STM32N6 - How to disable the Trust Zone and safety related mechanisms

Laney · ‎2025-12-25

Hello!

I have STM32N6570-DK and i would like to disable or make Trust Zone transparent to me and develop the project without safety like your products with cortex M3,M4 and M7 cores with all resources available.

I can find some video content on disabling Trust Zone on STM32L5 and STM32U5 but not for STM32N6.

STM32CubeIDE offers me a Secure or Secure-Non Secure project generation. Any tips ?

Thank you

STackPointer64 · ‎2025-12-26

Hello @Laney, and welcome to ST community!

In the Project Manager, you can select AppNS to generate only the non-secure version of the project, which is most likely what you are looking for.

Best regards,

To improve visibility of answered topics, please click 'Accept as Solution' on the reply that resolved your issue or answered your question.

Laney · ‎2026-01-01

Hello @STackPointer64 ! Thank you for reaching out, and happy new year to all.

I've tried suggested. To generate only non-secure project. CubeMX prompted the warning, and after the generation the code does not build.

Also, in the CubeMX new project wizard, there is no option to generate only non-secure or trust zone disabled project. Is this currently not supported or ? Screenshot from 2026-01-01 13-14-09.png

Next, i shifted towards templates located in STM32Cube_FW_N6_V1.3.0 as instructed by user manual - UM3249 Getting started with STM32CubeN6 for STM32N6 series.

For template STM32Cube_FW_N6_V1.3.0/Projects/STM32N6570-DK/Templates/Template_FSBL_LRUN i don't find any commentary that this project has security disabled. This one was my best bet to might be the right one...

Does ST provide any training how to work with the TrustZone and security on STM32N6 devices ?
Is disabling TrustZone and using MCU more traditionally like Cortex M3-M7 even feasible with this device ?

Thank you

STackPointer64 · ‎2026-01-05

Hello @Laney ,

I stand corrected; please excuse the misinformation in my previous message. Due to the architecture of N6, both secure and non-secure projects need to be generated for successful compilation. Regarding using the MCU more traditionally like Cortex-M3 to M7 (except M33, M35P, and M55), the only way is to enable and configure peripherals in the Non-Secure domain (AppNS). After generating the project, you should edit only the non-secure project. That’s all.

Regarding your question about training material, I suggest you check our knowledge base articles and wiki for N6 guides:

Best regards,

To improve visibility of answered topics, please click 'Accept as Solution' on the reply that resolved your issue or answered your question.

RomainR. · ‎2026-01-05

Hi @Laney

Due to its architecture, it's not possible to disable TrustZone on STM32N6.
After reset, the device always starts the BootROM execution in secure mode, then jump in a FSBL application which is still in secure mode.
From CubeMX you have the possibility to generate projects as below:
- FSBL + Application Secure
- FSBL + Application Secure + Application Non Secure (integrate firmware isolation)

If you do not need this security model, you should use other STM32 device without TrustZone feature.

Best regards,

Romain,

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

SeanJ · ‎2026-02-17

"If you do not need this security model, you should use other STM32 device without TrustZone feature." This should be made a lot more obvious. I bought the NUCLEO-N657X0-Q and tried to use the CODE OUT OF THE BOX. IT DOES NOT WORK! You cannot debug. When I run the debugger, the Ux_Device_CDC_ACM_FSBL code compiles and runs, the USB_CDC_ASM enumerates and the moment I connect putty, it crashes. I know it has something to do with Azure (ie. garbage), and yes, I read the readme and followed the intructions. YOUR CODE DOESN'T EVEN RUN OUT OF THE BOX ON YOUR OWN HARDWARE? And after several days of trying to get this up and running, you tell me to abandon it and go to another STM32 Product. Bearing in mind, I have been trying to get this up and running using YOUR SOUCE CODE OUT OF THE BOX ON YOUR HARDWARE OUT OF THE BOX. How do you program and run this thing? I have tried to run it in the debugger at address 0x241C0000 and 0x341C0000, nothing. I have used the STM32_SigningTool_CLI to no end. The -trusted.bin gets compiled, but nothing happens, it just hangs after I program the N6 with the signed file. And yes, I read the datasheet for "STM32N6x5xx STM32N6x7xx", I read the "Ux_Device_CDC_ACM Application Description", I read "Getting started with STM32CubeN6 for STM32N6 serie (UM3249)", I also read "Getting started with hardware development for STM32N6 MCUs (AN5967)". HOW MANY MORE DOCUMENTS DO I NEED TO READ TO GET THIS THING WORKING ON YOUR HARDWARE USING YOUR CODE? One last note. I have been using your product for 15 years, if I am having a problems, I imagine some of your other customers are wondering the same thing I am at this point: should I be wasting my time with this? So, If I shouldn't use the STM32N6, then what? I need camera inputs, fast ones. What do you suggest? An IMX? Hell, I'll go even further with the insults and say that your readme file says add this to the .ld file

