FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32WL55 and STM32WLE5 radio timeout issues: A technical FAQ on SubGHzSPI security

Filip SCHWANK
ST Employee

‎2023-12-12 03:13 AM - edited ‎2024-01-09 01:36 AM

Summary and problem description

The STM32WL55 is a dual-core, low-power microcontroller with a sub-GHz radio that is connected internally through SPI. Note that whenever "radio" is mentioned in this article, it relates to "sub-GHz radio".  

To enhance security on the dual-core architecture, access to the radio can be disabled for one of the cores by setting an Option Byte (OB) bit. Typically, the CM4 core runs the application while the CM0+ core runs the radio stack. Disabling access from the CM4 core to the radio can improve security.

The STM32WLE5 is a single-core version of the STM32WL55 microcontroller that also has the same Option bytes. Therefore, the security feature that restricts access to the radio from the CM4 core can also be enabled on the STM32WLE5.

This FAQ article addresses issues, such as receiving a timeout when attempting to access the radio through the SubGHzSPI interface. This also includes reading out a value of '0x0' in all registers related to the SubGHzSPI.

 

 

FilipSCHWANK_0-1701453587943.png

Figure 1 - Timeout in the SubGHzSPI transmit function.

 

When the driver waits for TXE (Transmit Empty) to confirm that the SPI byte was sent, the registers may appear as all '0x0' values if the security feature is enabled. This causes the driver to timeout, as shown in Figure 1 above. Note that the '0x0' values can also appear if the peripheral is not enabled in RCC. This however usually leads to a Hardfault when attempting to access. 

 

FilipSCHWANK_1-1701453587945.png

Figure 2 - SubGHzSPI registers when security is enabled.

 

There may be other symptoms that the SubGHzSPI is secured, but the two issues mentioned above are the most common. To verify that the security feature is enabled, CubeProgrammer can be used. With the STM32WL55, this can be seen directly in the "Option bytes" tab.

 

FilipSCHWANK_2-1701453587958.png

Figure - STM32CubeProgrammer Option bytes view.

 

On the STM32WLE5, the option byte is hidden, so it can be viewed only directly from the memory. The reference manual RM0453 specifies the SUBGHZSPISD bit @0x1FFF7870

 

FilipSCHWANK_9-1701453775866.png

Figure - RM0453 SUBGHZSPISD Option bit.

 

This address can be viewed in CubeProgrammer to check the settings of this bit. Option bytes have the concept that the value in one word is present in the next word as the negation of the value.

 

FilipSCHWANK_10-1701453849587.png

Figure 5 - SUBGHZSPISD - security enabled.

 

FilipSCHWANK_11-1701453885683.png

Figure 6 - SUBGHZSPISD security disabled.

 

 

1. Problem solution

The solution to this issue is simple - disable the sub-GHz radio SPI security by enabling the SUBGHZSPISD  bit to allow access to the radio. With the STM32WL55, this can be done directly in CubeProgrammer through the Option bytes menu.

 

However, with the STM32WLE5, the bit is not visible in the Option bytes menu. It is necessary to write into both words at the same time due to the memory check with the negated value. The easiest way to enable the bit on both STM32WL55 and STM32WLE5 is to let the microcontroller do the programming.

 

To do this, the FLASH_WriteProtection example in the STM32CubeWL repository can be modified to disable the security. The example can be found in:

\STM32Cube_FW_WL_V1.3.0\Projects\NUCLEO-WL55JC\Examples\FLASH\FLASH_WriteProtection

The following code snippet can be used to accomplish this:

 

HAL_FLASH_Unlock();
__HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_OPTVERR);
HAL_FLASH_OB_Unlock();
OptionsBytesStruct.SUBGHZSPISecureAccess = OB_SUBGHZSPI_SECURE_ACCESS_DISABLE;

