ST STM32H5 Series Getting Started
Hide thumbs
Also See for STM32H5 Series:
- User manual (44 pages) ,
- Application note (56 pages) ,
- User manual (37 pages)
Table of Contents
Advertisement
Quick Links
Getting started with debug authentication (DA) for STM32H5 MCUs
Introduction
This document describes the debug authentication (DA) security service of the
The STM32 debug authentication controls the product life cycle, such as regressions (for more details about the life cycle, refer
to the reference manual), and debug reopening:
•
Regression
The user leverages the regression service to erase the user firmware and data within the user flash memory, SRAM, and
option-byte keys (OBK) when OBK are supported by STM32H5. After a regression, STM32 falls back in product state
open. There are two kinds of regression: full regression and partial regression. Refer to
authentication services description
•
Debug reopening
The user leverages the debug reopening to safely reopen the debug on STM32 when it is in a product state different than
open.
When the STM32 product state is not open, the user can trigger the debug authentication services by sending a password or a
certificate chain to STM32.
These two options are named the debug authentication methods.
The debug authentication protocol uses the STM32 debug access port 0 (DAP0) and the DBGMCU IP for communication.
The STM32 debug authentication implements the Arm
®
The Arm
PSA ADAC protocol is based on the certificate chain and the challenge/response principle.
AN6008 - Rev 1 - December 2023
For further information contact your local STMicroelectronics sales office.
for more details.
Figure 1.
Debug authentication interface
Debug port
Probe
/ DBGMCU
®
PSA ADAC (authenticated debug access control) specification.
STM32H5
series.
Section 3: STM32H5 debug
STM32H5
Debug
Authentication
AN6008
Application note
www.st.com
Advertisement
Table of Contents
Related Manuals for ST STM32H5 Series
Summary of Contents for ST STM32H5 Series
-
Page 1: Figure 1. Debug Authentication Interface
PSA ADAC (authenticated debug access control) specification. ® The Arm PSA ADAC protocol is based on the certificate chain and the challenge/response principle. AN6008 - Rev 1 - December 2023 www.st.com For further information contact your local STMicroelectronics sales office. -
Page 2: General Information
Option-byte keys OFTDEC On-the-fly decryption Public key accelerator Platform security architecture SAES Secure advanced encryption standard System on chip Secure debug manager STiROT ST immutable root of trust Serial wire debug ® ® TrustZone ® ® TZEN TrustZone enabled uROT... -
Page 3: Overview
AN6008 Overview Overview Debug authentication provisioning overview Before using the debug authentication services, the user must provision STM32 with its credentials. The debug authentication allows two types of credential: password or certificates: • Password method, the user must provision a password hash (SHA256) within STM32. •... -
Page 4: Figure 3. Debug Authentication Using Certificate
AN6008 Overview Figure 3. Debug authentication using certificate Challenge Response Product State = OPEN Step 1 Step 2 Step 3 : Debug Authentication Certificate : Debug Authentication Private Key When the user triggers the debug authentication feature (regression or debug reopening), they first send a certificate and an action request to the STM32. -
Page 5: Stm32H5 Debug Authentication Services Description
Certificate formats: fixed to “0x201”. • Cryptosystem: “Ecdsa-P256 SHA256” (certificate) or “ST password”. • ST provisioning integrity: indicates if integrity of provisioned DA data is correct (0xeaeaeaea) or wrong (0xf5f5f5f5). The discovery service is available in every product state except locked. 3.1.2... -
Page 6: Stm32H5 Series Full Regression Support
AN6008 STM32H5 debug authentication services description The full regression service is not available in the product state open or locked. 3.2.2 STM32H5 series full regression support Table 2. STM32H5 series full regression support Part number Full regression supported STM32H573xx STM32H563xx/STM32H562xx STM32H503xx 3.2.3... -
Page 7: Stm32H5 Series Partial Regression Support
Mixing secure and nonsecure sectors in the WRP zone is not authorized. If this rule is not applied, an error blocks the partial regression service from running. 3.3.5 STM32H5 series partial regression support Table 3. STM32H5 series partial regression support... -
Page 8: Debug Reopening And Stirot
AN6008 STM32H5 debug authentication services description In this product state, the user cannot establish a debug connection neither in secure nor in nonsecure whatever the HDP level. By using the debug reopening service, the user requests STM32H5 to reopen the debug in nonsecure with HDP level 3. -
Page 9: Close Debug Service
AN6008 STM32H5 debug authentication services description In order to reopen debug from HDPL2 nonsecure, use the following command: .\STM32_Programmer_CLI.exe -c port=SWD speed=fast per=i key=.\key.pem cert=.\certificate_chai n debugauth=1 In order to reopen debug from HDPL3 nonsecure, use the following command: .\STM32_Programmer_CLI.exe -c port=SWD speed=fast per=j key=.\key.pem cert=.\certificate_chai n debugauth=1 Close debug service 3.5.1... -
