SFIx Step-by-step on STM32H735 Discovery Kit

Revision as of 15:05, 10 February 2022 by Registered User (→‎External firmware)

SFIx Step-by-step on STM32H735G-DKClock.png75min

Target description

This tutorial shows how to use SFI for installing

  • a secure internal firmware
  • a secure external firmware.

In this page we provide an example to discovery kit STM32H735-DK. The internal firmware will be installed to the flash memory of the chip STM32H735, and the external firmware will be installed to the external memory embedded on the board : MX25LM51245G.

The process goes through three 'steps' at the Original Equipment Manufacturer (OEM) and the Contract Manufacturer (CM) sites.

  • Development @ OEM  : the application code that will run on STM32 is generated.
  • Secure Room @ OEM  : code prepared during the development is encrypted and packaged to be sent for manufacturing. The Secure Room is isolated and its resources are not visible outside of it.
  • Manufacturing @ CM : the encrypted code received by the OEM Secure Room is installed using SFI tools.


Prerequisites

Hardware

  • STM32H735-DK[1] Discovery kit with STM32H735IG MCU
  • STM32-HSM[2] SAM for Secure Firmware Installation
  • SmartCard Reader
    • Laptop Built-in
    • External
  • STLINK-V3[3] modular in-circuit debugger and programmer for STM32/STM8
  • USB cable Type-A to Micro-B
  • Jump wires

Software

  • STM32CubeProgrammer[4] Software programming tool for STM32 (v2.10 min)
    • Including STM32TrustedPackageCreator
  • STM32CubeMX[5] STM32Cube initialization code generator
  • STM32CubeIDE[6] Integrated Development Environment for STM32
  • X-CUBE-SFI Expansion package[7] The STM32CubeExpansion_SFI Secure Firmware Install shows how to go through SFI installation process for STM32 devices to protect OEM firmware during the CM product manufacturing stage.


Literature

  • AN4992 STM32 MCUs secure firmware install (SFI) overview
  • UM2237 STM32CubeProgrammer software description
  • UM2238 STM32 Trusted Package Creator tool software description
  • AN5054 Secure programming using STM32CubeProgrammer
  • AN2606 STM32 microcontroller system memory boot mode
  • RM0468 STM32H723/733, STM32H725/735 and STM32H730 Value line advanced Arm®-based 32-bit MCUs
  • UM2679 STM32H735G-DK Discovery kit
  • UM2448 STLINK-V3SET debugger/programmer for STM8 and STM32



1. Environment setup

Before starting, the first step is to prepare the environment to go through the SFI process. Please refer to the Environment setup on the article: Step1 Tools installation

2. Development @ OEM : Firmware creation

The first step is to create an code containing datas to be installed in external memory. This code will be called "External firmware". The second step of the process is to create a demo application for STM32H735G-DK using OTFDEC to decrypt the code installed in external memory This code will be called "Internal firmware".

You can use the example project developped in xcube-sfi, or create a new project.

2.1. External firmware

The firmware to be installed in external memory with SFIx process will be encrypted by the RSS. RSS uses AES algorithm (Advanced Encryption Standard ) to encrypt the external firmware.

AES Key ,region number and mode are given by user during SFIx process as input parameters.

For this example we use known datas as external firmal that we save in a binary file. These datas will be encrypt by RSS during SFIx process.

xcube-sfi package gives an example of external firmware : Ext_Mem.bin placed in X-Cube-SFI_V1.0.0\Projects\STM32H735G-DK\Applications\SFIx\OEM_SecureRoom\Binary

File:ext Mem.png

2.2. Internal firmware

3. Secure Room @ OEM : SFI package generation and HSM provisionning

In the Secure Room the following two steps are performed:

  • SFI package generation: the code prepared during the development is encrypted and packaged to be sent for manufacturing.
  • HSM Provisioning: the HSM is provisioned with the keys used for encryption and with the max license counter.
Warning white.png Warning
The assumption is that the Secure Room is isolated and its resources are not accessible from the outside world.


3.1. SFI package generation

Clock.png10min

In this step, the application binary file and the option byte configuration are encrypted in an SFI package.

The following inputs are needed:

  • Application Binary file (created in the previous step) and dowload address in FLASH.
  • AES Key
  • Nonce
  • Option bytes

3.1.1. Inputs preparation

3.1.1.1. Firmware binary files and Download address

The OEM binary file previously generated is designed to be executed from a specific address in FLASH.
The SFI process ensures that the binary is downloaded at the address specified as input parameter.

