Skip to content

Commit e0e9217

Browse files
dgarskedgarske
committed
Fix some issues with documentation for STM32H5 and include steps to test update using STM32 programmer.
1 parent fd2c81a commit e0e9217

File tree

1 file changed

+24
-11
lines changed

1 file changed

+24
-11
lines changed

docs/Targets.md

Lines changed: 24 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -175,10 +175,10 @@ The example configuration for this scenario is available in [/config/examples/st
175175
- User Option Bytes requirement (with STM32CubeProgrammer tool - see below for instructions)
176176

177177
```
178-
TZEN = 1 System with TrustZone-M enabled
179-
DBANK = 1 Dual bank mode
180-
SECWM1_PSTRT=0x0 SECWM1_PEND=0x7F All 128 pages of internal Flash Bank1 set as secure
181-
SECWM2_PSTRT=0x1 SECWM2_PEND=0x0 No page of internal Flash Bank2 set as secure, hence Bank2 non-secure
178+
TZEN = 1 System with TrustZone-M enabled
179+
DBANK = 1 Dual bank mode
180+
SECWM1_STRT=0x0 SECWM1_END=0x7F All 128 pages of internal Flash Bank1 set as secure
181+
SECWM2_STRT=0x1 SECWM2_END=0x0 No page of internal Flash Bank2 set as secure, hence Bank2 non-secure
182182
```
183183

184184
- NOTE: STM32CubeProgrammer V2.3.0 is required (v2.4.0 has a known bug for STM32L5)
@@ -189,7 +189,7 @@ SECWM2_PSTRT=0x1 SECWM2_PEND=0x0 No page of internal Flash Bank2 set as secur
189189
2. `make`
190190
3. Prepare board with option bytes configuration reported above
191191
- `STM32_Programmer_CLI -c port=swd mode=hotplug -ob TZEN=1 DBANK=1`
192-
- `STM32_Programmer_CLI -c port=swd mode=hotplug -ob SECWM1_PSTRT=0x0 SECWM1_PEND=0x7F SECWM2_PSTRT=0x1 SECWM2_PEND=0x0`
192+
- `STM32_Programmer_CLI -c port=swd mode=hotplug -ob SECWM1_STRT=0x0 SECWM1_END=0x7F SECWM2_STRT=0x1 SECWM2_END=0x0`
193193
4. flash wolfBoot.bin to 0x0c00 0000
194194
- `STM32_Programmer_CLI -c port=swd -d ./wolfboot.bin 0x0C000000`
195195
5. flash .\test-app\image_v1_signed.bin to 0x0804 0000
@@ -316,10 +316,10 @@ SRAM memories into two parts:
316316
- User Option Bytes requirement (with STM32CubeProgrammer tool - see below for instructions)
317317

318318
```
319-
TZEN = 1 System with TrustZone-M enabled
320-
DBANK = 1 Dual bank mode
321-
SECWM1_PSTRT=0x0 SECWM1_PEND=0x7F All 128 pages of internal Flash Bank1 set as secure
322-
SECWM2_PSTRT=0x1 SECWM2_PEND=0x0 No page of internal Flash Bank2 set as secure, hence Bank2 non-secure
319+
TZEN = 1 System with TrustZone-M enabled
320+
DBANK = 1 Dual bank mode
321+
SECWM1_STRT=0x0 SECWM1_END=0x7F All 128 pages of internal Flash Bank1 set as secure
322+
SECWM2_STRT=0x1 SECWM2_END=0x0 No page of internal Flash Bank2 set as secure, hence Bank2 non-secure
323323
```
324324

325325
- NOTE: STM32CubeProgrammer V2.8.0 or newer is required
@@ -330,7 +330,7 @@ SECWM2_PSTRT=0x1 SECWM2_PEND=0x0 No page of internal Flash Bank2 set as secur
330330
2. `make TZEN=1`
331331
3. Prepare board with option bytes configuration reported above
332332
- `STM32_Programmer_CLI -c port=swd mode=hotplug -ob TZEN=1 DBANK=1`
333-
- `STM32_Programmer_CLI -c port=swd mode=hotplug -ob SECWM1_PSTRT=0x0 SECWM1_PEND=0x7F SECWM2_PSTRT=0x1 SECWM2_PEND=0x0`
333+
- `STM32_Programmer_CLI -c port=swd mode=hotplug -ob SECWM1_STRT=0x0 SECWM1_END=0x7F SECWM2_STRT=0x1 SECWM2_END=0x0`
334334
4. flash wolfBoot.bin to 0x0c000000
335335
- `STM32_Programmer_CLI -c port=swd -d ./wolfboot.bin 0x0C000000`
336336
5. flash .\test-app\image_v1_signed.bin to 0x08010000
@@ -915,7 +915,7 @@ The example configuration for this scenario is available in [/config/examples/st
915915
`STM32_Programmer_CLI -c port=swd -ob TZEN=0xB4`
916916

917917
- set the option bytes to enable flash secure protection of first 384KB and remainder as non-secure:
918-
`STM32_Programmer_CLI -c port=swd -ob SECWM1_PSTRT=0x0 SECWM1_PEND=0x2F SECWM2_PSTRT=0x2F SECWM2_PEND=0x0`
918+
`STM32_Programmer_CLI -c port=swd -ob SECWM1_STRT=0x0 SECWM1_END=0x2F SECWM2_STRT=0x2F SECWM2_END=0x0`
919919

920920
- flash the wolfboot image to the secure partition:
921921
`STM32_Programmer_CLI -c port=swd -d wolfboot.bin 0x0C000000`
@@ -925,6 +925,19 @@ The example configuration for this scenario is available in [/config/examples/st
925925

926926
For a full list of all the option bytes tested with this configuration, refer to [STM32-TZ.md](/docs/STM32-TZ.md).
927927

928+
You can use the "update" command and XMODEM to send a newly signed update (see docs/flash-OTP.md) or use the steps below using the STM32_Programmer:
929+
930+
```sh
931+
IMAGE_HEADER_SIZE=1024 tools/keytools/sign --ecc256 test-app/image.bin wolfboot_signing_private_key.der 2
932+
echo -n "pBOOT" > trigger_magic.bin
933+
./tools/bin-assemble/bin-assemble \
934+
update.bin \
935+
0x0 test-app/image_v2_signed.bin \
936+
0x9FFFB trigger_magic.bin
937+
STM32_Programmer_CLI -c port=swd -d update.bin 0x08100000
938+
```
939+
940+
928941
### Scenario 2: TrustZone Enabled, wolfCrypt as secure engine for NS applications
929942

930943
This is similar to Scenario 1, but also includes wolfCrypt in secure mode, and

0 commit comments

Comments
 (0)