HAL_FLASHEx_OBGetConfig(&OptionsBytesStruct);
if(OptionsBytesStruct.SUBGHZSPISecureAccess != OB_SUBGHZSPI_SECURE_ACCESS_DISABLE){
    //disable security of SubG SPI
    OptionsBytesStruct.SUBGHZSPISecureAccess = OB_SUBGHZSPI_SECURE_ACCESS_DISABLE;

    HAL_FLASHEx_OBProgram(&OptionsBytesStruct);

    HAL_FLASH_OB_Launch();
    HAL_FLASH_OB_Lock();
}

 

 

2. Root cause and further support options

The root cause of this problem is currently unknown. Based on the information gathered so far, the security disable bit may be spuriously unset on some STM32WLE5 devices, which is why this FAQ was created. One possibility is that the STM32CubeProgrammer modifies this bit under certain conditions when programming the option bytes. However, these conditions have not been reproducible on our side, so we are asking for your help.

 

If you are facing the issue described above, contact us through our support system and provide as much information as possible. The information presented in the bullet points below can help us identify the problem. For the time being, the proposed workaround should at least fix the problem described in this FAQ.

 

  • What version of CubeProgrammer or CubeIDE was used with the affected device?
  • How many devices out of how large a sample of devices are affected?
  • Are the Option bytes programmed on your device or by CubeProgrammer?
  • Is there a way to reproduce the issue, or to re-lock the device the same way once it has been fixed by the presented workaround?
0 Kudos
Comments
Xynium
Associate III
‎2024-01-06 02:15 AM

Hi,

When i suspend in debug, i am at line 1645, on the first loop. Mean most of the time is spent there.

With the prog the bit where set as on  sceen shot, but the bug still there

I am on a nucleo.

Regards

JP

0 Kudos
Xynium
Associate III
‎2024-01-06 02:18 AM

Correction

You wrote disable the SUBGHZSPISD, but disabled is CHECKED and it function.

For me the solution was to CHECK the  SUBGHZSPISD.

Regards

JP

0 Kudos
Filip SCHWANK
ST Employee
‎2024-01-09 01:44 AM

Hi @Xynium ,

thank you for your comments. I improved a bit the explanation in the 1. Problem solution part, hopefully it is more understandable now. (Security is being disabled, but the 'security disable bit' is being enabled).

 

Regarding your issue, it may be also due to the peripheral not being enabled in RCC and you should get a timeout, or in this case more likely a Hardfault. If your issue persists, please contact our support - https://st.com/ols

 

Best regards,

Filip & TOMAS Team

0 Kudos
out0f0rder
Associate II
‎2024-07-01 08:54 PM

@Filip SCHWANK thanks for the info!

Regarding STM32WLE5. I have got several dozens of uC with very similar issue: the very same code work OK for most of the PCBs and the rest catch SPI timeout. I'm eager to fix them all 🙂

Unfortunately, I was unable to make the suggested fix in the code. Because of:

* OB_SUBGHZSPI_SECURE_ACCESS_DISABLE is defined only for dual core uC.

* The same with SUBGHZSPISecureAccess field of FLASH_OBProgramInitTypeDef struct.

* HAL_FLASHEx_OBProgram and FLASH_OB_SecureConfig also had implemented the feature for dual core only.

Do you think it would be OK to uncomment all the needed code in the HAL and try?

Are there any plans to fix the issue in the HAL library?

 

0 Kudos
Filip SCHWANK
ST Employee
‎2024-08-02 08:07 AM

Hi @out0f0rder ,

As written in the article:

The STM32WLE5 is a single-core version of the STM32WL55 microcontroller that also has the same Option bytes. Therefore, the security feature that restricts access to the radio from the CM4 core can also be enabled on the STM32WLE5.

This means that the HAL definitions could be reused for the WLE5, or better yet, copy only the necessary register definitions to avoid potential issues created by dual core functions and definitions running on a single core product. 

 

Best regards,

Filip & TOMAS Team 

0 Kudos
Version history
Last update:
‎2024-01-09 01:36 AM
Updated by:
Contributors
Top