Skip to main content
R
ramkumarkoppu
Graduate
March 28, 2025
Solved

create simple non secure only project for STM32N6570-DK on CubeMX

  • March 28, 2025
  • 2 replies
  • 1276 views

How to create simple non secure only project for STM32N6570-DK on CubeMX to use on board peripherals. by default it creates project with the FBL, secure, non-secure for this device.

    This topic has been closed for replies.
    Best answer by ramkumarkoppu

    Understood...this is your SoC boot flow is architectured, I will have to modify my development flow as per this then, thank you.

    2 replies

    R
    RomainR.
    ST Employee
    March 29, 2025

    Hi @ramkumarkoppu 

    The STM32N6 is always in secure mode after reset and this is due to internal BootROM.
    In your application, you have to choose a context run-time execution which always include a FSBL and LRUN contexts. All binaries FSBL and secure or non secure application must be signed to be correctly executed by the BootROM. Then, each contexts can be copied by BootROM from external memory, SDMMC or eMMC into SRAM, or can be executed direclty in these all external memories.    

    The application in LRUN context is always start in secure application which in charge of configure the peripheral, GPIO, memory of N6 to be allowed in non-secure application (refer to Isolation LRUN example)

    Refer to following resources.

    Let me know if it helps?
    Best regards,

    Romain,

      R
      ramkumarkoppuAuthor
      Graduate
      March 29, 2025

      Hi @RomainR., Thanks for the info. What I am trying to do achieve is to put the STM32N6570-DK in the DEV mode with secure boot disabled so that BootROM can run the non secure application binary directly from QSPI flash available on this board if it is capable of XIP. For the initial development I would like to use minimal and simple setup as possible. My board is shipped with this BOOT configuration 

      ramkumarkoppu_0-1743261547687.png

      So, can you guide me if my development setup as described above is possible with this board and CubeMX, if it is yes, how to do it please?

      Note: I was using another vendor Cortex-M33 based hardware where this setup was possible to run the non secure app from the QSPI flash with XIP in the DEV and non secure mode.

      R
      ramkumarkoppuAuthor
      Graduate
      April 2, 2025

      Hi,

      Is there any update on this issue please?

      R
      RomainR.
      ST Employee
      April 2, 2025

      Hello @ramkumarkoppu 

      As explained in my previous comment, you will not be able to execute a non-secure binary from the BootROM.

      At the STM32N6 Life-Cycle level, all shipped STM32N6 are in a Closed-Unlocked state.

      Look at the following KB: In section 4. Supported life cycle:
      https://community.st.com/t5/stm32-mcus/stm32n6-boot-rom-explained/ta-p/763648

      Moreover, the OTP18 fuse is by default already secure_boot=0. So In Dev_BOOT or in Flash Boot (XiP) your execution context will systematically be:

      • BootROM jumps into a signed FSBL binary (which will always be secure)
      • Secure FSBL jumps into a signed secure application that will configure the RIF to authorize peripherals in non-secure mode.
      • The secure application jumps into the non-secure binary that uses the previously authorized peripherals.

      There is another example in STM32Cube_FW_N6_V1.1.0\Projects\NUCLEO-N657X0-Q\Examples\RIF\RIF_Peripheral
      This time the FSBL (Secure) directly configures the RIF and jumps into a non-secure application (here the RIF authorizes the SPI)

      BR

      Romain,

      R
      ramkumarkoppuAuthorAnswer
      Graduate
      April 2, 2025

      Understood...this is your SoC boot flow is architectured, I will have to modify my development flow as per this then, thank you.

      Terms & ConditionsAccessibility statement