  • For this example we will use: 0x08000000
Info white.png Information
In this page we will use dummy values, the OEM can create its own keys with arbitrary values
3.1.1.2. Encryption key file

First step is to create secret keys and the nonce that will be used by STM32TrustedPackageCreator to encrypt the firmware image in the SFI package and will be programmed in the STM32-HSM.

  1. Create a new text file
  2. Paste the following text
    3. AES_KEY_TEST_001
    The corresponding hex values are: 41 45 53 5F 4B 45 59 5F 54 45 53 54 5F 30 30 31
  3. Save it as aeskey.bin
Warning white.png Warning
The OEM is responsible for keeping this key SECRET - the confidentiality of the solution relies on this.
Warning white.png Warning
You can also use the aeskey.bin file example in xcube-sfi package folder "Keys":X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFI\OEM_SecureRoom\Keys
3.1.1.3. AES Nonce file
  1. Create a new text file
  2. Paste the following text
    3. NONCE_TEST01
    The corresponding hex values are: 4E 4F 4E 43 45 5F 54 45 53 54 30 31
  3. Save it as nonce.bin
Warning white.png Warning
You can also use the nonce.bin file example in xcube-sfi package, folder "Keys":X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFI\OEM_SecureRoom\Keys
3.1.1.4. Option bytes file

Together with installing the application binary, SFI process can be used to specify the OB values to be configured at the end of the installation process. In the path C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\SFI_OB_CSV_FILES you can find file examples for each series of MCUs.

To create your OB file, you can use STM32 Trusted Package Creator :

  • Open STM32 Trusted Package Creator
  • In SFI OB tab, select the MCU used. In this example please select STM32H2x/H3x.
  • The right panel displays the OB values as saved in the file you generate. Please select a path to save the OB file that will be generated in "Generate OB .csv file"
Path.png
  • Microcontroller panel is useful to choose the OB values you want to use. Once you select "Generate OB" button, OB values are displayed in "Option bytes generated values" panel, and a file is created / updated with the values chosen.
OB.png

In this example we have generated these values :

FOPTSR_PRG,0x203EAAD0
FPRAR_PRG_A,0x0000000F
FSCAR_PRG_A,0x81000200
FWPSN_PRG_A,0x000000FF
FBOOT7_PRG,0x1FF00800

In the following a description of the values

  • FOPTSR_PRG,0x203EAAD0 (paragraph "4.9.9 FLASH option status register" in RM0468 )
    • IO_HSLV  : 0x1 (Product operating below 2.5 V, I/O speed optimization at low-voltage feature allowed)
    • SECURITY  : 0x1 (Security feature enabled)
    • ST_RAM_SIZE  : 0x3 (16 Kbytes)
    • FZ_IWDG_SDBY : 0x1 (Independent watchdog is running in STANDBY mode)
    • FZ_IWDG_STOP : 0x1 (Independent watchdog is running in STOP mode)
    • RDP  : 0xAA (Level 0)
    • NRST_STBY : 0x1 (STANDBY mode on Domain 1 is entering without reset)
    • NRST_STOP : 0x1 (STOP mode on Domain 1 is entering without reset)
    • IWDG1_SW  : 0x1 (Independent watchdog is controlled by software)
    • BOR_LEV  : 0x0 (BOR OFF)
  • FPRAR_PRG_A,0x0000000F(paragraph "4.9.12 FLASH protection address" in RM0468 )
    • DMEP  : 0x0 (PCROP protected erase enable option configuration bit)
    • PROT_AREA_END: 0x000 (If this address is lower than PROT_AREA_START, no protection is set)
    • PROT_AREA_START: 0x200
  • FSCAR_PRG_A,0x81000200 (paragraph "4.9.14 FLASH secure address" in RM0468 )
    • DMES  : 0x1 (Flash Bank secure area is erased when RDP level regression (change from level 1 to 0) occurs)
    • SEC_AREA_END: 0x100 (If this address is lower than SEC_AREA_START, no protection is set)
    • SEC_AREA_START: 0x200
  • FWPSN_PRG_A,0x000000FF (paragraph "4.9.16 FLASH write sector protection" in RM0468 )
    • nWRP0  : 0x1 (Write protection not active on this sector)
    • nWRP1  : 0x1 (Write protection not active on this sector)
    • nWRP2  : 0x1 (Write protection not active on this sector)
    • nWRP3  : 0x1 (Write protection not active on this sector)
    • nWRP4  : 0x1 (Write protection not active on this sector)
    • nWRP5  : 0x1 (Write protection not active on this sector)
    • nWRP6  : 0x1 (Write protection not active on this sector)
    • nWRP7  : 0x1 (Write protection not active on this sector)
  • FBOOT7_PRG,0x1FF00800 (paragraph "4.9.18 FLASH register boot address for Arm® Cortex®-M7 core" in RM0468 )
    • BOOT_CM7_ADD1: 0x1FF0 (0x1FF10000)
    • BOOT_CM7_ADD0: 0x0800 (0x08000000)


