Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- STMicroelectronics Community
- STM32 MCUs
- STM32 MCUs Security
- Re: TrustZone, Product States, RDP, and Debug Auth...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
TrustZone, Product States, RDP, and Debug Authentication - Overview of their relation?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2023-10-09 05:05 PM - last edited on 2023-10-11 05:45 AM by Amel NASRI
I'm migrating from an F4. So this is all new to me. Need help getting started.
I currently have:
- A primary bootloader. It checks the application flash for a stored signature every boot
- An application flash. It's up to 896KB.
- 2MB Flash, two banks for flash. When I update I alternate the banks. This is mainly done manually and not using an bank selection.
- All sectors are 128KB which wastes a lot of flash because my bootloader is near 20KB.
- My firmware updates OTA/FOTA over Wifi. Because I don't have external flash, I need to download blocks to the alternate bank, collect all, and check them for completeness. The bootloader will check them next boot.
I've been studying the iROT, uROT, RSS, SFU, Product State, Debug Authentication.
- SFU is not for me. I don't need strong security at a contract manufacturer. Not yet. We program in house
- I think there might be a way for me to get rid of the flash authenticity of the primary bootloader. I feel like this is part of what iROT or uROT does?
- I need Readout Debug Protection and to shut SWD down for typical use. So, CLOSED seems like what I might want.
Questions or help needed:
- RSS seems to be factory bootloader+ ? Or at least some services like build or get cert, then you can boot into the loader?
- Where do i/uROT come in to play?
- If I have neither bank with a valid flash, I'd like to use my bootloader to set the wifi up into a tunnel mode with my app, then reboot the micro into factory bootloader so the app can help program over USART... However... I don't want to lose my bootloader when I do this. But if I'm in CLOSED, I think all I can do is erase all memory in a regression? Is there a way to keep specific sectors?
- What I really need is RDP and locking SWD down. Can I get those features with an OPEN config and just ignore all the trustzone options?
- Is there a getting started tutorial on this stuff anywhere? I feel like this topic spans at least 5 sections of different features.
Labels:
- Labels:
-
STM32 Security
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2023-10-13 11:04 AM
Hello @MBC ,
Here are some answers:
- RSS seems to be factory bootloader+ ? Or at least some services like build or get cert, then you can boot into the loader?
- RSS is factory secure code providing some specific services. It is used for instance to manage the Secure Firmware install. When you activate TrustZone you boot onto a secure code in system flash. This secure code is the RSS. Then secure code jumps to non secure which is the standard bootloader you have on all STM32. On STM32H5, you can use the system bootloader to update your application when TZ is disabled and in some cases when TZ is enabled
- Where do i/uROT come in to play?
- The iROT means immutable Root Of Trust. This is the first stage bootloader. On STM32H573, you have a secure bootloader in system flash called STiROT. Otherwise we also provide an example of user flash secure bootloader that we call OEMiROT. It is based on MCU boot
- If I have neither bank with a valid flash, I'd like to use my bootloader to set the wifi up into a tunnel mode with my app, then reboot the micro into factory bootloader so the app can help program over USART... However... I don't want to lose my bootloader when I do this. But if I'm in CLOSED, I think all I can do is erase all memory in a regression? Is there a way to keep specific sectors?
- You can either jump into the bootloader or create your own loader thanks to OpenBootloader example provided in STM32Cube H5
- What I really need is RDP and locking SWD down. Can I get those features with an OPEN config and just ignore all the trustzone options?
- Yes, TrustZone is not mandatory. If you don't enable TrustZone you can go to CLOSED state to disable JTAG access. Then re-opening the device is possible thanks to Debug Authentication by providing a password.
- Is there a getting started tutorial on this stuff anywhere? I feel like this topic spans at least 5 sections of different features.
- On STM32H5 you have a lot of wiki pages that explain everything, and provide getting started guides. Please have a look here
Best regards
Jocelyn
Related Content
- Encountering an error while doing DA in STM32 MCUs Security
- STM32H563: Unable to Regress or Debug Authenticate in STM32 MCUs Security
- Unable to perform Regression or Debug Authentication on STM32H5 in STM32 MCUs Security
- STM32H563 Debug Authentication in STM32 MCUs Security
- GTZC & illegal secure access failed to demonstrate: I can always write to non secure from secure in STM32 MCUs Security