Showing results for 
Search instead for 
Did you mean: 

STM32U585 - Secure boot loader

Surya S
Associate II

Hello Everyone,

We are currently working with STM32U585 microcontroller for one of our IoT project.

In this project we are planning to implement secure boot.

In this regard we want some clarification on the below points,

1.  After doing secure firmware install(SFI) & setting the RDP to level 2, if the JTAG is compromised is it possible to load any hex file without following SFI process as RDP regression would have taken place and the microcontroller flash would have been mass erased  and RDP level = 0 which gives full access to the controller.

2.  How does the immutable boot loader in RSS checks the integrity of the software bootloader loaded in the flash?

3. Is it possible to add custom key checks to the immutable bootloader in the RSS section?

4. Is it possible to load custom bootloader or modify the immutable bootloader in the RSS section?

Thanks in Advance.

Surya S

ST Employee

Hello @Surya S,

1) should someone manage to perform the regression then of course the MCU is fully open in RDP0. You need to guard your regression password well.

2) I believe we don't disclose full details, but SHA256 is widely used in similar applications.

3) No customization of the RSS is possible. For any customization needed, I recommend starting from one of the secure boot project examples included in the STM32Cube package. In combination with a boot lock it's a robust solution.



To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Jocelyn RICARD
ST Employee


On top of @Bubbles answers I would like to make something clear.

The SFI is not a bootloader. The SFI mechanism is only dedicated to secure firmware install in factory.

Once the firmware is installed, I mean once the SFI process is finished, the STM32U5 boots directly on system flash at the secure address defined in option bytes. RSS is not involved in checking integrity of the firmware once it has been installed.

This means STM32U5 does not provide a ROMed secure boot (as it is done on STM32H573 for instance)

Now we provide a secure boot example in the CubeFW U5 here:


It is based on mcuboot opensource solution.

There you can set your authentication and encryption keys

Best regards