FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SFI Option Bytes for STM32H753ZI

jho
Associate

‎2025-07-31 1:53 AM

Hi everyone,

I want to test Secure Firmware Install (SFI) for the STM32H753ZI with the Nucleo-H753ZI.

My current option bytes are:

{
  "deviceId" : 1104,
  "bitNameToValue" : {
    "RDP" : 170,
    "BOR_LEV" : 0,
    "IWDG1_SW" : 1,
    "NRST_STOP_D1" : 1,
    "NRST_STBY_D1" : 1,
    "FZ_IWDG_STOP" : 1,
    "FZ_IWDG_SDBY" : 1,
    "SECURITY" : 1,
    "BCM7" : 1,
    "NRST_STOP_D2" : 1,
    "NRST_STBY_D2" : 1,
    "SWAP_BANK" : 0,
    "IO_HSLV" : 0,
    "BOOT_CM7_ADD0" : 2048,
    "BOOT_CM7_ADD1" : 8176,
    "PROT_AREA_START1" : 255,
    "PROT_AREA_END1" : 0,
    "DMEP1" : 0,
    "PROT_AREA_START2" : 255,
    "PROT_AREA_END2" : 0,
    "DMEP2" : 0,
    "SEC_AREA_START1" : 255,
    "SEC_AREA_END1" : 0,
    "DMES1" : 0,
    "SEC_AREA_START2" : 255,
    "SEC_AREA_END2" : 0,
    "DMES2" : 0,
    "ST_RAM_SIZE" : 3,
    "nWRP0" : 1,
    "nWRP1" : 1,
    "nWRP2" : 1,
    "nWRP3" : 1,
    "nWRP4" : 1,
    "nWRP5" : 1,
    "nWRP6" : 1,
    "nWRP7" : 1,
    "nWRP8" : 1,
    "nWRP9" : 1,
    "nWRP10" : 1,
    "nWRP11" : 1,
    "nWRP12" : 1,
    "nWRP13" : 1,
    "nWRP14" : 1,
    "nWRP15" : 1
  }
}

 When generating SFI Option Bytes with the STM32TrustedPackageCreator for the STM32H753ZI I get:

FLASH_OPTSR_PRG,0x17DEBBF0
FLASH_PRAR_PRG1,0x0000000F
FLASH_PRAR_PRG2,0x0000000F
FLASH_SCAR_PRG1,0x81000200
FLASH_SCAR_PRG2,0x81000200
FLASH_WPSN_PRG1,0xFFFFFFFF
FLASH_WPSN_PRG2,0xFFFFFFFF
FLASH_BOOT7_PRG,0x08002400
RESERVED,0x24000810

When converting this to the JSON-schema (Option Bytes with the STM32TrustedPackageCreator) :

{
  "deviceId" : 1104,
  "bitNameToValue" : {
    "RDP" : 187,
    "BOR_LEV" : 0,
    "IWDG1_SW" : 1,
    "NRST_STOP_D1" : 1,
    "NRST_STBY_D1" : 1,
    "FZ_IWDG_STOP" : 1,
    "FZ_IWDG_SDBY" : 1,
    "SECURITY" : 0,
    // "BCM7" : not found in RM0433,
    // "NRST_STOP_D2" : H753 single core,
    // "NRST_STBY_D2" : H753 single core,
    "SWAP_BANK" : 0,
    "IO_HSLV" : 0,
    "BOOT_CM7_ADD0" : 9216,
    "BOOT_CM7_ADD1" : 2048,
    "PROT_AREA_START1" : 15,
    "PROT_AREA_END1" : 0,
    "DMEP1" : 0,
    "PROT_AREA_START2" : 15,
    "PROT_AREA_END2" : 0,
    "DMEP2" : 0,
    "SEC_AREA_START1" : 512,
    "SEC_AREA_END1" : 256,
    "DMES1" : 1,
    "SEC_AREA_START2" : 512,
    "SEC_AREA_END2" : 256,
    "DMES2" : 1,
    "ST_RAM_SIZE" : 3,
    "nWRP0" : 1,
    "nWRP1" : 1,
    "nWRP2" : 1,
    "nWRP3" : 1,
    "nWRP4" : 1,
    "nWRP5" : 1,
    "nWRP6" : 1,
    "nWRP7" : 1,
    "nWRP8" : 1,
    "nWRP9" : 1,
    "nWRP10" : 1,
    "nWRP11" : 1,
    "nWRP12" : 1,
    "nWRP13" : 1,
    "nWRP14" : 1,
    "nWRP15" : 1
  }
}

 So basically there will be a change in:
RDP: 170 > 187 (RDP Level 0 to 1)
SECURITY: 1 > 0

BOOT_CM7_ADD0: 2048 > 9216
BOOT_CM7_ADD1: 8176 > 2048
PROT_AREA_START1: 255 > 15
PROT_AREA_START2: 255 > 15
SEC_AREA_START1: 255 > 512
SEC_AREA_END1: 0 > 256
DMES1: 0 > 1
SEC_AREA_START2: 255 > 512
SEC_AREA_END2: 0 > 256
DMES2: 0 > 1
 
Questions:
1. After these changes, will I be able to reverse to the standard settings? The most crucial part will be reversing the RDP Level but as I read in RM0433 a change from Level 1 to 0 is fine.
2. Does changing BOOT_CM7_ADD0 and BOOT_CM7_ADD1 require a particular application code? Or will I be able to simply put a single blinky example at 0x08000000 when generating the SFI-Image?
 
Thanks in advance.
Best regards
 
Labels:
0 Kudos
0 REPLIES 0
Top