FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to disable Trustzone on STM32U5 Series

Diane POMABIA
ST Employee

on ‎2023-05-04 3:02 AM - edited on ‎2025-08-01 6:03 AM by Community manager

The aim of this article is to provide guideline for disabling Trustzone on STM32U5.

1. Hardware and software setup

  • Nucleo MB1549-U5A5ZJT6Q1. Hardware and software setup
  • STM32CubeProgrammer

As you can see when connecting your board to STM32CubeProgrammer and checking the option bytes, TZEN is checked (TrustZone® enabled).

1639.png


2. Disable TrustZone®

To disable TrustZone®, you have to:

Step 1: Connect Boot0 to VDD on your board:

This consists on connecting PH3 pin (CN11 pin 7) to VDD (CN11 pin 5).
1640.png

Step 2: Connect your board with STM32CubeProgrammer in "hot plug" Mode.

1641.png


Step 3: Switch RDP value in “readout protection” to level 1, then click on apply.

1642.png

Step 4:

  • Switch RDP value to level 0
  • Uncheck the TZEN value in user configuration. 1643.png

Step 5: Then click on apply to program the option bytes.

1644.png

Step 6: Disconnect your board to STM32CubeProgrammer.
Step 7: Disconnect Boot0 to VDD.
Step 8: Connect again your board with STM32CubeProgrammer and make sure that TrustZone® is disabled(TZEN unchecked). 


1645.png
Reproduce this procedure faithfully otherwise the TrustZone® will not be disabled.

Comments
thisal29
Associate
‎2025-09-17 9:03 AM

Hello,
I'm using STM32U385RG in Nucleo-U385RG-Q board. I have been using the trust zone. RDP level was always AA. 

Now I want to disable the trust zone. But I'm stuck at the following error. 
Option Byte Programming failed Or modified by application after OB_LAUNCH

17:59:27 : STM32CubeProgrammer API v2.20.0 | Windows-64Bits
17:59:31 : UR connection mode is defined with the HWrst reset mode
17:59:31 : UR connection mode is defined with the HWrst reset mode
17:59:31 : ST-LINK SN : 002700313234510C33353533
17:59:31 : ST-LINK FW : V3J16M8
17:59:31 : Board : NUCLEO-U385RG-Q
17:59:31 : Voltage : 3.28V
17:59:31 : SWD freq : 8000 KHz
17:59:31 : Connect mode: Hot Plug
17:59:31 : Reset mode : Hardware reset
17:59:31 : Device ID : 0x454
17:59:31 : Revision ID : Rev Z
17:59:31 : Debug in Low Power mode enabled.
17:59:31 : UPLOADING OPTION BYTES DATA ...
17:59:31 : Bank : 0x00
17:59:31 : Address : 0x50022040
17:59:31 : Size : 32 Bytes
17:59:31 : Bank : 0x01
17:59:31 : Address : 0x50022060
17:59:31 : Size : 16 Bytes
17:59:31 : UPLOADING ...
17:59:31 : Size : 1024 Bytes
17:59:31 : Address : 0x8000000
17:59:31 : Read progress:
17:59:31 : Data read successfully
17:59:31 : Time elapsed during the read operation is: 00:00:00.006
18:00:20 : Option byte command : -ob TZEN=0
18:00:20 : qCmd : -ob TZEN=0
18:00:20 : PROGRAMMING OPTION BYTES AREA ...
18:00:20 : Bank : 0x00
18:00:20 : Address : 0x50022040
18:00:20 : Size : 32 Bytes
18:00:21 : Reconnecting...
18:00:26 : Reconnected !
18:00:26 : UPLOADING OPTION BYTES DATA ...
18:00:26 : Bank : 0x00
18:00:26 : Address : 0x50022040
18:00:26 : Size : 32 Bytes
18:00:26 : Bank : 0x01
18:00:26 : Address : 0x50022060
18:00:26 : Size : 16 Bytes
18:00:26 : OPTION BYTE PROGRAMMING VERIFICATION:
18:00:26 : Error: Expected value for Option Byte "TZEN": 0x0, found: 0x1
18:00:26 : Error: Option Byte Programming failed Or modified by application after OB_LAUNCH
18:00:26 : Time elapsed during option Bytes configuration: 00:00:06.453

Additionally I also tried to erase the full chip flash memory. But I get the same error.

I really appreciate any of your assistance. 

Thanks and regards!

0 Kudos
Version history
Last update:
‎2025-08-01 6:03 AM
Updated by:
Community manager
Contributors
Top