Provision STM32WBA55 via SFI/RSS and flash a NS application

ivw · ‎2025-10-27

Hi all,

I am able to generate an SFI image via the trust package and I am using a HSM card to attempt to program a STM32WBA55. As far as I understand is that during provisioning TZEN is set and RDP level is set to 0.5.

Reading various documents such as the ref manual (section boot modes) and the an4992 on section 3.3.2.1 it states "The OEM internal firmware can be built to start at the beginning of the user flash memory (starting address
0x0800 0000). After a SFI, the SRAM is fully available for OEM."

It is not clear to me if it actually works once TZEN remains set after the SFI process. Can I just provision my non-secure application? My goal is to reach RDP level 2 once my option bytes are applied and have under control what happens at the contract manufacturer site.

Thank you very much,

best,

Ivan

ivw · ‎2025-11-04

Can anyone help me on this one?

Tanguy · ‎2025-11-20

Hello Ivan,

On STM32WBA55, the TZEN Option Byte can only be cleared with a regression from RDP level 1 to 0. Since the SFI procedure requires to have TZEN=1 and ends with an RDP level equal to 0.5 or higher, it means that TrustZone shall remain enabled in the installed application.

When TrustZone is enabled, the Cortex M33 will necessarily boot on a secure application, so the easiest way to make your application compatible would be to compile it as a fully secure app (no partitioning between secure and non-secure, with all resources allocated to the secure).

The following Application Note might help you to configure your application as secure:

AN5421: Getting started with STM32 MCU's and Arm®TrustZone® development

Best regards,

Tanguy