FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32H563 Debug Authentication

AxelSchroer
Associate

‎2024-08-20 08:48 AM

Hello,
 
I have a ARM Keil MDK project with STM32H563ZI and want to protect it against readout. So I want to use the Debug Authentication. The trustzone is not activated.
 
The first time programming is done over UART and then over USB by an own tool and IAP.
 
In the firmware IAP routine I can switch the product sate to "Provisioning", but I am not sure how to program the SHA256 key into the HDP memory.
 
Am I on the right way with this ?
 
OBInit.OptionType = OPTIONBYTE_HDP;
OBInit.HDPStartSector = ???; // OBKeys address FLASH_OBK_HDPL1_BASE_S = 0x0ffd0100
OBInit.HDPEndSector = ?????;
status = HAL_FLASHEx_OBProgram( &OBInit );
 
Regards
Axel
Labels:
0 Kudos
1 REPLY 1
Frantz LEFRERE
ST Employee

‎2024-08-20 10:57 PM - edited ‎2024-08-20 11:11 PM

Hello @AxelSchroer,

HDP is a mechanism to protect  portion of user flash and associated OBK storage until a next reset.

The keys and secret are store in the OBK storage, so it was in the FLASH OBK location that you should write it.
You should not write only the sha256 but I would say the complete OBK file with it's header
On STM32H563 as there is no encryption of the OBK storage, the provisioning could be done in OPEN state.

 

I will share with you a code example for STM32CubeIDE / NucleoH563 thanks our secure file transfer tool
Best regards,
Frantz

0 Kudos
Top