on
2023-05-04
3:02 AM
- edited on
2025-08-01
6:03 AM
by
Laurids_PETERSE
The aim of this article is to provide guideline for disabling Trustzone on STM32U5.
As you can see when connecting your board to STM32CubeProgrammer and checking the option bytes, TZEN is checked (TrustZone® enabled).
To disable TrustZone®, you have to:
Step 1: Connect Boot0 to VDD on your board:
This consists on connecting PH3 pin (CN11 pin 7) to VDD (CN11 pin 5).
Step 2: Connect your board with STM32CubeProgrammer in "hot plug" Mode.
Step 3: Switch RDP value in “readout protection” to level 1, then click on apply.
Step 4:
Step 5: Then click on apply to program the option bytes.
Step 6: Disconnect your board to STM32CubeProgrammer.
Step 7: Disconnect Boot0 to VDD.
Step 8: Connect again your board with STM32CubeProgrammer and make sure that TrustZone® is disabled(TZEN unchecked).
Reproduce this procedure faithfully otherwise the TrustZone® will not be disabled.
Hello,
I'm using STM32U385RG in Nucleo-U385RG-Q board. I have been using the trust zone. RDP level was always AA.
Now I want to disable the trust zone. But I'm stuck at the following error.
Option Byte Programming failed Or modified by application after OB_LAUNCH
17:59:27 : STM32CubeProgrammer API v2.20.0 | Windows-64Bits
17:59:31 : UR connection mode is defined with the HWrst reset mode
17:59:31 : UR connection mode is defined with the HWrst reset mode
17:59:31 : ST-LINK SN : 002700313234510C33353533
17:59:31 : ST-LINK FW : V3J16M8
17:59:31 : Board : NUCLEO-U385RG-Q
17:59:31 : Voltage : 3.28V
17:59:31 : SWD freq : 8000 KHz
17:59:31 : Connect mode: Hot Plug
17:59:31 : Reset mode : Hardware reset
17:59:31 : Device ID : 0x454
17:59:31 : Revision ID : Rev Z
17:59:31 : Debug in Low Power mode enabled.
17:59:31 : UPLOADING OPTION BYTES DATA ...
17:59:31 : Bank : 0x00
17:59:31 : Address : 0x50022040
17:59:31 : Size : 32 Bytes
17:59:31 : Bank : 0x01
17:59:31 : Address : 0x50022060
17:59:31 : Size : 16 Bytes
17:59:31 : UPLOADING ...
17:59:31 : Size : 1024 Bytes
17:59:31 : Address : 0x8000000
17:59:31 : Read progress:
17:59:31 : Data read successfully
17:59:31 : Time elapsed during the read operation is: 00:00:00.006
18:00:20 : Option byte command : -ob TZEN=0
18:00:20 : qCmd : -ob TZEN=0
18:00:20 : PROGRAMMING OPTION BYTES AREA ...
18:00:20 : Bank : 0x00
18:00:20 : Address : 0x50022040
18:00:20 : Size : 32 Bytes
18:00:21 : Reconnecting...
18:00:26 : Reconnected !
18:00:26 : UPLOADING OPTION BYTES DATA ...
18:00:26 : Bank : 0x00
18:00:26 : Address : 0x50022040
18:00:26 : Size : 32 Bytes
18:00:26 : Bank : 0x01
18:00:26 : Address : 0x50022060
18:00:26 : Size : 16 Bytes
18:00:26 : OPTION BYTE PROGRAMMING VERIFICATION:
18:00:26 : Error: Expected value for Option Byte "TZEN": 0x0, found: 0x1
18:00:26 : Error: Option Byte Programming failed Or modified by application after OB_LAUNCH
18:00:26 : Time elapsed during option Bytes configuration: 00:00:06.453
Additionally I also tried to erase the full chip flash memory. But I get the same error.
I really appreciate any of your assistance.
Thanks and regards!