Skip to main content
M
Marty_Revival
Associate II
April 21, 2026
Question

Secure FREERTOS Trustzone doesn't show configuration options in CubeMX 6.17.0

  • April 21, 2026
  • 1 reply
  • 158 views

Hi All,

I have an issue with STM32CubeMX 6.17.0 (Windows 11 + Visual Studio Code)

I want to start a STiRoT Full secure project (with DA and encryption) for STM32H573 with FREERTOS.
But when I add the freertos software pack, I don't get any configuration options.

  • Open STM32CubeMX
  • Start My project from MCU
  • Select STM32H573IIK3Q (same as STM32H573I-DK)
  • Enable ICACHE and MPU -> Yes
  • With TrustZone
  • Software packs -> Select Component -> Cortex-M33 Secure -> X-CUBE-FREERTOS 1.5.0 -> CMSIS RTOS2 11.2.0 -> Core : TZ_Secure (I can't select Heap???)
  • No configuration is shown

Marty_Revival_0-1776797652895.png

If I add FREERTOS to non-secure I am able to open configuration options

Marty_Revival_1-1776797790827.png


I have added my IOC file.
Can someone tell me what I'm doing wrong?

Thanks!

With kind regards,
Marty

1 reply

Ghofrane GSOURI
Ghofrane GSOURI
Technical Moderator
April 22, 2026

Hello @Marty_Revival 

I'm currently checking this behavior. I will get back to you ASAP.

THX

Ghofrane

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
    M
    Marty_RevivalAuthor
    Associate II
    April 22, 2026

    Hello @Ghofrane GSOURI 

    That's great! Thanks for the quick reply and for picking this up!
    Please let me know if there is something I can or should test on my side to get this issue fixed fast!

    I'm planning on using the STM32H573 (or maybe the STM32H5F5) in a new product and I'm planning on using the full STiRoT, with secure encrypted updates but I want to use FREERTOS in the secure part.

    One more question, hope that it's not too much offtopic, if so I will make a seperate post.
    When selecting a secure-only project (without non secure).

    Marty_Revival_1-1776851396766.png

     

    With DA and STiRoT. Why does the mapping for M33S start at 0xC000400 and not on 0xC0000000? Does this mean that my "Firmware Execution area offset" and "Firmware download area offset" can't both be 0x00100000 (1MB) but should be a little bit smaller? Or does the tool take that start offset into account?

    Marty_Revival_0-1776851342165.png

     

    Ghofrane GSOURI
    Ghofrane GSOURI
    Technical Moderator
    April 23, 2026

    Hello @Marty_Revival 

    After several attempts, STM32CubeMX always worked correctly, and I was able to enable

    X-CUBE-FREERTOS in both the secure and non-secure contexts. This suggests that the shared .ioc file may have been corrupted.

    Regarding the missing FreeRTOS configuration options in the secure context, the key point is that STM32CubeMX is mainly designed for the simpler TrustZone use model.

    In this model, FreeRTOS tasks are typically created in the non-secure world, while the secure world provides protected services such as:

    1- access to secure peripherals,
    2- secure function calls,
    3- or other trusted operations.

    In a multitask environment managed by FreeRTOS, non-secure tasks may need to request services from the secure world. These interactions must be synchronized properly so that secure processing does not interfere with the expected real-time behavior of the system.

    So, from a tooling perspective, CubeMX mainly supports this standard architecture, which is why the usual FreeRTOS task configuration is available on the non-secure side.

    It is still technically possible to run an RTOS and create tasks in the secure world on a Cortex-M33 with TrustZone, but CubeMX does not provide full support or configuration UI for that advanced use case. If secure-side tasks are required, they generally need to be implemented manually by the user.

    As a reference, you can check the example: FreeRTOS_Queues_ThreadFlags_TrustZone

    This example illustrates  the use of message queues, thread flags with CMSIS_RTOS2 API along with the use of FreeRTOS when the TrustZone feature is enabled (TZEN=1) readme

    Regarding your question about STiRoT, I recommend that you post it in the Security forum, where you can get more specific support and guidance.

    THX

    Ghofrane

    To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
    Terms & ConditionsAccessibility statement