Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- STMicroelectronics Community
- STM32 MCUs
- STM32 MCUs Security
- stm32l552zeq Nucleo board cannot disable trustzone
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
stm32l552zeq Nucleo board cannot disable trustzone
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2025-07-24 8:00 AM
Hi, I managed to enable TrustZone by setting the TZEN-bit to 1 like so
STM32_Programmer_CLI -c port=SWD -ob TZEN=1But I can't seem to manage to turn it off the same way. I've tried doing it from the graphical interface as well, with the same results. Do I have to do anything special on this board to set TZEN to 0?
Here are my complete set of option bytes. I've only changed TZEN=1 myself.
STM32_Programmer_CLI -c port=SWD -ob displ
-------------------------------------------------------------------
STM32CubeProgrammer v2.20.0
-------------------------------------------------------------------
ST-LINK SN : 066BFF505048878667122712
ST-LINK FW : V2J45M31
Board : NUCLEO-L552ZE-Q
Voltage : 3,26V
SWD freq : 4000 KHz
Connect mode: Normal
Reset mode : Software reset
Device ID : 0x472
Revision ID : Rev Z
Device name : STM32L5xx
Flash size : 512 KBytes (default)
Device type : MCU
Device CPU : Cortex-M33
BL Version : --
UPLOADING OPTION BYTES DATA ...
Bank : 0x00
Address : 0x50022040
Size : 40 Bytes
[==================================================] 100%
Bank : 0x01
Address : 0x50022060
Size : 16 Bytes
[==================================================] 100%
OPTION BYTES BANK: 0
Read Out Protection:
RDP : 0xAA (Level 0, no protection)
BOR Level:
BOR_LEV : 0x0 (BOR Level 0, reset level threshold is around 1.7 V)
User Configuration:
nRST_STOP : 0x1 (No reset generated when entering Stop mode)
nRST_STDBY : 0x1 (No reset generated when entering Standby mode)
nRST_SHDW : 0x1 (No reset generated when entering the Shutdown mode)
IWDG_SW : 0x1 (Software independent watchdog)
IWDG_STOP : 0x1 (IWDG counter active in stop mode)
IWDG_STDBY : 0x1 (IWDG counter active in standby mode)
WWDG_SW : 0x1 (Software window watchdog)
SWAP_BANK : 0x0 (Bank 1 and bank 2 address are not swapped)
DB256 : 0x1 (256Kb dual-bank Flash with contiguous addresses)
DBANK : 0x1 (Dual bank mode with 64 bits data)
SRAM2_PE : 0x1 (SRAM2 parity check disable)
SRAM2_RST : 0x1 (SRAM2 is not erased when a system reset occurs)
nSWBOOT0 : 0x1 (BOOT0 taken from PH3/BOOT0 pin)
nBOOT0 : 0x1 (nBOOT0 = 1)
PA15_PUPEN : 0x1 (USB power delivery dead-battery disabled/ TDI pull-up activated)
TZEN : 0x1 (Global TrustZone security enabled)
HDP1EN : 0x0 (No HDP area 1)
HDP1_PEND : 0x0 (0x8000000)
HDP2EN : 0x0 (No HDP area 2)
HDP2_PEND : 0x0 (0x8000000)
NSBOOTADD0 : 0x100000 (0x8000000)
NSBOOTADD1 : 0x17F200 (0xBF90000)
SECBOOTADD0 : 0x180000 (0xC000000)
BOOT_LOCK : 0x0 (Boot based on the pad/option bit configuration)
Secure Area 1:
SECWM1_PSTRT : 0x0 (0x8000000)
SECWM1_PEND : 0x7F (0x803F800)
Write Protection 1:
WRP1A_PSTRT : 0x7F (0x803F800)
WRP1A_PEND : 0x0 (0x8000000)
WRP1B_PSTRT : 0x7F (0x803F800)
WRP1B_PEND : 0x0 (0x8000000)
OPTION BYTES BANK: 1
Secure Area 2:
SECWM2_PSTRT : 0x0 (0x8040000)
SECWM2_PEND : 0x7F (0x807F800)
Write Protection 2:
WRP2A_PSTRT : 0x7F (0x807F800)
WRP2A_PEND : 0x0 (0x8040000)
WRP2B_PSTRT : 0x7F (0x807F800)
WRP2B_PEND : 0x0 (0x8040000) I've tried erasing flash and then changing it, it doesn't change anything. I tried following a trick online that said to do
set ST_PROGRAMMER_PATH="C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\STM32_Programmer_CLI.exe" %ST_PROGRAMMER_PATH% -c port=SWD mode=HotPlug -ob nSWBOOT0=0 nBOOT0=0 %ST_PROGRAMMER_PATH% -c port=SWD mode=HotPlug -ob RDP=0xDC %ST_PROGRAMMER_PATH% -c port=SWD mode=HotPlug -ob RDP=0xAA TZEN=0 %ST_PROGRAMMER_PATH% -c port=SWD mode=HotPlug -ob nSWBOOT0=1 nBOOT0=1
but it was a nightmare lowering RDP to 0 again. It is now 0 as before, but TZEN is still 1.
Here is the output that I get when I try to change it manually
(3.8.18) robert@robert-Latitude-5400:~/Projects/test-stm32-nucleo$ STM32_Programmer_CLI -c port=SWD -ob TZEN=0
-------------------------------------------------------------------
STM32CubeProgrammer v2.20.0
-------------------------------------------------------------------
ST-LINK SN : 066BFF505048878667122712
ST-LINK FW : V2J45M31
Board : NUCLEO-L552ZE-Q
Voltage : 3,26V
SWD freq : 4000 KHz
Connect mode: Normal
Reset mode : Software reset
Device ID : 0x472
Revision ID : Rev Z
Device name : STM32L5xx
Flash size : 512 KBytes (default)
Device type : MCU
Device CPU : Cortex-M33
BL Version : --
UPLOADING OPTION BYTES DATA ...
Bank : 0x00
Address : 0x50022040
Size : 40 Bytes
[==================================================] 100%
Bank : 0x01
Address : 0x50022060
Size : 16 Bytes
[==================================================] 100%
PROGRAMMING OPTION BYTES AREA ...
Bank : 0x00
Address : 0x50022040
Size : 40 Bytes
Reconnecting...
Reconnected !
UPLOADING OPTION BYTES DATA ...
Bank : 0x00
Address : 0x50022040
Size : 40 Bytes
[==================================================] 100%
Bank : 0x01
Address : 0x50022060
Size : 16 Bytes
[==================================================] 100%
OPTION BYTE PROGRAMMING VERIFICATION:
Error: Expected value for Option Byte "tzen": 0x0, found: 0x1
Error: Option Byte Programming failed Or modified by application after OB_LAUNCH
Time elapsed during option Bytes configuration: 00:00:02.153 I've tried it like this and with mode=HotPlug.
Any ideas?
Labels:
- Labels:
-
STM32 Security
0 REPLIES 0