Info white.png Information
You can refer to RM0468 for details on OB register values.
Warning white.png Warning
You can also use the ob.csv file in xcube-sfi package , folder "OptionBytes" : X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFI\OEM_SecureRoom\OptionBytes
3.1.1.5. Image version

Image version parameter is optional fo STM32H7 MCU serie. It is used to indicate which firmware version is installed.

3.1.1.6. Available Ram Size

For STM32H7 MCUs serie, we preconize this value : 0x1E000

3.1.1.7. Continuation token address

Address 0x80F0000 is preconize for this example. Continuation token address must be an address available in Flash.

3.1.1.8. Output SFI file

Output SFI file is the file to be created with sfi extension.

3.1.2. SFI package generation using STM32 Trusted Package Creator CLI (Command Line Interface)

3.1.2.1. Command launched from STM32CubeProgrammer\bin folder

You can use this command line to generate sfi package  :

Info white.png Information
Command line below must be launched from the path :C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin . aeskey.bin , nonce.bin and ob. csv files must also be saved in this folder. 
 STM32TrustedPackageCreator_CLI.exe -sfi -fir H735_LedBlink.bin 0x08000000 -k aeskey.bin -n nonce.bin -ob ob.csv -v 1 --ramsize 0x1E000 --token 0x80F0000 -o H735_LedBlink.sfi
3.1.2.2. Command launched from an other folder ( xcube-sfi example)

xcube-sfi package gives an example of script used to generate the output file from an other directory.
In Folder "Scripts" in X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFI\OEM_SecureRoom\Scripts, you can open the script "GenerateSFI_OEM_Dev.bat" with Notepas for example. Script description :

  • STM32TrustedPackageCreator executable Path is defined in "TOOLDIR" :
File:Tooldir2.png
  • Files previously created are set as "KEY", "NONCE" and "OPTBYTE" parameters:
File:KeysDir2.png
  • Firmware binary and address are defined as "BINARY", and "BINARY_BASE_ADD"
File:InputBinary2.png


  • Image version is marked "1" ,Output sfi file will be created in "OUT_BIN" path as "OUT_FILE" (OEM_Dev.sfi) :
File:Output2.png
  • At least we can launch the command line calling all previous defined parameters :
File:cli2.png


Once launched you will have the succeed message :

File:sfi generation cmd.png

Output file with sfi extension is now generated, and you can transfer this file in the binary folder that will be used in the last step launching "TransferSFIToCM.bat" script placed in this directory : X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFI\OEM_SecureRoom\Scripts.

Info white.png Information
xcube-sfi package uses command Line Interface to generate SFI package. If you want to use this CLI, you can manage a script with your own folders directories. If you prefet GUI (Graphical User Interface) please follow next paragraph

3.1.3. SFI package generation using STM32 Trusted Package Creator GUI (Graphical User Interface)

In the SFI panel of STM32TrustedPackageCreator you have to enter the parameters described from 3.1.1.1 to 3.1.1.8 :


File:SFI panel.png

Once all parameters browsed you can click on "Generate SFI" button.


The right panel will display the size of the package generated, and the address it will be installed in Flash memory.

File:SFI panel right.png

3.2. HSM programming

Clock.png10min

The programming step consists in the provisioning to the HSM of the following parameters:

  • AES Key
  • Nonce
  • Personalization data
  • ID
  • License counter

3.2.1. Preparation

AES Key and Nonce have been generated in the previous step - in this section we will focus on the remaining parameters.