._threadx_heap :
  {
     . = ALIGN(8);
     __RAM_segment_used_end__ = .;
     . = . + 64K;
     . = ALIGN(8);
   } >RAM_D1 AT> RAM_D1

There's just one problem: RAM_D1 DOESN'T EXIST! Yeah, I get it, RAM_D1 can be changed to RAM, but then why is it crashing?! Or can't it? Maybe changing it was the problem. But why WOULD YOU GIVE ME CODE THAT YOU KNOW CAN'T COMPILE? ! I can honestly say this is sad. I am sad for you.

Laney · ‎2026-02-17

Hello!

Thank you for suggestion. I've never tested this, so i can't confirm. I also saw that N6 has some additional security features for peripherals(RIFSC and RISAF), another thing that is on the way if you don't need the security. I moved to STM32H735-DK instead.

SeanJ · ‎2026-02-17

I'll play with this for a day or 2 more and see what I can do. I'm running the NUCLEO-N657X0-Q and looking for projects that work out of the box. So far I have confirmed the following:

Ux_Device_CDC_ACM does not work out of the box. Even when following the readme instructions. Read my previous post. I could have made a mistake, but like, I said; it's all out of the box, no changes.
UART_Printf_FSBL example hangs at UART_CheckIdleState(huart) during a call to MX_USART1_UART_Init.
FreeRTOS_Mutex_FSBL also calls MX_USART1_UART_Init does NOT hang at UART_CheckIdleState(huart). This is the only project that I can confirm works out of the box. And I have run it several times.

Hope that helps. I really want to use the N6, so maybe more people will share the tweaks they performed to get their system up and running.

Cheers

SeanJ · ‎2026-02-19

I debugged my own stuff, (like we are expected to do) and got the Ux_Device_CDC_ACM project running out of the box. This is a fun story: the first time I downloaded the sample project it put this in my MPU_Config() function:

default_config.BaseAddress = __NON_CACHEABLE_SECTION_BEGIN;
default_config.LimitAddress = __NON_CACHEABLE_SECTION_END;

The second time I downloaded it put this:

  MPU_InitStruct.BaseAddress = 0x341FA600;
  MPU_InitStruct.LimitAddress = 0x341FFFFF;

The macro is defined as:

#elif defined(__GNUC__)
extern uint32_t __snoncacheable;
extern uint32_t __enoncacheable;
#define __NON_CACHEABLE_SECTION_BEGIN ((uint32_t) &__snoncacheable)
#define __NON_CACHEABLE_SECTION_END   ((uint32_t) &__enoncacheable)
#endif /* defined(__ICCARM__) */
#define __NON_CACHEABLE __attribute__((section(".noncacheable")))

This maps to the .ld file which shows:

  .noncacheable :
  {
    . = ALIGN(8);
    __snoncacheable = .;/* create symbol for start of section */
    KEEP(*(.noncacheable))
    . = ALIGN(8);
    __enoncacheable = .;  /* create symbol for end of section */
  } > RAM

I have no idea what this means. I only downloaded the sample project and did not make any changes to the .ioc file.

Long story short: it works now.

Quick Question: Will you ever get FreeRTOS working with the new USBx and USBPD library?