Page 10: Debug Authentication Activation
AN6008 Debug authentication activation Debug authentication activation Provisioning 4.1.1 Introduction The debug authentication use two kinds of methods: • A password (maximum length of password is 128 bits/16 bytes). • A certificate chain. Before using the debug authentication service, the user must provision STM32H5 with data for debug authentication configuration. -
Page 11: Debug Authentication Trigger
AN6008 Debug authentication activation Debug authentication trigger Debug host must run in sequence the two actions depicted below: 1. Debug host uses SWD/JTAG with access point 0 to write ‘STDA’ character list within DBGMCU_DBG_AUTH_HOST register. 2. Debug host resets the debug target (STM32H5). After this sequence STM32H5 starts the debug authentication protocol. -
Page 12: Stm32H5 Debug Authentication Protocol Description
AN6008 STM32H5 debug authentication protocol description STM32H5 debug authentication protocol description Physical link Host and STM32H5 use JTAG or SWD physical connection over access point 0. Using access point 0, debug transactions only access a very limited part of the STM32H5, for example, the DBGMCU IP. -
Page 13: Debug Authentication Using Password
AN6008 STM32H5 debug authentication protocol description Command constant Command name Description This command is used to provide the debug token and additional credentials 0x0003 ADAC_AUTH_RESPONSE_CMD as part of a complete authentication response to the target. Not used in STM32H5 debug 0x0005 ADAC_CLOSE_SESSION_CMD authentication service... -
Page 14: Certificates And Certificate Chains
AN6008 STM32H5 debug authentication protocol description Figure 6. Debug authentication using a root certificate 5.4.2 Certificates and certificate chains There are three types of certificates: • Root certificate • Intermediate certificate • Leaf certificate Example of usage: a manufacturer (root level) subcontracts some services to other entities (intermediate level). These subcontractors also subcontract some of their services to other entities (leaf level). -
Page 15: Certificates And Product Series/Device Filtering
AN6008 STM32H5 debug authentication protocol description Figure 7. Example of a forbidden action Example of an authorized action In this example, the token mask is used to request a debug opening from HDPL3 NS. The permission accumulation allows this action so it is applied. In the example described Figure 8, the certificate chain contains a root certificate and a leaf certificate. -
Page 16: Debug Authentication Ecosystem Overview
AN6008 Debug authentication ecosystem overview Debug authentication ecosystem overview Debug authentication provisioning Figure 9. Debug authentication ecosystem during provisioning phase STM32H5 Host STM32CubeProgrammer Probe Any interfaces accessible by CubeProgrammer: bootloader peripherals + JTAG/SWD. DA_Config.obk STM32 Trusted Package Creator DA_Config.xml Step 1 The STM32 Trusted Package Creator is used to create the debug authentication configuration .obk file from the debug authentication configuration .xml file. -
Page 17: Launch Debug Authentication Service (Certificate Method)
AN6008 Debug authentication ecosystem overview Step 2 The DA configuration obk file is programmed in STM32 OBK by using the STM32CubeProgrammer. Launch debug authentication service (certificate method) Figure 10. Debug authentication ecosystem for service launch STM32H5 Host STM32CubeProgrammer Debug port Debug Probe or IDE... -
Page 18: Synthesis Table
AN6008 Synthesis table Synthesis table Table 10. Synthesis table STM32H573xx STM32H563xx STM32H503xx HDPL1 OBK HDPL1 OBK DA data storage location (@ 0x0FFD0100) (@ 0x0FFD0100) (@ 0x08FFF000) DA data encryption Password (TZEN=0xC3) Password (TZEN=0xC3) Available DA methods Password certificate (TZEN=0xB4) certificate (TZEN=0xB4) Discovery Full regression Partial regression... -
Page 19: Stm32H5 Debug Authentication Restrictions
AN6008 STM32H5 debug authentication restrictions STM32H5 debug authentication restrictions Debug authentication and WWDG The debug authentication does not manage Window WatchDog (WWDG). It is recommended not to activate Window WatchDog when using debug authentication. AN6008 - Rev 1 page 19/25... -
Page 20: Revision History
AN6008 Revision history Table 11. Document revision history Date Version Changes 22-Dec-2023 Initial release. AN6008 - Rev 1 page 20/25... -
Page 21: Table Of Contents
STM32H5 series partial regression support ........ - Page 22 AN6008 Contents Debug authentication trigger ........... . 11 STM32H5 debug authentication protocol description .
-
Page 23: List Of Tables
STM32H5 series partial regression support ........ -
Page 24: List Of Figures
AN6008 List of figures List of figures Figure 1. Debug authentication interface ............1 Figure 2. - Page 25 ST’s terms and conditions of sale in place at the time of order acknowledgment. Purchasers are solely responsible for the choice, selection, and use of ST products and ST assumes no liability for application assistance or the design of purchasers’...
Need help?
Do you have a question about the STM32H5 Series and is the answer not in the manual?
Questions and answers