Overview; Debug Authentication Provisioning Overview; Debug Authentication Using Password Overview; Debug Authentication Using Certificates Overview - ST STM32H5 Series Getting Started
Hide thumbs
Also See for STM32H5 Series:
- User manual (44 pages) ,
- Application note (56 pages) ,
- User manual (37 pages)
Table of Contents
Advertisement
2
Overview
2.1
Debug authentication provisioning overview
Before using the debug authentication services, the user must provision STM32 with its credentials. The debug
authentication allows two types of credential: password or certificates:
•
Password method, the user must provision a password hash (SHA256) within STM32.
•
Certificate method, the user must provision the hash of the public key carried by the debug authentication
root certificate and the debug authentication authorized permissions (for regression and / or debug
reopening).
The user must provision the DA credentials in product state provisioning.
On STM32H5:
•
The password method is only supported when Arm
•
The certificate method is only supported when Arm
Caution:
Beware when provisioning the device. Do not provision a password hash when TZ is enabled, or a root
certificate public key hash when TZ is disabled. The device can be permanently locked.
For more details about DA provisioning, refer to
2.2
Debug authentication using password overview
When using the password method, only a full regression is possible.
The figure below shows how the user triggers the debug authentication service using the password method.
To access the debug authentication feature, the host must send the password to the STM32. When the STM32
receives the password, it verifies that its hash corresponds to the one that is provisioned inside the key storage.
2.3
Debug authentication using certificates overview
To help with understanding of the debugging authentication using certificates process, this section focus on the
simplest certificate chain. However, in reality, the STM32 receives a chain of certificates instead of just one. The
principle of the debug authentication certificate chain is similar to the X509 certificate chain, but the certificate
format used here is proprietary.
Figure 3
shows how the user triggers the debug authentication service using the certificate method.
AN6008 - Rev 1
®
®
Section 4.1:
Figure 2.
Debug authentication using a password
***
***
***
: Password
®
TrustZone
is disabled (TZEN=0xC3).
®
TrustZone
is enabled (TZEN=0XB4).
Provisioning.
Product State = OPEN
AN6008
Overview
page 3/25
Advertisement
Table of Contents
Need help?
Do you have a question about the STM32H5 Series and is the answer not in the manual?
Questions and answers