Skip to content

Fix STM32H5 update #617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dgarske merged 9 commits into from
Oct 29, 2025
Merged

Fix STM32H5 update #617

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
58baba2
Fix STM32H5 update
mattia-moffa Oct 23, 2025
fdcd7be
Don't use hardcoded value; add comment
mattia-moffa Oct 23, 2025
70f12a2
Update docs
mattia-moffa Oct 24, 2025
fd2c81a
Fix H5 erase bug
mattia-moffa Oct 24, 2025
e0e9217
Fix some issues with documentation for STM32H5 and include steps to t…
dgarske Oct 24, 2025
177358e
Update H5 app to use new NSC API
mattia-moffa Oct 28, 2025
1813463
Fix non-trustzone configs
mattia-moffa Oct 28, 2025
ea9484f
Add docs for NSC APIs and update H5 option bytes
mattia-moffa Oct 29, 2025
70d25f4
Fix docs link
mattia-moffa Oct 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions docs/STM32-TZ.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ OPTION BYTES BANK: 2

Boot Configuration:

NSBOOTADD : 0x80400 (0x8040000)
NSBOOTADD : 0x80600 (0x8060000)
NSBOOT_LOCK : 0xC3 (The SWAP_BANK and NSBOOTADD can still be modified following their individual rules.)
SECBOOT_LOCK : 0xC3 (The BOOT_UBE, SWAP_BANK and SECBOOTADD can still be modified following their individual rules.)
SECBOOTADD : 0xC0000 (0xC000000)
Expand All @@ -201,7 +201,7 @@ OPTION BYTES BANK: 3
Bank1 - Flash watermark area definition:

SECWM1_STRT : 0x0 (0x8000000)
SECWM1_END : 0x1F (0x803E000)
SECWM1_END : 0x2F (0x805e000)

Write sector group protection 1:

Expand All @@ -210,8 +210,8 @@ OPTION BYTES BANK: 4

Bank2 - Flash watermark area definition:

SECWM2_STRT : 0x0 (0x08100000)
SECWM2_END : 0x1F (0x0813e000)
SECWM2_STRT : 0x2F (0x0815e000)
SECWM2_END : 0x0 (0x08100000)

Write sector group protection 2:

Expand Down Expand Up @@ -251,7 +251,7 @@ OPTION BYTES BANK: 9

```
STM32_Programmer_CLI -c port=swd -d wolfboot.bin 0x0C000000
STM32_Programmer_CLI -c port=swd -d test-app/image_v1_signed.bin 0x08040000
STM32_Programmer_CLI -c port=swd -d test-app/image_v1_signed.bin 0x08060000
```

- After rebooting, the LED on the board should turn on sequentially:
Expand Down
2 changes: 1 addition & 1 deletion docs/Targets.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -975,7 +975,7 @@ To initiate an update, sign a new version of the app and upload the v3 to the up
on the second bank:

```sh
tools/keytools/sign --ecc256 test-app/image.bin wolfboot_signing_private_key.der 3
IMAGE_HEADER_SIZE=1024 tools/keytools/sign --ecc256 test-app/image.bin wolfboot_signing_private_key.der 3
Comment thread
dgarske marked this conversation as resolved.
STM32_Programmer_CLI -c port=swd -d test-app/image_v3_signed.bin 0x08160000
```

Expand Down
14 changes: 10 additions & 4 deletions hal/stm32_tz.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,19 +96,21 @@ void hal_tz_claim_nonsecure_area(uint32_t address, int len)
uint32_t reg;
uint32_t end = address + len;
uint32_t start_address = address;
uint32_t start_page_n;
uint32_t bank = 0;
int pos;

if (!is_range_nonsecure(address, len))
return;

