2025-09-05 3:41 AM
I'm trying to get the Debug Authentication provisioning to work. I managed to write it from within the application, but then I found the errata sheet(es0565-stm32h562xx563xx573xx-device-errata-stmicroelectronics.pdf) which states otherwise:
"Chapter 2.2.35: Debug Authentication provisioning cannot be done from the application when TZEN is disabled"
I tried to do the provisioning with RSSLib->DataProvisioning(), as mentioned in the errata sheet, but I end up getting a hardfault.
I'm using the nucleo-h536zi-board, trustzone is disabled.
RSSLIB_DataProvisioningConf_t a;
a.pSource = sData;
a.pDestination = (uint32_t *) (0x0FFD0100);
a.Size = 0x60;
a.DoEncryption = 0xCACA0AA0U;
a.Crc = 0;
uint32_t c = RSSLIB_PFUNC->NSC.DataProvisioning(&a);
Since the CRC is not correct, I expect to get the CRC error instead of a hard fault.
Is there something I need to set up before calling DataProvisioning? I tried to find an example, is there one somewhere?
Best regards,
Peter
2025-09-10 2:23 AM
Hello @peter7 ,
This errata is actually very misleading.
I created an internal ticket to have it fixed.
First, it only applies to STM32H573 providing crypto accelerators.
Second there is actually no workaround as far as I can tell (for STM32H573)
So, in your case, using a STM32H563, where DA OBK is not encrypted, you just need to write OBK file in clear and that's it.
This can be done in either OPEN or CLOSED state, because it is not encrypted.
Best regards
Jocelyn
2025-09-10 3:20 AM
Thank you Jocelyn.
It is good to know that we are not affected by this error.
Does that mean that RSSLib->DataProvisioning() doesn't work at all without TZ?
Provisioning from within the application works for me, but I'm not sure how to reliable tell its success. I asked this question in another ticket:
Best regards,
Peter
2025-09-11 12:27 AM