cancel
Showing results for 
Search instead for 
Did you mean: 

Engineering mode and CA7 secure state

Martin Devera
Associate III

In RM it is stated that in Engineering mode (BOOT pins at 3'b100) the MPU re-opens CA7 secure debug.

I boot in that mode, then halt in openocd:

stm32mp15x.cpu0: hardware has 6 breakpoints, 4 watchpoints
> halt
stm32mp15x.cpu0 rev 5, partnum c07, arch f, variant 0, implementor 41
target halted in Thumb state due to debug-request, current mode: Supervisor
cpsr: 0x200001f3 pc: 0x00010fc0
MMU: enabled, D-Cache: disabled, I-Cache: enabled
> mdw 0x5c005014
0x5c005014: 0000000f

In BSEC register 0x14 (DEBUG) there is 0xf - which means unsecure debug is enabled,

but secure is disabled. Also MMU is enabled and 0x2ffc0000 is RO and 0x10000000 unmapped.

Thus I can't upload and run A7 code via JTAG.

Is it correct ? Is the only way to upload some code to new MP1 board only via USB/serial

bootloader ?

I ask because typical way for STM32 MCUs was to use Openocd to send some stub code

for Flash programming of new part but it doesn't seem to work here.

Only way I found is to upload fake code via USB, break into it and then debugger has full access to MPU in secure state.

Martin

1 ACCEPTED SOLUTION

Accepted Solutions
PatrickF
ST Employee

Are you sure you are really in EngiBoot mode ?

I double check on my platform, and I read BSEC_DENABLE (@0x5c005014) to 0x000047F, which mean all debug are allowed. Furthermore, cache is disabled in EngiBoot.

Could you check SYSCFG_BOOTR @0x50020000 ? Should be 0x00000004 for EngiBoot.

I suspect you are still in one of the Flash boot mode which fallback to USB/Serial as no good Flash content is detected.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

View solution in original post

2 REPLIES 2
PatrickF
ST Employee

Are you sure you are really in EngiBoot mode ?

I double check on my platform, and I read BSEC_DENABLE (@0x5c005014) to 0x000047F, which mean all debug are allowed. Furthermore, cache is disabled in EngiBoot.

Could you check SYSCFG_BOOTR @0x50020000 ? Should be 0x00000004 for EngiBoot.

I suspect you are still in one of the Flash boot mode which fallback to USB/Serial as no good Flash content is detected.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
Martin Devera
Associate III

Ouch, shame on us :)

Thanks you for the good catch, there is 1 in BOOTR (I overlooked its existence) and I just realized that our PCB guy mislabeled

(reversed) BOOT0..2 labels next to DIP switch. Now DENABLE is 47F as expected.

Martin