FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[STM32L562E-DK] I cannot disable TrustZone (TZEN) - Error programming Option Bytes

Go to solution
erne_ramos
Associate II

‎2026-02-21 11:00 AM

Hello everyone,

I'm trying to disable the TrustZone (TZEN bit) on an STM32L562E-DK development board to leave it in a completely clean state (without protections) so I can use it as a standard MCU. However, I'm encountering errors when trying to modify the Option Bytes with STM32CubeProgrammer, and I would appreciate your help.

My configuration:

  • Board: STM32L562E-DK
  • Software: STM32CubeProgrammer v2.21.0
  • Connection: Integrated ST-LINK (SWD at 8000 kHz)
  • Current Option Bytes status (initial read):
    1. TZEN = 0x1 (Trust Zone enabled)
    2. RDP = 0xAA (Level 0, no readout protection)
    3. SECWM1_PSTRT = 0x0, SECWM1_PEND = 0x7F (Safe area defined)
    4. Screenshots of the complete configuration are attached.

The problem:

From the STM32CubeProgrammer graphical interface, I can modify and apply changes to almost all Option Bytes (such as safe areas or write protection) without issue. However, when I try to uncheck the TZEN box (to set it to 0) and click "Apply," I get the following errors:

  • Error: Option Byte Programming failed Or modified by application after OB_LAUNCH

  • Error: Expected value for Option Byte "TZEN": 0x0, found: 0x1

It appears that the TZEN bit refuses to change and remains at 1.

 

What I've tried so far (following application notes and other forum threads):

  1. Hot Plug Connection: I connected the board with the software in "Hot Plug" mode to attempt the modification without a prior reset.
  2. Combined Modification with RDP: I read that to disable TZEN, it's necessary to modify the RDP level simultaneously. I tried changing RDP from 0xAA to 0xDC (Level 1) and then back to 0xAA simultaneously with changing TZEN to 0, but I get the following error:
    • Error: ST-LINK error (DEV_TARGET_NOT_HALTED)
  3. Booting from RSS:
    • I configured nSWBOOT0 to 1 so that BOOT0 is taken from the physical pin.
    • I bridged pin 5 (VDD) and pin 7 (PH3_BOOT0) on connector CN11 to force a boot from RSS.
    • I reconnected in "Hot Plug" mode with the bridge in place.
    • Result: I keep getting the exact same errors when trying to apply the TZEN change.

My question is: What am I missing? Are there any additional steps or specific requirements for the STM32L562E-DK that I'm overlooking? I've tried doing it through the command line (STM32_Programmer_CLI.exe), but the result is the same. Has anyone successfully disabled TrustZone on this board and could share the exact command sequence or steps?

Labels:
Preview file
82 KB
Preview file
157 KB
Preview file
147 KB
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
TDK
Super User

‎2026-02-21 1:30 PM

Security:How to disable TrustZone in STM32L5xx devices during development phase - stm32mcu

If you feel a post has answered your question, please click "Accept as Solution".

View solution in original post

2 REPLIES 2
Go to solution
TDK
Super User

‎2026-02-21 1:30 PM

Security:How to disable TrustZone in STM32L5xx devices during development phase - stm32mcu

If you feel a post has answered your question, please click "Accept as Solution".
Go to solution
erne_ramos
Associate II
In response to TDK

‎2026-02-22 2:57 AM

Thank you !! I finally managed to disable TrustZone.

0 Kudos
Top