STMicroelectronics' STM32H503 devices are based on the ARM Cortex M33 and offer high performance and power efficiency suitable for a wide range of applications. In addition, the STM32H5 product life-cycle adds a layer of security, allowing the user to secure/unsecure a device by moving it through product states. The following example details how to step through a simple product lifecycle. This article will demonstrate how to provision and secure an STM32H503 device, Debug Authentication via password, regression, product state changes, and how this relates to production programming. Summary of required files. The example files used for this article can be downloaded here. PRODUCT_STATE Transition (.opt files) PRODUCT_STATE is set in option bytes. This example demonstrates a move from OPEN, through PROVISIONING and finishing in CLOSED. It is not possible to move directly from OPEN to CLOSED. Once the PRODUCT_STATE is set to CLOSED, debug is disabled and regression is only possible with a correct password. Figure 1. Create User Option File For more details on PRODUCT_STATE, please refer to the ST documentation. .bin files for OTP Note: Once programmed, the password can NOT be reprogrammed or erased. The user should create a new user_password.bin; they should not use the example user_password.bin that is found in the package. Once all files have been created, the user is ready to provision and program their device with PEmicro's Cyclone Image Creation Utility or PROGACMP. Programming with Cyclone If the user is unfamiliar with how to create a stand-alone programming (SAP) image, they should please refer to this article: How to Generate a Programming Image. Below is a likely command sequence: Note: Click "Build & Deploy" to launch the Cyclone Control GUI. Once connected to the Cyclone, ensure the image is displayed at the bottom of the list, then "Click to Apply Changes And Exit". The Cyclone Control GUI will close and the image will be stored on the Cyclone, indicated with a "SUCCESS!" notification. The user can then press "Start" to program a connected device. The PRODUCT_STATE is now closed, debug is disabled and regression is only allowed with Debug Authentication. Upon reset, the blinking LED will be seen. Programming with PROGACMP If the user is unfamiliar with the standard PROGACMP procedures, they should please refer to the PROGACMP User Manual for more detailed instructions. The command sequence is as described above. Debug Authentication with Cyclone Now that the PRODUCT_STATE is CLOSED, Debug Authentication is required to regain access. Select the Power and Communication tab, and check "Allow Regression", enter the user_password from earlier. Figure 2. Security Settings On subsequent programming attempts, if the PRODUCT_STATE is not open, a full regression will occur prior to programming. This includes all user flash and option bytes, but does NOT include OTP. Debug Authentication with PROG Figure 3. PEmicro Connection Manager Figure 4. Security SettingsStepping Through The STM32H5 Product Cycle
CM C:\PEMicro\cyclone\supportfiles\supportFiles_ARM\ST\STM32H5\ST_STM43H503RB_128.arp
EM ;Erase Module
BM ;Blank Check
QO C:\GPIO_IOToggle.hex
QB C:\board_password.bin 08FFF000
QB C:\data_soc_mask.bin 08FFF020
PM ;Program Module
VM ;Verify Module
SU C:\Provisioning.opt
PU ;Program User Options
VU ;Verify User Options
LO ;Launch User Options
SU C:\Closed.opt
PU ;Program user options
VU ;Verify
LO ;Launch
Tags related to this Blog Post
Cyclone
Cyclone FX
Multilink
Multilink FX
Prog ACMP
STMicroelectronics