Skip to main content
K
krook
Associate III
July 24, 2025
Question

stm32l552zeq Nucleo board cannot disable trustzone

  • July 24, 2025
  • 1 reply
  • 312 views

Hi, I managed to enable TrustZone by setting the TZEN-bit to 1 like so

STM32_Programmer_CLI -c port=SWD -ob TZEN=1

But I can't seem to manage to turn it off the same way. I've tried doing it from the graphical interface as well, with the same results. Do I have to do anything special on this board to set TZEN to 0?

Here are my complete set of option bytes. I've only changed TZEN=1 myself.

STM32_Programmer_CLI -c port=SWD -ob displ
 -------------------------------------------------------------------
 STM32CubeProgrammer v2.20.0 
 -------------------------------------------------------------------

ST-LINK SN : 066BFF505048878667122712
ST-LINK FW : V2J45M31
Board : NUCLEO-L552ZE-Q
Voltage : 3,26V
SWD freq : 4000 KHz
Connect mode: Normal
Reset mode : Software reset
Device ID : 0x472
Revision ID : Rev Z
Device name : STM32L5xx
Flash size : 512 KBytes (default)
Device type : MCU
Device CPU : Cortex-M33
BL Version : --


UPLOADING OPTION BYTES DATA ...

 Bank : 0x00
 Address : 0x50022040
 Size : 40 Bytes

[==================================================] 100% 

 Bank : 0x01
 Address : 0x50022060
 Size : 16 Bytes

[==================================================] 100% 


OPTION BYTES BANK: 0

 Read Out Protection:

 RDP : 0xAA (Level 0, no protection) 

 BOR Level:

 BOR_LEV : 0x0 (BOR Level 0, reset level threshold is around 1.7 V) 

 User Configuration:

 nRST_STOP : 0x1 (No reset generated when entering Stop mode) 
 nRST_STDBY : 0x1 (No reset generated when entering Standby mode) 
 nRST_SHDW : 0x1 (No reset generated when entering the Shutdown mode) 
 IWDG_SW : 0x1 (Software independent watchdog) 
 IWDG_STOP : 0x1 (IWDG counter active in stop mode) 
 IWDG_STDBY : 0x1 (IWDG counter active in standby mode) 
 WWDG_SW : 0x1 (Software window watchdog) 
 SWAP_BANK : 0x0 (Bank 1 and bank 2 address are not swapped) 
 DB256 : 0x1 (256Kb dual-bank Flash with contiguous addresses) 
 DBANK : 0x1 (Dual bank mode with 64 bits data) 
 SRAM2_PE : 0x1 (SRAM2 parity check disable) 
 SRAM2_RST : 0x1 (SRAM2 is not erased when a system reset occurs) 
 nSWBOOT0 : 0x1 (BOOT0 taken from PH3/BOOT0 pin) 
 nBOOT0 : 0x1 (nBOOT0 = 1) 
 PA15_PUPEN : 0x1 (USB power delivery dead-battery disabled/ TDI pull-up activated) 
 TZEN : 0x1 (Global TrustZone security enabled) 
 HDP1EN : 0x0 (No HDP area 1) 
 HDP1_PEND : 0x0 (0x8000000) 
 HDP2EN : 0x0 (No HDP area 2) 
 HDP2_PEND : 0x0 (0x8000000) 
 NSBOOTADD0 : 0x100000 (0x8000000) 
 NSBOOTADD1 : 0x17F200 (0xBF90000) 
 SECBOOTADD0 : 0x180000 (0xC000000) 
 BOOT_LOCK : 0x0 (Boot based on the pad/option bit configuration) 

 Secure Area 1:

 SECWM1_PSTRT : 0x0 (0x8000000) 
 SECWM1_PEND : 0x7F (0x803F800) 

 Write Protection 1:

 WRP1A_PSTRT : 0x7F (0x803F800) 
 WRP1A_PEND : 0x0 (0x8000000) 
 WRP1B_PSTRT : 0x7F (0x803F800) 
 WRP1B_PEND : 0x0 (0x8000000) 
OPTION BYTES BANK: 1

 Secure Area 2:

 SECWM2_PSTRT : 0x0 (0x8040000) 
 SECWM2_PEND : 0x7F (0x807F800) 

 Write Protection 2:

 WRP2A_PSTRT : 0x7F (0x807F800) 
 WRP2A_PEND : 0x0 (0x8040000) 
 WRP2B_PSTRT : 0x7F (0x807F800) 
 WRP2B_PEND : 0x0 (0x8040000)

I've tried erasing flash and then changing it, it doesn't change anything. I tried following a trick online that said to do

set ST_PROGRAMMER_PATH="C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\STM32_Programmer_CLI.exe"
%ST_PROGRAMMER_PATH% -c port=SWD mode=HotPlug -ob nSWBOOT0=0 nBOOT0=0
%ST_PROGRAMMER_PATH% -c port=SWD mode=HotPlug -ob RDP=0xDC
%ST_PROGRAMMER_PATH% -c port=SWD mode=HotPlug -ob RDP=0xAA TZEN=0
%ST_PROGRAMMER_PATH% -c port=SWD mode=HotPlug -ob nSWBOOT0=1 nBOOT0=1

but it was a nightmare lowering RDP to 0 again. It is now 0 as before, but TZEN is still 1.

Here is the output that I get when I try to change it manually

(3.8.18) robert@robert-Latitude-5400:~/Projects/test-stm32-nucleo$ STM32_Programmer_CLI -c port=SWD -ob TZEN=0
 -------------------------------------------------------------------
 STM32CubeProgrammer v2.20.0 
 -------------------------------------------------------------------

ST-LINK SN : 066BFF505048878667122712
ST-LINK FW : V2J45M31
Board : NUCLEO-L552ZE-Q
Voltage : 3,26V
SWD freq : 4000 KHz
Connect mode: Normal
Reset mode : Software reset
Device ID : 0x472
Revision ID : Rev Z
Device name : STM32L5xx
Flash size : 512 KBytes (default)
Device type : MCU
Device CPU : Cortex-M33
BL Version : --


UPLOADING OPTION BYTES DATA ...

 Bank : 0x00
 Address : 0x50022040
 Size : 40 Bytes

[==================================================] 100% 

 Bank : 0x01
 Address : 0x50022060
 Size : 16 Bytes

[==================================================] 100% 


PROGRAMMING OPTION BYTES AREA ...

 Bank : 0x00
 Address : 0x50022040
 Size : 40 Bytes





Reconnecting...
Reconnected !


UPLOADING OPTION BYTES DATA ...

 Bank : 0x00
 Address : 0x50022040
 Size : 40 Bytes

[==================================================] 100% 

 Bank : 0x01
 Address : 0x50022060
 Size : 16 Bytes

[==================================================] 100% 

OPTION BYTE PROGRAMMING VERIFICATION:

Error: Expected value for Option Byte "tzen": 0x0, found: 0x1
Error: Option Byte Programming failed Or modified by application after OB_LAUNCH

Time elapsed during option Bytes configuration: 00:00:02.153

 I've tried it like this and with mode=HotPlug.

Any ideas?

1 reply

Bubbles
Bubbles
ST Employee
July 28, 2025

Hi @krook,

does this help?

Security:How to disable TrustZone in STM32L5xx devices during development phase - stm32mcu

The L5 was our first CortexM33 MCU and some mechanisms are unrefined. I'd recommend looking at the U5 series as better alternative.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
Terms & ConditionsAccessibility statement