Skip to main content
A
AxelSchroer
Visitor II
August 20, 2024
Question

STM32H563 Debug Authentication

  • August 20, 2024
  • 1 reply
  • 779 views
Hello,
 
I have a ARM Keil MDK project with STM32H563ZI and want to protect it against readout. So I want to use the Debug Authentication. The trustzone is not activated.
 
The first time programming is done over UART and then over USB by an own tool and IAP.
 
In the firmware IAP routine I can switch the product sate to "Provisioning", but I am not sure how to program the SHA256 key into the HDP memory.
 
Am I on the right way with this ?
 
OBInit.OptionType = OPTIONBYTE_HDP;
OBInit.HDPStartSector = ???; // OBKeys address FLASH_OBK_HDPL1_BASE_S = 0x0ffd0100
OBInit.HDPEndSector = ?????;
status = HAL_FLASHEx_OBProgram( &OBInit );
 
Regards
Axel

1 reply

Frantz LEFRERE
Frantz LEFRERE
ST Employee
August 21, 2024

Hello @AxelSchroer,

HDP is a mechanism to protect  portion of user flash and associated OBK storage until a next reset.

The keys and secret are store in the OBK storage, so it was in the FLASH OBK location that you should write it.
You should not write only the sha256 but I would say the complete OBK file with it's header
On STM32H563 as there is no encryption of the OBK storage, the provisioning could be done in OPEN state.

 

I will share with you a code example for STM32CubeIDE / NucleoH563 thanks our secure file transfer tool
Best regards,
Frantz

Terms & ConditionsAccessibility statement