Skip to main content
A
AssemblerJohn
Associate II
June 24, 2025
Solved

H563zi erase/program non-secure flash area from secure app

  • June 24, 2025
  • 1 reply
  • 608 views

Hello!

I would have an app that is divided between a secure part and a non secure part.

The memory definition is as following in the secure linker script:

/* Memories definition */
MEMORY
{
RAM (xrw) : ORIGIN = 0x30000000, LENGTH = 320K
FLASH (rx) : ORIGIN = 0x0C000000, LENGTH = 64K
FLASH_NSC (rx) : ORIGIN = 0x0C010000, LENGTH = 8K
}

The first 9 sectors (0-8) are of the secure part.
When attempting to erase sector 9 (the 10th) sector from the Secure application part using:
'HAL_FLASHEx_Erase' I get a HAL_FLASH_ERROR_ECCD error.

I require this for software update, I am trying to do the following on the INACTIVE bank:
1) Delete the secure sectors and update with a new secure app
2) Delete the non-secure sectors and update with a new non-secure app

From my knowledge the secure part should be able to erase the non-secure part without any problems.

Best answer by AssemblerJohn

The complete answer:

1) if the sector is secure use

HAL_FLASH_Program(FLASH_TYPEPROGRAM_QUADWORD, (address + written), util::ptr_to_address(quad_word))

2) if the sector is non-secure use:

HAL_FLASH_Program(FLASH_TYPEPROGRAM_QUADWORD_NS, (address + written), util::ptr_to_address(quad_word))

 

3) Make sure that when programming/reading to use the 

FLASH_BASE_S (0x0C000000UL)

address for secure sectors and

#define FLASH_BASE_NS (0x08000000UL)

for non-secure sectors.

Also for erasing sectors, swap between 

FLASH_TYPEERASE_SECTORS and 
FLASH_TYPEERASE_SECTORS_NS
 

IMPORTANT NOTE: Make sure to have enabled the option -mcmse in the secure application, found at: C/C++ Build -> Settings -> MCU/MPU GCC Compiler -> Secure Mode

1 reply

Bubbles
Bubbles
ST Employee
June 24, 2025

Hi @AssemblerJohn ,

no, that's not how isolation works. Secure cannot access and erase non-secure. That's how privilege works. Privilege can manipulate unprivileged. You'll need to make a call to non-secure code to erase the non-secure pages. Or you can try to temporarily assign the pages secure attribute using FLASH_SECBB.

BR,

J

 

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
A
AssemblerJohnAuthor
Associate II
June 25, 2025

Hello!

1) Thank you for the idea. How could I assign that secure attribute?

2) This sounds a bit weird, how does OEMiROT does it (h563zi)? From my understanding it erases the whole flash, including the non-secure part, since flash area where it is installed is immutable.

Bubbles
Bubbles
ST Employee
June 25, 2025

Hi @AssemblerJohn,

I was reminded that the secure code has a simpler way of erasing non-secure pages, they can use the non-secure register to request the erase. You can have a look to the HAL flash where the secure non secure is managed using the input flat (type erase) and leads to using the secure or non secure register:

#if defined (FLASH_OPTSR2_TZEN)

  reg_cr = IS_FLASH_SECURE_OPERATION() ? &(FLASH->SECCR) : &(FLASH_NS->NSCR);

#else

  reg_cr = &(FLASH_NS->NSCR);

#endif /* FLASH_OPTSR2_TZEN */

So, using non secure alias + non secure type erase will do the job to erase a non secure page from secure code.

You just cannot use mass erase directly when there's a mix of secure and non-secure pages.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
Terms & ConditionsAccessibility statement