PEmicro Blog

PEmicro Adds Debug Authentication With Password Support for STM32H563xx (Trustzone Disabled)

PEmicro's development and production tools now support STMicroelectronics Debug Authentication with password for STM32H563x devices when TrustZone is disabled. These devices offer enhanced performance and security, better power efficiency, and more embedded peripherals. Such features render them exceptionally suited for deployment across diverse industries, spanning from medical and healthcare to smart city infrastructure, personal electronics, smart home systems, and industrial applications. 

The STM32H563xx product lifecycle now supported by PEmicro consists of a number of Product States, each with their own degree of security. In the tutorial below, we demonstrate how to program main flash and provision a device for debug Authentication with password when TrustZone is disabled.

Tutorial Summary

  1. PRODUCT_STATE  "Open".  Program the main flash and .obk file containing the password hash created in STM32 Trusted Package Creator.
  2. Transition to PRODUCT_STATE "Provisioning" by programming the first .opt file. (Debug is partially opened)
  3. Transition to PRODUCT_STATE "Closed" by programming a second .opt file. (Further debug access is not permitted without debug Authentication)
  4. Regression is achieved by entering a valid password. A fully regressed device will return the Product state to Open, and erase user data in user Flash SRAM and OBKeys, similar to a factory reset.

NOTE: The user is strongly encouraged to ensure the OBKeys are correctly provisioned and the password is recorded before transitioning from the open state. Failure to correctly program the .obk file will result in the user being unable to regain debug access once the device has transitioned to PRODUCT_STATE "Closed"

This protected functionality is available in PEmicro’s latest Cyclone firmware release and with the newest instances of PROGACMP for 1) an interactive solution (via PROGACMP software), or 2) a standalone programming solution (via the Cyclone's Image Creation Utility). 

Prerequisites for both PROGACMP and Cyclone Image Creation Utility.

1. Create .OBK file in Trusted Package Creator

Users are assumed to have a working knowledge of STM Trusted Package Manager software tool in order to effectively utilize this tutorial. The .obk file produced here, will contain a hash of the user's password. This file is then easily and directly programmed with PEmicro's software as shown in the steps later. 

Open STM32 Trusted Package Creator and select H5 from the left menu. Upload your configuration .xml and adjust password as needed. If you are unfamiliar with this process, a sample file "DA_ConfigWithPassword.xml" file is provided with STM32 Trusted Package Creator software. Select an output file path and click Generate OBKey.

Fig 1. STM32 Trusted Package Creator

2. Create User Option Files (.OPT)

If the user is unfamiliar with User Option Commands, more details can be found at Option Bytes Revisted

To transition from PRODUCT_STATE Open (User Flash Open, Debug open) to PRODUCT_STATE Closed (Debug disabled, regression is possible), two User Option Files are required. Transitions must occur in the correct order. The first .opt file is required to transition from PRODUCT_STATE "Open", to the intermediary PRODUCT_STATE "Provisioning". The second is to transition from PRODUCT_STATE "Provisioning" to PRODUCT_STATE  "Closed". It is not possible to transition directly from "Open" to "Closed". Users are encouraged to program OBKeys (.obk file) while in the open state to prevent accidently getting locked out of the device.

Click "Create/Modify User Options File" and change the PRODUCT_STATE to your desired state. In this example 0x17 indicates the Provisioning State. For further details on PRODUCT_STATE, please refer to the ST documentation. 

You may also modify any other option bytes at this time (Note: this tutorial only covers the case where trustzone is disabled).Then click Save to File. 

Repeat this step for PRODUCT_STATE Closed, entering 0x72. You now have two files, e.g. provisioning.opt and closed.opt.

Debug Authentication with Cyclone

If the user is unfamiliar with the creation of a stand-alone programming (SAP) image, they can refer to: How to Regenerate a Stand Alone Programming Image” blog post for a broader explanation of how to create a Stand Alone Programming Image. The Cyclone LC and Cyclone FX user manuals also describe this procedure. 

Ensure the device is erased by including the commands Erase Entire Module (EM) and Erase Keys (EK 01).

A value of 01, will erase data from HDPL 1 and higher (HDPL1, HDPL2, HDPL3_Secure and HDPL3_NS). 

Enter HDPL > 1 when prompted to ensure the entire OBkeys region is blank. 

Below is a likely command sequence. 