3.2.2. HSM programming using STM32 Trusted Package Creator - GUI (Graphical User Interface)

Open the tool STM32 Trusted Package Creator.
If the shortcut has not been created on your Desktop during STM32CubeProgrammer installation, you can open it from :
C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin

File:STM32 Trusted Package Creator .png
  • Firmware identifier

The ID is a tag name for the HSM card (i.e. for the secret key) that could be useful to the CM when multiple cards are being used in manufacturing. For this example we will use: h735_4830100C

  • Encryption key file

Enter the AES Key file previously generated.

  • Nonce file

Enter the Nonce generated in previous step.

  • Personalization data file

You have to select the MCU used : in our case, please select STM32H72.
Press Open, and select PersoPackages folder.
In this folder you can find the file to use: STM32H72x_H73x_4830100C_SFI._01000000_00000000.enc.bin

  • Maximum number of images to program

Maximum number of devices that can be programmed with this HSM. For this example we will use: 300

Info white.png Information
Each time a SFI process is launch the license counter is decremented even if an error occurs during process
Info white.png Information
Please note that the max value of the counter depends on the specific STM32-HSM you are using - you can refer to the documentation for additional information
  • Provisionning

Now that we have defined the parameters, we can proceed with the provisioning of the STM32-HSM.

Warning white.png Warning
The HSM can be programmed just once and this operation is irreversible.

The HSM must be in OEM STATE. If the HSM is already programmed and there is a new attempt to reprogram it, an error message being displayed to indicate that the operation failed and the HSM is locked.

  1. Plug the HSM into the smart card reader
  2. Provision the HSM :
    Select ""Program HSM""
    Warning white.png Warning
    At this step the HSM is programmed and in OPERATIONAL_STATE.

    The HSM is ready to be shipped to the CM together with the H735_LedBlink.sfi package created before.

    3.2.3. HSM programming with STM32 Trusted Package Creator - CLI (Command Line Interface)

    • Personalization data

    The first step for HSM programming is to retrieve the personalization data for the smartcard: with this step, the specific STM32-HSM will allow the installation of SFI images to a specific STM32 family of products. This allows the OEM to add an additional control on the STM32 parts that will be manufactured by the CM.

    To perform this operation the user first needs to know the product ID of the device.

    1. Connect the STM32H735G-DK board with the micro USB cable through CN15
    2. Retrieve the STM32 device certificate 
      STM32_Programmer_CLI.exe -c port=SWD mode=HOTPLUG -gc H735_certificate.bin
      File:SFI get certificate.png

    3. Open the H735_certificate.bin file with an hex editor and read the first 8 bytes or with STM32CubeProgrammer and read the ASCII code (i.e. the product ID) - for H735 it will be 4830100C
      4. File:SFI H735 certificate.png


    4. Browse now to the folder C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\PersoPackages and look for the binary file with the corresponding name - in this case the parameter for the command will be 
      c:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\PersoPackages\4830100C_SFI._01000000_00000000.enc.bin
    • ID

    The ID is a tag name for the HSM card (i.e. for the secret key) that could be useful to the CM when multiple cards are being used in manufacturing.

    • For this example we will use: h735_4830100C
    • License counter

    License counter is the max number of devices that can be programmed with this HSM.

    • For this example we will use: 300
    Info white.png Information
    Each time a SFI process is launch the license counter is decremented even if an error occurs during process
    Info white.png Information
    Please note that the max value of the counter depends on the specific STM32-HSM you are using - you can refer to the documentation for additional information
    • Provisioning
    Warning white.png Warning
    The HSM can be programmed just once and this operation is irreversible.

    The HSM must be in OEM STATE. If the HSM is already programmed and there is a new attempt to reprogram it, an error message being displayed to indicate that the operation failed and the HSM is locked.


    Now that we have defined the parameters, we can proceed with the provisioning of the STM32-HSM.

    1. Plug the HSM into the smart card reader
    2. We can get the state of the HSM with the command:
      Info white.png Information
      Command line below must be launched from the path :C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin 
      STM32TrustedPackageCreator_CLI.exe -hsm -i 1 -info
      File:SFI cmd HSM get info OEM STATE.png

    3. Provision the HSM :
      Info white.png Information
      Command line below must be launched from the path :C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin . aeskey.bin and nonce.bin must also be saved in this folder.
      Info white.png Information
      You can also use the script example in xcube-sfi , path : X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFI\OEM_SecureRoom\Scripts\ Program_Hsm.bat to programm the HSM 
       STM32TrustedPackageCreator_CLI.exe -hsm -i 1 -k aeskey.bin -n nonce.bin -id "h735_4830100C" -mc 300 -pd 'c:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\PersoPackages\4830100C_SFI._01000000_00000000.enc.bin'
      File:SFI cmd HSM perso.png

    Warning white.png Warning
    At this step the HSM is programmed and in OPERATIONAL_STATE.

