  • Firmware execution area offset: 0x00000000
  • Firmware download area offset: 0x00060000
  • Firmware area size: 0x00020000
  • Size of the secure area inside the firmware execution area: 0x00006000 
  • Flash start address:0x0C000000
  • Flash size: 0x80000 (512 KB)

Given these settings, I believe the memory layout should be correct for the STM32H533. However, I still encounter issues where the application does not execute after provisioning, even when there are no reported errors.

Would you recommend any additional checks to ensure STiRoT is properly validating and jumping to the non-secure application?

Thanks for your help!

Best regards,
Lautaro

0 Kudos
Top