PEmicro Blog

STMicroelectronics: Provisioning/Securing STM32H573 Devices with OBKeys (Certificate and Password Authentication)

Jun 25, 2024

PEmicro's development tools and production programmers now support OBK programming for STMicroelectronics' STM32H573 series product line. With all the features of the STM32H563 line, including enhanced performance, better power efficiency and more embedded peripherals, STM32H573 devices also include a secure key storage mechanism which adds an additional layer of security for OBKeys. 

How to Program OBKeys for Debug Authentication (DA) on STM32H573xx

One use case of the OBKey region is to provision the area with a password (when TZ is disabled) or a certificate (when TZ is enabled). This allows the user to secure a device after programming, prohibiting access until the correct credentials are provided. Programming the STM32H573 OBKey region varies slightly compared to the STM32H563 because the area is automatically encrypted during programming, requiring the use of the RSSLIB ROM routines.

Complete example files used for this article can be downloaded here:

Prerequisites

This tutorial assumes that users have a working knowledge of the STM Trusted Package Manager software tool. Two example programming sequences are provided. 

Example 1. Trustzone is enabled, certificates are required for debug authentication.

Example 2. Trustzone is disabled, a password is required for debug authentication.

The following files are required:

1. .OBK file

DA_Config.obk (Trustzone is enabled) OR DA_ConfigWithPassword.obk (Trustzone is disabled)

For detailed instructions on creating DA_config.obk (Trustzone enabled) please refer to section 2.1.2 of STMicroelectronics' wiki page How to start with OEMiRoT on STM32H573. Alternatively, for DA_ConfigWithPassword.obk (TrustZone disabled), please refer to  section 2.1 of their wiki page How to start with DA access on STM32H573 TrustZone disabled

2. .OPT files

In both examples, after the main flash has been programmed in PRODUCT_STATE Open, the PRODUCT_STATE must change to Provisioning in order to program OBKeys. Once OBKeys have been programmed, the final PRODUCT_STATE can then be set. PRODUCT_STATE and TrustZone are set in option bytes and programmed with User Option Commands. If you are unfamiliar with User Option Commands, more details can be found in the article Option Bytes Revisited.

Note: OBKeys can only be programmed in the Provisioning PRODUCT_STATE for STM32H573xx

3. Main flash program

A blinky.hex file has been provided in the example files.

Programming with Cyclone

If the user is unfamiliar with with the creation of a stand-alone programming (SAP) image, they can refer to How to Regenerate a Stand Alone Programming image for a broader explanation. The Cyclone LC and Cyclone FX manuals also describe this procedure. 

Below are likely command sequences for examples 1. and 2.  

Example 1. Trustzone is enabled, certificates are required for debug authentication.

CM    C:\pathToFile\ST_STM32H573ZI_2MB.arp
EM    :Erase Entire Module
BM    ;Blank Check Module
SU    C:\pathToFile\tz_enable.OPT
PU    ;Program User Options
VU    ;Verify User Options
LO    ;LAUNCH OPTIONS
QO    C:\pathToFile\blinky.hex
PM    ;Program Module
VM    ;Verify Module
SU    C:\pathToFile\provisioning.OPT
PU    ;Program User Options
VU    ;Verify User Options
LO    ;LAUNCH OPTIONS
CQ    ;Clear Queue
RE    ;Reset
CM    C:\pathtoFile\ST_STM32H573ZI_8KB_OBKeys.arp
QO    C\pathToFile\DA_Config.obk
PM    ;Program Module
CQ    ;Clear Queue
CM    C:\pathToFile\ST_STM32H573ZI_2MB.arp
SU    C:\pathToFile\provisioned.OPT
PU    ;Program User Options
VU    ;Verify User Options LO    ;LAUNCH OPTIONS

Example 2. Trustzone is disabled, a password is required for debug authentication.

CM    C:\pathToFile\ST_STM32H573ZI_2MB.arp
EM    :Erase Entire Module
BM    ;Blank Check Module
QO    C\pathToFile\blinky.hex
PM    ;Program Module
VM    ;Verify Module
SU    C:\pathToFile\provisioning.OPT
PU    ;Program User Options
VU    ;Verify User Options
LO    ;LAUNCH OPTIONS
CQ    ;Clear Queue
RE    ;Reset
CM    C:\pathtoFile\ST_STM32H573ZI_8KB_OBKeys.arp
QO    C:\pathToFile\DA_ConfigWithPassword.obk
PM    ;Program Module
CQ    ;Clear Queue
CM    C:\pathToFile\ST_STM32H573ZI_2MB.arp
SU    C:\pathToFile\provisioned.OPT
PU    ;Program User Options
VU    ;Verify User Options
LO    ;LAUNCH OPTIONS

Click "Build & Deploy" to launch the cyclone control GUI. Once connected to the cyclone, ensure the image is displayed at the bottom of the list, then "Click To Apply Changes and Exit". The cyclone control GUI will close and the image will be stored on the Cyclone, indicated with a "Success" notification, ready to be programmed. The user can then press "Start" to program a connected device. Once programmed, the device is secured with Debug Authentication and a certificate is now required to regain access using STM Cube Programmer.. 

Programming with PROGACMP

If the user is unfamiliar with the standard PROGACMP procedures, they may refer to the PROGACMP User Manual for more detailed instructions. The command sequence is as described above, with the exception of Clear Queue (CQ). Upon choosing the required algorithm, the queue is automatically cleared.

Related Articles

Tags related to this Blog Post

Cyclone     Cyclone FX     Multilink     Multilink FX     STMicroelectronics     Production Programming