Note: LO is required after PU for User Options to take effect

Choose the Algorithm specific to your device

CM C:\PEMicro\cyclone\supportfiles\supportFiles_ARM\ST\STM32H5\ST_STM32H563ZI_2MB.arp                      

EM ;Erase Entire Module                           Erase Main Flash

EK 01                                                              Erase OBKeys

QO C:\mainFlash.S19                                  Queue main program

QO C:\DA_ConfigWithPassword.obk     Queue .OBK file containing password  

PM ;Program Module                                Program Both Files

VM  ;Verify Module                                   Verify Both Files

SU C:\provisioning.OPT                           Select the provisioning.opt file created in step 2 above.

PU ;Program User Options                          

VU ;Verify User Options 

LO ;Launch Options                                 Required for User Options to take effect

SU C:\Closed.OPT                                   Select the Closed.opt file created in step 2 above

PU ; Program User Options                        

VU ;Verify User Options

LO ;Launch Options                                  Required for User Options to take effect

The product state is now Closed. Debug is disabled and regression is only allowed with debug authentication. 

Click "Build & Deploy" to launch the cyclone control GUI. Once connected to the cyclone, ensure the image is displayed at the bottom of the list, then "Click To Apply Changes And Exit". The cyclone control GUI will close and the image will be stored on the Cyclone, (indicated with a "Success!" notification) ready to be programmed. The user can then press "Start" to program a connected device. Once programmed, the device is secured with Debug Authentication and a password is now required to regain access.

Regression with Cyclone

  1. Select the Power and Communication tab next to Image Script

  2. Click Mass erase upon connection to target and Allow Regression, then enter the Password used to create the .obk file provisioned to the device. Note: Both boxes must be checked to fully regress the device.

  1. Click "Build & deploy" as detailed above to display Cyclone control GUI, then "Click To Apply Changes And Exit". Once the image is stored to the Cyclone, press "Start" to program a device. 

  2. Successful debug authentication will result in a full regression followed by the command sequence entered in image script.

Debug Authentication with PROGACMP

Ensure the device is erased by clicking Erase Entire Module (EM) and Erase Keys (EK). Enter HDPL > 1 when prompted to ensure the entire OBKeys region is blank.

Fig 2. Select HDPL 1 to erase entire OBkeys region

Below is a likely sequence of commands entered in PROGACMP including the Erase command described above. If the user is unfamiliar with the standard PROGACMP procedures, please refer to the PROGACMP User Manual for more detailed instructions

Note: LO is required after PU for User Options to take effect


CM C:\PEMicro\PROGACMP\supportFiles_ARM\ST\STM32H5\ST_STM32H573ZI_2MB.arp 

                                                                      Choose the Algorithm specific to your device

EM                                                                 Erase Main Flash

EK 01                                                              Erase OBKeys Region         

QO C:\yourMainProgram.s19                    Queue main program

QO C:\DA_ConfigWithPassword.obk      Queue .OBK file containing password    

PM                                                                   Program Both Files

VM                                                                   Verify Both files

                                                                        (The device is now provisioned for DA)

SU C:\yourFilepath\provisioning.OPT      Select the provisioning.opt file created in step 2 above.

PU                                                                   Program User Options

VU                                                                  Verify User Options

LO ;                                                                 Launch Options, (Required for User Options to take effect)

                                                                        (The device is now in Provisioning State.)

                                                                        Do not disconnect or reset the device at this time.

SU C:\yourFilepath\closed.OPT              Select the closed.opt file created in step 2 above.

PU                                                                  Program User Options

VU                                                                  Verify User Options

LO                                                                   Launch Options, (Required for User Options to take effect)

The product state is now Closed. Debug is disabled and regression is only allowed with debug authentication. 

Regression with PROGACMP

1. Upon connection with the device, check “Mass erase upon connection to target”.


2. Click Security Settings and enter the Password used to secure the device, followed by OK.



3. Click connect.  A successful debug authentication will erase user data in user Flash SRAM and OBKeys, similar to a factory reset and return the device to an Open state. If Debug authentication is unsuccessful, PEMicro Connection Manager will reappear with an error message “Can’t communicate with the target processor!”.

Tags related to this Blog Post

Cyclone     Cyclone FX     Multilink     Multilink FX     STMicroelectronics     Production Programming     Debug