Prerequisites

This tutorial assumes that users have a working knowledge of the STM Trusted Package Manager software tool.The following files are required;

1. .OBK file

• DA_Config.obk
• OEMiRoT_Config.obk
• OEMiRoT_Data.obk

2. Image files 

• Secure code image
• Non-secure code image
• Secure data image
• Non-secure data image

Note: The number of image files required is determined by your specific use case.

For detailed instructions on creating these files, please refer to STMicroelectronics' wiki page on How to start with OEMiRoT. The example files used for this article can be downloaded here.

3. .OPT files

Two User Option files are required in order to transition from PRODUCT_STATE Open (User Flash Open, Debug open) to PRODUCT_STATE Closed (Debug disabled, regression is possible). Transitions must occur in the correct order. The first .opt file is required to transition from PRODUCT_STATE "Open" to the intermediary PRODUCT_STATE "Provisioning". The second is required to transition from PRODUCT_STATE "Provisioning" to PRODUCT_STATE  "Closed". It is not possible to transition directly from "Open" to "Closed". Users are encouraged to program OBKeys (.obk file) while in the open state to prevent accidentally getting locked out of the device.

If the user is unfamiliar with User Option Commands, more details can be found in the article Option Bytes Revisited.

3.1 Provisioning State with Trustzone enabled ('TZ_enabled_provisioning.OPT')

• Click "Create/Modify User Options File" and change the PRODUCT_STATE to your desired state. In this example 0x17 indicates the Provisioning State. For further details on PRODUCT_STATE, please refer to the STMicroelectronics documentation.

• Enable TrustZone by changing the value to 0xB4. The user may also modify any other option bytes at this time, then click Save to File.

3.2. Closed State ('Closed.opt')

Repeat 3.1 to create another .opt to change PRODUCT_STATE to Closed, use a value for this field of 0x72.

Once all files have been created, the user is ready to program using PEmicro's Cyclone Image Creation Utility or PROGACMP.

Programming with Cyclone

If the user is unfamiliar with the creation of a stand-alone programming (SAP) image, they can refer to the "How to Regenerate a Stand Alone Programming Image” article for a broader explanation of how to create a Stand Alone Programming Image. The Cyclone LC and Cyclone FX user manuals also describe this procedure.

 Below is a likely command sequence.

CM 
EM                                  ;Erase Entire Module 
EK 01                               ;Erase OBKeys (HDPL1) 
QO C:\rot_tz_s_app_enc_sign.hex     ;Queue secure application image 
QO C:\rot_tz_ns_app_enc_sign.hex    ;Queue non-secure application image 
QO C:\s_data_enc_sign.hex           ;Queue secure data image 
QO C:\ns_data_enc_sign.hex          ;Queue non-secure data image 
QO C:\DA_Config.obk                 ;Queue .obk containing certificate 
QO C:\OEMiRoT_Config.obk            ;Queue .obk containing OEMiRoT_Config 
QO C:\OEMiRoT_Data.obk              ;Queue .obk containing OEMiRoT_Data 
PM                                  ;Program all queued files 
VM                                  ;Verify all programmed files 
SU C:\provisioning_TZenable.OPT     ;Select the first option Byte file 
PU                                  ;Program User Options 
VU                                  ;Verify User Options 
LO                                  ;Launch Options 
SU C:\Closed.OPT                    ;Select the second option Byte file 
PU                                  ;Program User Options 
VU                                  ;Verify User Options 
LO                                  ;Launch Options

The product state is now Closed. Debug is disabled and regression is only allowed with debug authentication. 

Click "Build & Deploy" to launch the Cyclone Control GUI. Once connected to the Cyclone, ensure the image is displayed at the bottom of the list, then "Click To Apply Changes And Exit". The Cyclone Control GUI will close and the image will be stored on the Cyclone (indicated by a "Success!" notification) ready to be programmed. The user can then press "Start" to program a connected device. Once programmed, the device is secured with Debug Authentication and a certificate is now required to regain access using STM Cube Programmer.

Programming with PROGACMP

If the user is unfamiliar with the standard PROGACMP procedures, please refer to the PROGACMP User Manual for more detailed instructions. The command sequence is as described above.

Debug Authentication

To perform regression/debug reopening on a device provisioned for debug authentication, open STM Cube programmer, select Secure Programming (Shield) on the left menu, and select the DA tab.

Click "Discover" to communicate with the device and enter the key and certificate file path as required.

Click "Continue" to select the level of entry and execute.

Assuming permissions were correctly programmed and selected, a popup box will indicate successful debug authentication.