STMicroelectronics' STM32H503 devices are based on the ARM Cortex M33 and offer high performance and power efficiency suitable for a wide range of applications. In addition, the STM32H5 product life-cycle adds a layer of security, allowing the user to secure/unsecure a device by moving it through product states. The following example details how to step through a simple product lifecycle.

Stepping Through The STM32H5 Product Cycle

This article will demonstrate how to provision and secure an STM32H503 device, Debug Authentication via password, regression, product state changes, and how this relates to production programming.

Summary of required files.

• provisioning.OPT
• closed.OPT
• user_password.bin (used to create board_password)
• board_password.bin (programmed to 0x08FFF000)
• data_soc_mask.bin (programmed to 0x08FFF020)
• GPIO_IOToggle.hex (or other user application)

The example files used for this article can be downloaded here.

PRODUCT_STATE Transition (.opt files)

PRODUCT_STATE is set in option bytes. This example demonstrates a move from OPEN, through PROVISIONING and finishing in CLOSED. It is not possible to move directly from OPEN to CLOSED. Once the PRODUCT_STATE is set to CLOSED, debug is disabled and regression is only possible with a correct password.

1. Click "Create/Modify User Options File" and change the PRODUCT_STATE to your desired state. In this example 0x17 indicates the PROVISIONING State.

   

   Figure 1. Create User Option File

2. Repeat step 1, this time entering 0x72 for CLOSED. You should now have two .opt files, e.g. provisioning.opt and closed.opt.

For more details on PRODUCT_STATE, please refer to the ST documentation.

.bin files for OTP

1. board_password.bin -  This is the HASH of user_password, which will be provisioned at address 0x08FF_F000. A batch file "create_password.bat" provided by STMicroelectronics in the STM32Cube MCU Package for STM32H5 series can be used to generate this file.

   Note: Once programmed, the password can NOT be reprogrammed or erased. The user should create a new user_password.bin; they should not use the example user_password.bin that is found in the package.

   1. Create an ASCII password and save it as "user_password.bin". 
   2. Replace the "user_password.bin" file found in the example project, likely at: C:\STM32Cube_FW_H5_V1.2.0\Projects\NUCLEO-H503RB\ROT_Provisioning\DA with the new user_password.bin
   3. In the same folder, run create_password.bat. This will produce "board_password.bin" which you will later program
   4. Ensure user_password.bin is stored safely, it will be needed later for regression.
2. data_soc_mask.bin contains specific configuration data related to the System-on-Chip (SoC) security and will be provisioned to address 0x08FF_F020. An example file can be found in the same folder as "board_password.bin" above. This can be edited if the user knows the specific bits and configurations required or programmed directly as is the case in this example.

Once all files have been created, the user is ready to provision and program their device with PEmicro's Cyclone Image Creation Utility or PROGACMP. 

Programming with Cyclone

If the user is unfamiliar with how to create a stand-alone programming (SAP) image, they should please refer to this article: How to Generate a Programming Image.

Below is a likely command sequence:

CM C:\PEMicro\cyclone\supportfiles\supportFiles_ARM\ST\STM32H5\ST_STM43H503RB_128.arp 
EM ;Erase Module 
BM ;Blank Check 
QO C:\GPIO_IOToggle.hex 
QB C:\board_password.bin 08FFF000 
QB C:\data_soc_mask.bin 08FFF020 
PM ;Program Module 
VM ;Verify Module 
SU C:\Provisioning.opt 
PU ;Program User Options 
VU ;Verify User Options 
LO ;Launch User Options 
SU C:\Closed.opt 
PU ;Program user options 
VU ;Verify 
LO ;Launch

Note: 

• The OTP area (covered by the two .bin files) can only be programmed ONCE. Subsequent programming must omit both QB commands.
• LO is required after each PU command.

Click "Build & Deploy" to launch the Cyclone Control GUI. Once connected to the Cyclone, ensure the image is displayed at the bottom of the list, then "Click to Apply Changes And Exit". The Cyclone Control GUI will close and the image will be stored on the Cyclone, indicated with a "SUCCESS!" notification. The user can then press "Start" to program a connected device.

The PRODUCT_STATE is now closed, debug is disabled and regression is only allowed with Debug Authentication. Upon reset, the blinking LED will be seen.

Programming with PROGACMP

If the user is unfamiliar with the standard PROGACMP procedures, they should please refer to the PROGACMP User Manual for more detailed instructions. The command sequence is as described above. 

Debug Authentication with Cyclone

Now that the PRODUCT_STATE is CLOSED, Debug Authentication is required to regain access.

Select the Power and Communication tab, and check "Allow Regression", enter the user_password from earlier. 

Figure 2. Security Settings

On subsequent programming attempts, if the PRODUCT_STATE is not open, a full regression will occur prior to programming. This includes all user flash and option bytes, but does NOT include OTP.

Debug Authentication with PROG

1. In PEmicro Connection Manager, check "Mass erase upon connection to target" and then Security Settings.

   

   Figure 3. PEmicro Connection Manager

2. A dialog box will appear, check "Allow Regression" and enter the user_password used to create the board_password earlier. Click OK and Connect.

   

   Figure 4. Security Settings

3. Successful regression will result in a mass erase and a window prompting the user to select an algorithm. The PRODUCT_STATE is now OPEN.