STM32H573 Debug Authentification MCU Locked?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-11-19 06:17 AM
Hallo together,
i`m working with the STM32H573I-DK EvalBoard to check if the Chip fits our project needs.
I was working with the template STiROT_Appli from the STM32Cube_FW_H5_V1.3.0 Firmware. Full path to the template: STM32Cube_FW_H5_V1.3.0\Projects\STM32H573I-DK\Templates\ROT\ STiROT_Appli.
I followed the steps within the readme.md, entered the provisioning state (0x17) and provided the OBK delivered with the firmware. (As I have done in the previous tutorials security tutorials)
Full path to OBK: STM32Cube_FW_H5_V1.3.0\Projects\STM32H573I-DK\ROT_Provisioning\DA\Binary\ DA_ConfigWithPassword.obk
Then i continued the development and now i wanted to restore the product_state back to OPEN using the regression process. Now the Board is in CLOSED State.
However, since this template used TrustZone, regression is not working with the password.bin, but with certificates.
Is there a way to recover this EvalBoard?
As I understand it, I would need a Certificate matching the DA_ConfigWithPassword.obk right.
Is there a video tutorial available describing the regression progress for TrustZone enabled device like
this: https://www.youtube.com/watch?v=SPRter-uJ0g&list=PLnMKNibPkDnEX2L5VcdJRQ5fb1FDwgQZC
Thank you for your help
Mike
Solved! Go to Solution.
- Labels:
-
RDP
-
STM32 Security
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-11-20 12:51 AM
Hello @Mike123 ,
I'm afraid that not following the steps for provisioning with combination of Trustzone activation will prevent you from doing a regression or opening a debug session as this device will need it to be able to do DA as explained in the above-mentioned Wiki page section 5:
" When debug authentication control is based on certificates (when TrustZone© is enabled (TZEN = 0xB4)), the device must be provisioned with the ECC public key and the SOC_PERMISSION, which is a mask defining the different permissions allowed by the debug authentication (full regression / partial regression / debug secure / debug nonsecure)."
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-11-19 06:51 AM
Try ROT_Provisioning\DA\regression.bat, it should put the board to open state.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-11-19 07:11 AM
Hi @Thatseasy
Unfortunately it did not work.
"Debug Authentication Failed" is the Script output
The OBK provisioned is for a password regression. But since the TrustZone is enabled Certificates are needed i guess.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-11-19 07:41 AM
Hello @Mike123 ,
you went throw the TZ locked process without provisioning a certificate?
please see this document section 3.4.4 of AN6008 as you can't perform the regression without certificate chain .b64 and the private part used to generate the certificate in the provisioning phase.
If you haven't changed the default key this should work for you to perform full regression .
see also this wiki page section 4 and 5 for more details Security:Debug Authentication STM32H5 How to Introduction - stm32mcu
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-11-19 11:09 PM
Hi @STea ,
yeah kind of. I provides the DA_ConfigWithPassword.obk, which is used for the normal (Not TZ) lock process.
Then i continued development and later on I turned on the TrustZone and went into Closed state.
The provides solution with the root Key did not work for me.
Greetings Mike
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-11-20 12:51 AM
Hello @Mike123 ,
I'm afraid that not following the steps for provisioning with combination of Trustzone activation will prevent you from doing a regression or opening a debug session as this device will need it to be able to do DA as explained in the above-mentioned Wiki page section 5:
" When debug authentication control is based on certificates (when TrustZone© is enabled (TZEN = 0xB4)), the device must be provisioned with the ECC public key and the SOC_PERMISSION, which is a mask defining the different permissions allowed by the debug authentication (full regression / partial regression / debug secure / debug nonsecure)."
Regards