2025-10-01 6:54 PM - edited 2025-10-01 6:57 PM
How can the debug interface on the STM32H573 be permanently locked via nonvolatile configuration or fuse?
The SBS chapter of the manual says
The debug configuration can be locked thanks to DBGCFG_LOCK in SBS_DBGLOCKR.
SBS_DBGCR is then no longer writable.
When DBGCFG_LOCK is set to 1, it can be reset only by system or power-on reset.
So SBS_DBGLOCKR is not what I want, as it is not permanent.
The manual refers to PRODUCT_STATE in several places. The "SBS Signals" table in the manual says that the sbs_product_state signal comes from Flash memory:
Signal based on PRODUCT_STATE option byte to activate the different security
mechanisms depending on the product use. Expected values are described in
Section 7: Embedded flash memory (FLASH).
However, there is no mention of this signal in Section 7. What is the Flash programming procedure to change sbs_product_state?
2025-10-01 11:13 PM - edited 2025-10-01 11:13 PM
hello @abba
I would recommend to have a look in the product state description in the wiki :
https://wiki.st.com/stm32mcu/wiki/Category:Security_with_STM32H5#Product_State
https://wiki.st.com/stm32mcu/wiki/Security:Product_state_for_STM32H5
If you want to deactivate the debug link permanently without any way to reopen it then just move to Closed state.
Be carefull in such config no way to reopen the device.
This is just an option byte that could be program thanks debuging link or from the embedded sofware.
Related article :
https://wiki.st.com/stm32mcu/wiki/Security:Debug_Authentication_for_STM32H5
Br,
Frantz