Skip to main content
J
jho
Associate II
July 31, 2025
Question

SFI Option Bytes for STM32H753ZI

  • July 31, 2025
  • 0 replies
  • 298 views

Hi everyone,

I want to test Secure Firmware Install (SFI) for the STM32H753ZI with the Nucleo-H753ZI.

My current option bytes are:

{
 "deviceId" : 1104,
 "bitNameToValue" : {
 "RDP" : 170,
 "BOR_LEV" : 0,
 "IWDG1_SW" : 1,
 "NRST_STOP_D1" : 1,
 "NRST_STBY_D1" : 1,
 "FZ_IWDG_STOP" : 1,
 "FZ_IWDG_SDBY" : 1,
 "SECURITY" : 1,
 "BCM7" : 1,
 "NRST_STOP_D2" : 1,
 "NRST_STBY_D2" : 1,
 "SWAP_BANK" : 0,
 "IO_HSLV" : 0,
 "BOOT_CM7_ADD0" : 2048,
 "BOOT_CM7_ADD1" : 8176,
 "PROT_AREA_START1" : 255,
 "PROT_AREA_END1" : 0,
 "DMEP1" : 0,
 "PROT_AREA_START2" : 255,
 "PROT_AREA_END2" : 0,
 "DMEP2" : 0,
 "SEC_AREA_START1" : 255,
 "SEC_AREA_END1" : 0,
 "DMES1" : 0,
 "SEC_AREA_START2" : 255,
 "SEC_AREA_END2" : 0,
 "DMES2" : 0,
 "ST_RAM_SIZE" : 3,
 "nWRP0" : 1,
 "nWRP1" : 1,
 "nWRP2" : 1,
 "nWRP3" : 1,
 "nWRP4" : 1,
 "nWRP5" : 1,
 "nWRP6" : 1,
 "nWRP7" : 1,
 "nWRP8" : 1,
 "nWRP9" : 1,
 "nWRP10" : 1,
 "nWRP11" : 1,
 "nWRP12" : 1,
 "nWRP13" : 1,
 "nWRP14" : 1,
 "nWRP15" : 1
 }
}

 When generating SFI Option Bytes with the STM32TrustedPackageCreator for the STM32H753ZI I get:

FLASH_OPTSR_PRG,0x17DEBBF0
FLASH_PRAR_PRG1,0x0000000F
FLASH_PRAR_PRG2,0x0000000F
FLASH_SCAR_PRG1,0x81000200
FLASH_SCAR_PRG2,0x81000200
FLASH_WPSN_PRG1,0xFFFFFFFF
FLASH_WPSN_PRG2,0xFFFFFFFF
FLASH_BOOT7_PRG,0x08002400
RESERVED,0x24000810

When converting this to the JSON-schema (Option Bytes with the STM32TrustedPackageCreator) :

{
 "deviceId" : 1104,
 "bitNameToValue" : {
 "RDP" : 187,
 "BOR_LEV" : 0,
 "IWDG1_SW" : 1,
 "NRST_STOP_D1" : 1,
 "NRST_STBY_D1" : 1,
 "FZ_IWDG_STOP" : 1,
 "FZ_IWDG_SDBY" : 1,
 "SECURITY" : 0,
 // "BCM7" : not found in RM0433,
 // "NRST_STOP_D2" : H753 single core,
 // "NRST_STBY_D2" : H753 single core,
 "SWAP_BANK" : 0,
 "IO_HSLV" : 0,
 "BOOT_CM7_ADD0" : 9216,
 "BOOT_CM7_ADD1" : 2048,
 "PROT_AREA_START1" : 15,
 "PROT_AREA_END1" : 0,
 "DMEP1" : 0,
 "PROT_AREA_START2" : 15,
 "PROT_AREA_END2" : 0,
 "DMEP2" : 0,
 "SEC_AREA_START1" : 512,
 "SEC_AREA_END1" : 256,
 "DMES1" : 1,
 "SEC_AREA_START2" : 512,
 "SEC_AREA_END2" : 256,
 "DMES2" : 1,
 "ST_RAM_SIZE" : 3,
 "nWRP0" : 1,
 "nWRP1" : 1,
 "nWRP2" : 1,
 "nWRP3" : 1,
 "nWRP4" : 1,
 "nWRP5" : 1,
 "nWRP6" : 1,
 "nWRP7" : 1,
 "nWRP8" : 1,
 "nWRP9" : 1,
 "nWRP10" : 1,
 "nWRP11" : 1,
 "nWRP12" : 1,
 "nWRP13" : 1,
 "nWRP14" : 1,
 "nWRP15" : 1
 }
}

 So basically there will be a change in:
RDP: 170 > 187 (RDP Level 0 to 1)
SECURITY: 1 > 0

BOOT_CM7_ADD0: 2048 > 9216
BOOT_CM7_ADD1: 8176 > 2048
PROT_AREA_START1: 255 > 15
PROT_AREA_START2: 255 > 15
SEC_AREA_START1: 255 > 512
SEC_AREA_END1: 0 > 256
DMES1: 0 > 1
SEC_AREA_START2: 255 > 512
SEC_AREA_END2: 0 > 256
DMES2: 0 > 1
 
Questions:
1. After these changes, will I be able to reverse to the standard settings? The most crucial part will be reversing the RDP Level but as I read in RM0433 a change from Level 1 to 0 is fine.
2. Does changing BOOT_CM7_ADD0 and BOOT_CM7_ADD1 require a particular application code? Or will I be able to simply put a single blinky example at 0x08000000 when generating the SFI-Image?
 
Thanks in advance.
Best regards
 
Terms & ConditionsAccessibility statement