cancel
Showing results for 
Search instead for 
Did you mean: 

Trusted Firmware-M v2.1.0 - Bricked Nucleo-L552ZE-Q

MCost.4
Associate II

Hello,

I followed this tutorial to add an example secure partition in TF-M ( https://tf-m-user-guide.trustedfirmware.org/integration_guide/services/tfm_secure_partition_addition.html ) and then followed these instructions to flash the application to my Nucleo-L552ZE-Q board ( https://tf-m-user-guide.trustedfirmware.org/platform/stm/common/stm32l5xx/readme.html ). However, the script regression.sh returned the error:

 

 

 

Error: Cannot connect to access port 0!
If you are trying to connect to a device with TrustZone enabled please try to connect with HotPlug mode.
If you are trying to connect to a device which supports Debug Authentication with certificate or password, please open your device using it.

 

 

 

After this, I am unable to connect my board STM32Cube Programmer or to flash any application using Keil MDK ARM, CubeIDE, etc. The same error is returned every time. Before I runned the regression.sh script, the board was working as expected and I was able to flash simple applications (non using TF-M) to the board. Does someone know how can I fix this problem? 

Here is the configuration I have in STM32Cube Programmer:

MCost4_0-1716225932046.png

 

25 REPLIES 25
AScha.3
Chief

Hi,

try connect :

mode : under reset

reset : hardware

Then try to delete your "bad" settings, maybe full flash erase and set option bytes ...

If you feel a post has answered your question, please click "Accept as Solution".

Thanks for the quick reply. I still can not connect:

MCost4_0-1716227330971.png

 

It tells : try Hot plug mode...try.

And read rm about this trust zone settings ... before playing around with this. 🙂

If you feel a post has answered your question, please click "Accept as Solution".

I've made this post because the hot plug mode connection also did not work out 🙂

I pulled BOOT0 pin to High (connected CN11 pin 5 to 7), connected the board to the PC and then tried to connect to STM32Cube Programmer using the Hot Plug mode. Here is the output:

MCost4_0-1716231320605.png

 

 

So try to find, what state you set - and what you can do , to get back , if possible...

in rm (H563):

AScha3_0-1716235673015.png

And if you locked the cpu and no way to unlock...replace cpu or board - and next time read first, what you might do and if there is a way back. 

I have a H563 here, also with secure..trusted zone etc. , but i am afraid to experiment with something like this, as long as i would be 100% sure and nothing bricks the chip. But when i see the reliability of the IDE, for example, and the debug, that works about 8 out of 10 times starting debug, or tell me some error happened (nucleo-H563 board with st-linkV3 onboard), unable to debug. So try again debug, 2 or three times, then working fine - as it should.

But imagine, this happens on a "secure" access, that might brick the chip...who needs this ?

If you feel a post has answered your question, please click "Accept as Solution".
Jocelyn RICARD
ST Employee

Hello @MCost.4 ,

First, you may have issues running TFM on STM32L5 Nucleo as it is running on stm32l562e_dk

Also, the opeion "--hardRst" at line 24 of regression.sh script is not supported in latest version of STM32CubeProgrammer and associated calls are failing. So, please remove this option.

Also did you update the STLink firmware?

Best regards

Jocelyn

Hello @Jocelyn RICARD 

As long as I know, the TF-M offers support for the Nucleo-L552ZE-Q platform. The TF-M filesystem have the files for the configuration of this platform under /platform/ext/target/stm/nucleo_l552ze_q and I have specified the platform in the cmake command that compiles my application: 

cmake .. -DTFM_PLATFORM=stm/nucleo_l552ze_q -DTFM_PARTITION_PRIVATE_ANN=ON -DCMAKE_BUILD_TYPE=Debug -DCONFIG_TFM_SPM_BACKEND=IPC -DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake -G"Unix Makefiles"

 Regarding the second point, removing the option --hrdRst resulted in a different output.

With the option --hrdRst, the regression.sh script returns:

MCost4_0-1716313375148.png

Without --hrdRst, it returns:

MCost4_1-1716313527524.pngMCost4_2-1716313559906.png

 

Hello again @Jocelyn RICARD ,

I've used TF-M in the past with this same board. However, in the past, I've used TF-M v1.7 with the STM32Cube Programmer v2.12 or v2.13 (I'm not sure about the programmer version but I know it was one of these two). I did not have any problems at that time.

The problem I describe in this post occurred with the TF-M v2.1. with the STM32Cube Programmer v2.16. The regression scripts generated by both TF-M versions are quite similar; however, there is still one change that I highlight below (TF-M v2.1 -> left; TF-M v1.7 -> right). Can this be the source of the error?

MCost4_0-1716400698329.png

I have also browsed the release notes of STM32Cube Programmer from versions v2.12 to v2.16. Below I list the main issues fixed that are relevant to the L5 boards:

  • v2.12: [119632] [STM32L5][TZEN - Regression] Error occurred when TZEN regression field is checked.
  • v2:13: 138051 [STM32CubeProg] STM32L5 CLI displaying protected flash memory content.

Hello @MCost.4 ,

I don't know what could actually happen.

If you cannot connect to the target even after setting boot 0 to VDD, I would suggest trying to power-on reset the board but I guess you already tried that.

By the way, while setting boot 0 to VDD are you able to connect to the bootloader with UART or USB ?

If yes, you can try regression from there 

Best regards

Jocelyn