FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32H573 stuck in PROVISIONING state

Go to solution
CRE
Associate II

‎2024-11-05 12:50 AM

Hi there,

My STM32H573I-DK demo board is stuck in PROVISIONING state, probably as the result of a failed or aborted provisioning operation. I was doing hand-on training  with the  How to start with STiRoT on STM32H573 wiki.

 

Now, I cannot regress it to OPEN, or run the provisioning.sh script again to proceed to CLOSED. Any attempt ends up in a Debug Authentication Failed error.

I am aware of the importance of providing DA credentials to avoid locking the device in CLOSED state. But I don't think I missed this step, and my device is not CLOSED.

 

Any idea how I can unlock this board ?

Thanks for any support.

Christian R

 

FYI, here is the log of a regression attempt using STM32Programmer:

09:34:22 : STM32CubeProgrammer API v2.17.0 | Linux-64Bits
09:34:40 : Start Debug Authentication Sequence
09:34:40 : SDMOpen : 609 : open : SDM API v1.0
09:34:40 : SDMOpen : 610 : open : SDM Library version v1.1.0
09:34:40 : open_comms : 501 : open : Asserting target reset
09:34:40 : open_comms : 505 : open : Writing magic number
09:34:40 : open_comms : 515 : open : De-asserting target reset
09:34:40 : open_comms : 567 : open : Communication with the target established successfully
09:34:40 : discovery: target ID.......................:0x484
09:34:40 : discovery: SoC ID..........................:0x00000000_35353537_3332510A_00680036
09:34:40 : discovery: SDA version.....................:2.4.0
09:34:40 : discovery: Vendor ID.......................:STMicroelectronics
09:34:40 : discovery: PSA lifecycle...................:ST_LIFECYCLE_PROVISIONING
09:34:40 : discovery: PSA auth version................:1.0
09:34:40 : discovery: ST HDPL1 status.................:0xffffffff
09:34:40 : discovery: ST HDPL2 status.................:0xffffffff
09:34:40 : discovery: ST HDPL3 status.................:0xffffffff
09:34:40 : discovery: Token Formats...................:0x200
09:34:40 : discovery: Certificate Formats.............:0x201
09:34:40 : discovery: cryptosystems...................:Ecdsa-P256 SHA256
09:34:40 : discovery: ST provisioning integrity status:0xf5f5f5f5
09:34:40 : discovery: permission if authorized...........:Full Regression
09:34:40 : discovery: permission if authorized...........:To TZ Regression
09:34:40 : discovery: permission if authorized...........:Level 3 Intrusive Debug
09:34:40 : discovery: permission if authorized...........:Level 2 Intrusive Debug
09:34:40 : discovery: permission if authorized...........:Level 1 Intrusive Debug
09:34:40 : discovery: permission if authorized...........:Level 3 Intrusive Non Secure Debug
09:34:40 : discovery: permission if authorized...........:Level 2 Intrusive Non Secure Debug
09:34:40 : discovery: permission if authorized...........:Level 1 Intrusive Non Secure Debug
09:35:11 : Start Debug Authentication Sequence
09:35:11 : SDMOpen : 609 : open : SDM API v1.0
09:35:11 : SDMOpen : 610 : open : SDM Library version v1.1.0
09:35:11 : open_comms : 501 : open : Asserting target reset
09:35:11 : open_comms : 505 : open : Writing magic number
09:35:11 : open_comms : 515 : open : De-asserting target reset
09:35:11 : open_comms : 567 : open : Communication with the target established successfully
09:35:11 : [00%] discovery command
09:35:11 : [10%] sending discovery command
09:35:11 : [20%] receiving discovery
09:35:11 : [40%] loading credentials
09:35:11 : [50%] sending challenge request
09:35:11 : [60%] receiving challenge
09:35:11 : Error: Debug Authentication Failed

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Frantz LEFRERE
ST Employee
In response to CRE

‎2024-11-05 04:35 AM - edited ‎2024-11-05 04:37 AM

Hi @CRE ,

please do the provisioning with the DA_Config.obk from the archive attached and then do the regression with the cert_root.b64 from the archive with cubeprogrammer.
I would suspect that you've regenerated the root key but haven't regenerated the associated certificate.

Br,

Frantz 

View solution in original post

Certificates.7z
0 Kudos
4 REPLIES 4
Go to solution
Frantz LEFRERE
ST Employee

‎2024-11-05 01:17 AM

Hello @CRE 
As you are in provisioning state, you can still doing the provisioning manually.
Launch cube programmer GUI, connect in hotplug mode.
Then click on the shield, select the DA_config.obk ( from the Cube) and start provisioning.
Manual_provisioning.JPG
Then you should have a pop-up that the povsioning was success full.
Once this done the regression script could be launch.
Or you can do the regression thank cube programmer GUI.

Br,

Frantz

0 Kudos
Go to solution
CRE
Associate II
In response to Frantz LEFRERE

‎2024-11-05 02:58 AM

Hi Frantz,

Thank you a lot for the quick and detailed answer.

I put your suggestion to trial:

- manual provisioning : appeared to be successful. Yet, the device was still in PROVISIONING state after that.

- regression : with the script or from STM32Programmer, both failed. The process went a bit further than before (signing token):

CRE_0-1730803547346.png

 

0 Kudos
Go to solution
Frantz LEFRERE
ST Employee
In response to CRE

‎2024-11-05 04:35 AM - edited ‎2024-11-05 04:37 AM

Hi @CRE ,

please do the provisioning with the DA_Config.obk from the archive attached and then do the regression with the cert_root.b64 from the archive with cubeprogrammer.
I would suspect that you've regenerated the root key but haven't regenerated the associated certificate.

Br,

Frantz 

Certificates.7z
0 Kudos
Go to solution
CRE
Associate II
In response to Frantz LEFRERE

‎2024-11-05 05:03 AM

Hi Frantz,

You fixed it ! My board is back to OPEN, and I will be able to resume my training.

And I will carefully follow every step of the wikis, and avoid messing around.

 

Thank you a lot.

 

 

Top