    You can get the state of the HSM with the command:

    Info white.png Information
    Command line below must be launched from the path :C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin 
    STM32TrustedPackageCreator_CLI.exe -hsm -i 1 -info
    File:SFI cmd HSM get info after programming.png

    The HSM is ready to be shipped to the CM together with the H735_LedBlink.sfi package created before.

    4. Manufacturing @ CM : Secure Firmware Installation

    In this step, the CM receives from the OEM the HSM card provisioned with the secret key and initialized with a max counter of licenses, and the .sfi package to be installed (including the firmware in encrypted form and the option bytes configuration).

    The SFI process could be performed through a regular JTAG/SWD interface or through the system bootloader interface (you can refer to AN2606 for details on the supported interface for each microcontroller). The following section will cover JTAG/SWD, USART and SPI interfaces - each section will include the following sections :

    • Hardware connection
    • Option Bytes regression (optional)
    • Secure Firmware Install
    Info white.png Information
    The Option Bytes regression step configures the OB to their default state ( this operation may not be needed if the CM will run the SFI process on a virgin part).


    Info white.png Information
    All Command lines below must be launched from the path :C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin.

    4.1. SWD interface

    Clock.png6min

    4.1.1. Hardware connection

    Plug a micro USB cable to CN15 and make sure that JP7 is in the CHGR position.

    4.1.2. Option bytes regression

    The following steps will configure the device to regress the option bytes configuration to a default state: 

    STM32_Programmer_CLI.exe -c port=SWD mode=HOTPLUG -ob RDP=0xAA nWRP0=1 nWRP1=1 nWRP2=1 nWRP3=1 nWRP4=1 nWRP5=1 nWRP6=1 nWRP7=1 BOOT_CM7_ADD0=0x0800 BOOT_CM7_ADD1=0x1FF0 SECURITY=0 -e all -ob displ

    After this step the device is ready for the SFI process.


    4.1.3. Firmware install

    This command will start the SFI process and proceed with the installation. 

    STM32_Programmer_CLI.exe -vb 1 -c port=SWD mode=HOTPLUG -sfi H735_LedBlink.sfi hsm=1 slot=1


    Info white.png Information
    You can also use the script placed in C:\X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFI\CM\Scripts :
    • EraseTarget_SWD.bat to erase target
    • PrepareTarget_SWD.bat to prepare target to SFI process
    • FlashSFI_SWD_OEM_Dev.bat to start the SFI process and proceed with the installation
    Info white.png Information
    You can refer to AN5054 for details on hsm and slot parameters.
    FlashSFI.png

    After this step the device is programmed with the OEM application code.

    4.2. UART interface

    Clock.png10min

    4.2.1. Hardware connection

    The possible hardware connection is the one using the STM32H735G-DK on-board STLINK.

    To get the UART COM port you can :

    • Open device manager and check the COM port associated with the on-board STLINK (since the used UART pins are available on STLINK VCP).
    File:STLINK-V3 device manager.png

    In this case we will use COM39.

    In order to enable the system bootloader at boot the following connection is needed :

    • Switch SW1 to position 1 (SYS MEM) in order to enable the system bootloader

    Then :

    • Plug a micro USB cable to CN15 and make sure that JP7 is in the CHGR position.
    • Reset the board.

    The STM32H735G-DK on-board STLINK can be used as USART bridge to STM32H735 system bootloader. To use the USART bootloader (USART3 PD8/PD9), no hardware modifications are needed.

    Warning white.png Warning
    The following steps will use the COM port associated with on-board STLINK (i.e. COM39).

    Make sure to check the COM port associated to the used board.

    4.2.2. Option bytes regression

    The following steps will configure the device to regress the option bytes configuration to a default state: This command will start the SFI process and proceed with the installation. 

    STM32_Programmer_CLI.exe -c port=COM39 br=115200 -rdu
    • Note:The COM port may be different on your system - make sure to update it in the commands.