if (address < FLASH_BANK2_BASE) {
page_n = (address - ARCH_FLASH_OFFSET) / FLASH_PAGE_SIZE;
start_page_n = (address - ARCH_FLASH_OFFSET) / FLASH_PAGE_SIZE;
bank = 0;
} else {
page_n = (address - FLASH_BANK2_BASE) / FLASH_PAGE_SIZE;
start_page_n = (address - FLASH_BANK2_BASE) / FLASH_PAGE_SIZE;
bank = 1;
}
page_n = start_page_n;
#ifdef TARGET_stm32h5
/* Take into account current swap configuration */
if ((FLASH_OPTSR_CUR & FLASH_OPTSR_SWAP_BANK) >> 31)
Expand All @@ -129,13 +131,14 @@ void hal_tz_claim_nonsecure_area(uint32_t address, int len)
page_n++;
}
address = start_address;
page_n = start_page_n;
while (address < end) {
/* Erase claimed non-secure page, in secure mode */
#ifndef TARGET_stm32h5
reg = FLASH_CR & (~((FLASH_CR_PNB_MASK << FLASH_CR_PNB_SHIFT) | FLASH_CR_PER | FLASH_CR_BKER | FLASH_CR_PG | FLASH_CR_MER1 | FLASH_CR_MER2));
FLASH_CR = reg | ((page_n << FLASH_CR_PNB_SHIFT) | FLASH_CR_PER);
#else
reg = FLASH_CR & (~((FLASH_CR_PNB_MASK << FLASH_CR_PNB_SHIFT) | FLASH_CR_SER | FLASH_CR_BER | FLASH_CR_PG | FLASH_CR_MER));
reg = FLASH_CR & (~((FLASH_CR_PNB_MASK << FLASH_CR_PNB_SHIFT) | FLASH_CR_SER | FLASH_CR_BER | FLASH_CR_PG | FLASH_CR_MER | FLASH_CR_BKSEL));
FLASH_CR = reg | ((page_n << FLASH_CR_PNB_SHIFT) | FLASH_CR_SER | (bank << 31));
#endif

Expand All @@ -162,8 +165,11 @@ void hal_tz_release_nonsecure_area(void)
{
#ifndef DUALBANK_SWAP
int i;
for (i = 0; i < FLASH_SECBB_NREGS; i++)
/* Set all banks as non-secure */
for (i = 0; i < FLASH_SECBB_NREGS; i++) {
FLASH_SECBB1[i] = 0;
Comment thread
dgarske marked this conversation as resolved.
FLASH_SECBB2[i] = 0;
}
#else
uint32_t addr;
int bank_swp = 0;
Expand Down
37 changes: 25 additions & 12 deletions hal/stm32h5.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,17 +33,20 @@

#if TZ_SECURE()

/* This function assumes that the boot and the update
* partitions are at the same address in the two banks,
* regardless if DUALBANK_SWAP is active or not.
*/
static int is_flash_nonsecure(uint32_t address)
{
#ifndef DUALBANK_SWAP
if (address >= WOLFBOOT_PARTITION_BOOT_ADDRESS) {
return 1;
}
return 0;
#else
uint32_t in_bank_offset = (address & 0x000FFFFF);
if (in_bank_offset >= (WOLFBOOT_PARTITION_BOOT_ADDRESS - FLASHMEM_ADDRESS_SPACE)) {
return 1;
}
return 0;
#endif
}
#endif

Expand Down Expand Up @@ -189,6 +192,7 @@ void RAMFUNCTION hal_flash_opt_lock(void)

int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
{
uint32_t start_address;
uint32_t end_address;
uint32_t p;

Expand All @@ -199,8 +203,17 @@ int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
if (address < 0x08000000)
return -1;

end_address = address + len - 1;
for (p = address; p < end_address; p += FLASH_PAGE_SIZE) {
#if TZ_SECURE()
start_address = address | FLASH_SECURE_MMAP_BASE;
if (is_flash_nonsecure(address)) {
hal_tz_claim_nonsecure_area(address, len);
}
#else
start_address = address;
#endif

end_address = start_address + len - 1;
for (p = start_address; p < end_address; p += FLASH_PAGE_SIZE) {
uint32_t reg;
uint32_t base;
uint32_t bnksel = 0;
Expand All @@ -211,12 +224,6 @@ int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
base = FLASH_BANK2_BASE;
bnksel = 1;
}
#if TZ_SECURE()
/* When in secure mode, skip erasing non-secure pages: will be erased upon claim */
if (is_flash_nonsecure(address)) {
return 0;
}
#endif
/* Check for swapped banks to invert bnksel */
if ((FLASH_OPTSR_CUR & FLASH_OPTSR_SWAP_BANK) >> 31)
bnksel = !bnksel;
Expand All @@ -228,6 +235,12 @@ int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
}
/* If the erase operation is completed, disable the associated bits */
FLASH_CR &= ~FLASH_CR_SER ;

#if TZ_SECURE()
if (is_flash_nonsecure(address)) {
hal_tz_release_nonsecure_area();
}
#endif
return 0;
}

Expand Down