Skip to main content
P
peter7
Associate II
September 5, 2025
Solved

Using RSSLib->DataProvisioning() interface without TZ

  • September 5, 2025
  • 2 replies
  • 834 views

I'm trying to get the Debug Authentication provisioning to work. I managed to write it from within the application, but then I found the errata sheet(es0565-stm32h562xx563xx573xx-device-errata-stmicroelectronics.pdf) which states otherwise:

"Chapter 2.2.35: Debug Authentication provisioning cannot be done from the application when TZEN is disabled"

 

I tried to do the provisioning with RSSLib->DataProvisioning(), as mentioned in the errata sheet, but I end up getting a hardfault.

I'm using the nucleo-h536zi-board, trustzone is disabled.

 

 RSSLIB_DataProvisioningConf_t a;
 a.pSource = sData;
 a.pDestination = (uint32_t *) (0x0FFD0100);
 a.Size = 0x60;
 a.DoEncryption = 0xCACA0AA0U;
 a.Crc = 0;
 uint32_t c = RSSLIB_PFUNC->NSC.DataProvisioning(&a);

Since the CRC is not correct, I expect to get the CRC error instead of a hard fault.

 

Is there something I need to set up before calling DataProvisioning? I tried to find an example, is there one somewhere?

 

Best regards,

Peter

Best answer by Jocelyn RICARD

Hello @peter7 ,

This errata is actually very misleading.

I created an internal ticket to have it fixed.

First, it only applies to STM32H573 providing crypto accelerators.

Second there is actually no workaround as far as I can tell (for STM32H573)

So, in your case, using a STM32H563, where DA OBK is not encrypted, you just need to write OBK file in clear and that's it.

This can be done in either OPEN or CLOSED state, because it is not encrypted.

Best regards

Jocelyn

2 replies

Jocelyn RICARD
Jocelyn RICARDBest answer
ST Employee
September 10, 2025

Hello @peter7 ,

This errata is actually very misleading.

I created an internal ticket to have it fixed.

First, it only applies to STM32H573 providing crypto accelerators.

Second there is actually no workaround as far as I can tell (for STM32H573)

So, in your case, using a STM32H563, where DA OBK is not encrypted, you just need to write OBK file in clear and that's it.

This can be done in either OPEN or CLOSED state, because it is not encrypted.

Best regards

Jocelyn

P
peter7Author
Associate II
September 10, 2025

Thank you Jocelyn.

 

It is good to know that we are not affected by this error.

Does that mean that RSSLib->DataProvisioning() doesn't work at all without TZ?

 

Provisioning from within the application works for me, but I'm not sure how to reliable tell its success. I asked this question in another ticket:

https://community.st.com/t5/stm32-mcus-products/stm32h5-getting-the-provisioned-state-from-within-the-firmware/td-p/836233

 

Best regards,

Peter

Jocelyn RICARD
Jocelyn RICARD
ST Employee
September 11, 2025

Hi @peter7 ,

I will answer in the other thread

Best regards

Jocelyn

Terms & ConditionsAccessibility statement