Enabling RDP when TrustZone is active

mikel-m · ‎2024-06-19

Hi,

I am conducting tests with the HSM and SFI. I have tried the use case of attempting to install an SFI with an HSM that uses other keys. Obviously, I couldn't do it, but now I cannot connect the microcontroller in "normal" mode. If I connect it in "Hot plug" mode and try to change the RDP, it shows the following message:
Enabling RDP when TrustZone is active!
If no valid secure code booting and calling non-secure code, it may prevent disabling TrustZone And RDP.

And if I click OK, it shows the following message:
Your device may be lost FOREVER

What should I do to fix this error so that I can reconnect the microcontroller to the STM32CubeProgrammer?

Best regards,

Aziz BRIGUI · ‎2024-06-20

Hello @mikel-m,

Welcome to ST Community :) !

The message you're seeing is a warning not an error, it is displayed because in many configurations, you can lose your device if you set RDP when TrustZone is active.

What I advise is to check section 9 in AN5347.

Basically, to make sure not to lose your chip, the following conditions should be met:

- nSWBOOT0 option byte is checked (BOOT0 taken from PH3/BOOT0 pin)
- NSBOOTADD1 option byte is configured to 0x17F200 value at 0x0BF9 0000 address (RSS address).
- BOOT_LOCK option byte is unchecked (boot based on the pad/option bit configuration).

Hope this helps,

Aziz

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

View solution in original post

Aziz BRIGUI · ‎2024-06-20