    Press the BLACK RESET button on the board This command will start the SFI process and proceed with the installation. 

    STM32_Programmer_CLI.exe -c port=COM39 br=115200 -ob RDP=0xAA nWRP0=1 nWRP1=1 nWRP2=1 nWRP3=1 nWRP4=1 nWRP5=1 nWRP6=1 nWRP7=1 BOOT_CM7_ADD0=0x0800 BOOT_CM7_ADD1=0x1FF0 SECURITY=0 -e all -ob displ
    • Note:The COM port may be different on your system - make sure to update it in the commands.

    After this step the device is ready for the SFI process.

    4.2.3. Firmware install

    This command will start the SFI process and proceed with the installation. This command will start the SFI process and proceed with the installation. 

    STM32_Programmer_CLI.exe -vb 1 -c port=COM39 br=115200 -sfi H735_LedBlink.sfi hsm=1 slot=1
    • Note:The COM port may be different on your system - make sure to update it in the commands.
    Info white.png Information
    You can also use the script placed in C:\X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFI\CM\Scripts :
    • EraseTarget_UART.bat to erase target
    • PrepareTarget_UART.bat to prepare target to SFI process
    • FlashSFI_SWD_UART_Dev.bat to start the SFI process and proceed with the installation
    Info white.png Information
    You can refer to AN5054 for details on hsm and slot parameters.

    Switch SW1 to position 0 (FLASH) then reset the Board to start the program in user FLASH. After this step the device is programmed with the OEM application code.

    4.3. SPI interface

    Clock.png10min

    In order to enable the system bootloader at boot the following connection is needed:

    • Switch SW1 to position 1 (SYS MEM) in order to enable the system bootloader at boot

    Then

    • Plug a micro USB cable to CN15 and make sure that JP7 is in the CHGR position.
    • Reset the board.

    4.3.1. Hardware connection

    Clock.png10min

    For this step, a STLINK-V3[3] is needed.

    Prepare the following connections:

    • Disco CN19.29 (PE12) --> STLINK-V3 CN9.4 (SPI_SCK)
    • Disco CN19.22 (PE13) --> STLINK-V3 CN9.3 (SPI_MISO)
    • Disco CN8.6 (PE14) --> STLINK-V3 CN9.2 (SPI_MOSI)
    • Disco CN19.10 (PE11) --> STLINK-V3 CN9.1 (SPI_NSS)
    • Disco CN19.30 (GND) --> STLINK-V3 CN9.5 (GND)

    4.3.2. Option bytes regression

    Clock.png4min

    The following steps will configure the device to regress the option bytes configuration to a default state: 

    STM32_Programmer_CLI.exe -c port=SPI br=6000 -rdu

    Press the BLACK RESET button on the board 

    STM32_Programmer_CLI.exe -c port=SPI br=6000 -ob RDP=0xAA nWRP0=1 nWRP1=1 nWRP2=1 nWRP3=1 nWRP4=1 nWRP5=1 nWRP6=1 nWRP7=1 BOOT_CM7_ADD0=0x0800 BOOT_CM7_ADD1=0x1FF0 SECURITY=0 -e all -ob displ


    After this step the device is ready for the SFI process.

    4.3.3. Firmware install

    Clock.png2min

    This command will start the SFI process and proceed with the installation. 

    STM32_Programmer_CLI.exe -vb 1 -c port=SPI br=6000 -sfi H735_LedBlink.sfi hsm=1 slot=1
    Info white.png Information
    You can also use the script placed in C:\X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFI\CM\Scripts :
    • EraseTarget_SPI.bat to erase target
    • PrepareTarget_SPI.bat to prepare target to SFI process
    • FlashSFI_SWD_SPI_Dev.bat to start the SFI process and proceed with the installation
    Info white.png Information
    You can refer to AN5054 for details on hsm and slot parameters.

    Switch SW1 to position 0 (FLASH) then reset the Board to start the program in user FLASH. After this step the device is programmed with the OEM application code.

    5. References

    1. STM32H735-DK
    2. STM32-HSM
    3. STM32CubeProgrammer
    4. STM32CubeMx
    5. STM32CubeIDE
    6. xcube-sfi
Retrieved from "https://wiki.stmicroelectronics.cn/stm32mcu/index.php?title=STM32StepByStep:SFIx_Step-by-step_on_STM32H735_Discovery_Kit&oldid=19222"