FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secure FREERTOS Trustzone doesn't show configuration options in CubeMX 6.17.0

Marty_Revival
Associate II

‎2026-04-21 11:58 AM

Hi All,

I have an issue with STM32CubeMX 6.17.0 (Windows 11 + Visual Studio Code)

I want to start a STiRoT Full secure project (with DA and encryption) for STM32H573 with FREERTOS.
But when I add the freertos software pack, I don't get any configuration options.

  • Open STM32CubeMX
  • Start My project from MCU
  • Select STM32H573IIK3Q (same as STM32H573I-DK)
  • Enable ICACHE and MPU -> Yes
  • With TrustZone
  • Software packs -> Select Component -> Cortex-M33 Secure -> X-CUBE-FREERTOS 1.5.0 -> CMSIS RTOS2 11.2.0 -> Core : TZ_Secure (I can't select Heap???)
  • No configuration is shown

Marty_Revival_0-1776797652895.png

If I add FREERTOS to non-secure I am able to open configuration options

Marty_Revival_1-1776797790827.png


I have added my IOC file.
Can someone tell me what I'm doing wrong?

Thanks!

With kind regards,
Marty

Labels:
FREERTOS_STM32H573_Secure.ioc
0 Kudos
4 REPLIES 4
Ghofrane GSOURI
ST Employee

‎2026-04-22 12:15 AM

Hello @Marty_Revival 

I'm currently checking this behavior. I will get back to you ASAP.

THX

Ghofrane

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Marty_Revival
Associate II
In response to Ghofrane GSOURI

‎2026-04-22 2:54 AM

Hello @Ghofrane GSOURI 

That's great! Thanks for the quick reply and for picking this up!
Please let me know if there is something I can or should test on my side to get this issue fixed fast!

I'm planning on using the STM32H573 (or maybe the STM32H5F5) in a new product and I'm planning on using the full STiRoT, with secure encrypted updates but I want to use FREERTOS in the secure part.

One more question, hope that it's not too much offtopic, if so I will make a seperate post.
When selecting a secure-only project (without non secure).

Marty_Revival_1-1776851396766.png

 

With DA and STiRoT. Why does the mapping for M33S start at 0xC000400 and not on 0xC0000000? Does this mean that my "Firmware Execution area offset" and "Firmware download area offset" can't both be 0x00100000 (1MB) but should be a little bit smaller? Or does the tool take that start offset into account?

Marty_Revival_0-1776851342165.png

 

0 Kudos
Ghofrane GSOURI
ST Employee
In response to Marty_Revival

‎2026-04-23 5:41 AM

Hello @Marty_Revival 

After several attempts, STM32CubeMX always worked correctly, and I was able to enable

X-CUBE-FREERTOS in both the secure and non-secure contexts. This suggests that the shared .ioc file may have been corrupted.

Regarding the missing FreeRTOS configuration options in the secure context, the key point is that STM32CubeMX is mainly designed for the simpler TrustZone use model.

In this model, FreeRTOS tasks are typically created in the non-secure world, while the secure world provides protected services such as:

1- access to secure peripherals,
2- secure function calls,
3- or other trusted operations.

In a multitask environment managed by FreeRTOS, non-secure tasks may need to request services from the secure world. These interactions must be synchronized properly so that secure processing does not interfere with the expected real-time behavior of the system.

So, from a tooling perspective, CubeMX mainly supports this standard architecture, which is why the usual FreeRTOS task configuration is available on the non-secure side.

It is still technically possible to run an RTOS and create tasks in the secure world on a Cortex-M33 with TrustZone, but CubeMX does not provide full support or configuration UI for that advanced use case. If secure-side tasks are required, they generally need to be implemented manually by the user.

As a reference, you can check the example: FreeRTOS_Queues_ThreadFlags_TrustZone

This example illustrates  the use of message queues, thread flags with CMSIS_RTOS2 API along with the use of FreeRTOS when the TrustZone feature is enabled (TZEN=1) readme

Regarding your question about STiRoT, I recommend that you post it in the Security forum, where you can get more specific support and guidance.

THX

Ghofrane

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
Marty_Revival
Associate II
In response to Ghofrane GSOURI

‎2026-04-23 6:30 AM

Hello @Ghofrane GSOURI ,

Thanks for the response.
So if I understand correctly:

The fact that no configuration options are available in this case (FREERTOS in Secure context only) is correct and intentional?

Marty_Revival_1-1776950666457.png

I'm still trying to wrap my head around the STiRot, provisioning, secure/non-secure etc.
Is there a reason why you wouldn't want the whole application in secure context?

 

I will take a look at the example, thanks.

Is there also a tutorial (video, webtutorial, etc) available specifically for FREERTOS with STM32H5xx with Trustzone and Crypto? (I've watched the seperate videos on STM32H573 secure manager and FREERTOS on STM32 V2).

It would be great is there is a video how to setup FREERTOS with secure/non-secure context with cubemx.

0 Kudos
Top