How to create ROT examples for STM32H7RS

In the STM32CubeH7RS firmware package, ROT examples are not provided for all boards and all MCUs. This article explains how to generate ROT examples for the NUCLEO-H7S3L8 board and for boards with STM32H7R device.


1. ROT projects creation for NUCLEO-H7S3L8

Several ROT examples can be generated for the NUCLEO-H7S3L8 board using the STM32H7S78-DK board as a reference. The list of projects to be created depends on the boot configuration selected:

  • STiRoT: the STiROT_iLoader and STiROT_Appli projects must be created.
  • OEMiRoT: the OEMiROT_Boot and OEMiROT_Appli projects must be created.
  • STiRoT + OEMuRoT: the STiROT_iLoader, OEMiROT_Boot, and OEMiROT_Appli projects must be created. OEMuRoT boot can be generated by compiling the OEMiRoT_Boot project with the OEMUROT_ENABLE switch activated.

1.1. STiRoT project creation

This paragraph shows how to create the STiRoT projects for the NUCLEO-H7S3L8 board starting from STM32H7S78-DK STiRoT projects.

In the package, only readme files are provided in Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT, so the generation of the STiROT_iLoader and STiROT_Appli projects with the associated provisioning scripts can be done by following these steps:

  1. Get the source files from the STM32H7S78-DK project:
    • Copy the Firmware/Projects/STM32H7S78-DK/Applications/ROT/STiROT_iLoader content into the Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/STiROT_iLoader folder. The readme file can be overwritten.
    • Copy the Firmware/Projects/STM32H7S78-DK/Applications/ROT/STiROT_Appli content into the Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/STiROT_Appli folder. The readme file can be overwritten.
    • Copy the Firmware/Projects/STM32H7S78-DK/ROT_Provisioning content into Firmware/Projects/NUCLEO-H7S3L8/ROT_Provisioning. The DA folder, env.bat, and env.sh can be overwritten.
  2. Change the board name in the Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT project configurations (from STM32H7S78-DK to NUCLEO-H7S3L8):
    • Open STiROT_iLoader/EWARM/Project.ewp and Project.ewd (with a text editor, like Notepad++) and replace everywhere in the file:
      • STM32H7S78-DK_STiROT_iLoader with NUCLEO-H7S3L8_STiROT_iLoader
      • STM32H7S78-DK\Exe with NUCLEO-H7S3L8\Exe
      • STM32H7S78-DK\Obj with NUCLEO-H7S3L8\Obj
      • STM32H7S78-DK\List with NUCLEO-H7S3L8\List
    • Open STiROT_iLoader/MDK-ARM/Project.uvprojx and Project.uvoptx (with a text editor, like Notepad++) and replace everywhere in the file:
      • STM32H7S78-DK_STiROT_iLoader with NUCLEO-H7S3L8_STiROT_iLoader
    • Open STiROT_iLoader/STM32CubeIDE/.cproject, .project, and postbuild.sh (with a text editor, like Notepad++) and replace everywhere in the file:
      • STM32H7S78-DK_STiROT_iLoader with NUCLEO-H7S3L8_STiROT_iLoader
      • STM32H7S78-DK_STiROT_Appli with NUCLEO-H7S3L8_STiROT_Appli
    • Open STiROT_Appli/EWARM/Project.ewp and Project.ewd (with a text editor, like Notepad++) and replace everywhere in the file:
      • STM32H7S78-DK_STiROT_Appli with NUCLEO-H7S3L8_STiROT_Appli
      • STM32H7S78-DK\Exe with NUCLEO-H7S3L8\Exe
      • STM32H7S78-DK\Obj with NUCLEO-H7S3L8\Obj
      • STM32H7S78-DK\List with NUCLEO-H7S3L8\List
    • Open STiROT_Appli/MDK-ARM/Project.uvprojx and Project.uvoptx (with a text editor, like Notepad++) and replace everywhere in the file:
      • STM32H7S78-DK_STiROT_Appli with NUCLEO-H7S3L8_STiROT_Appli
    • Open STiROT_Appli/STM32CubeIDE/.cproject, .project, and postbuild.sh (with a text editor, like Notepad++) and replace everywhere in the file:
      • STM32H7S78-DK_STiROT_Appli with NUCLEO-H7S3L8_STiROT_Appli
  3. Adapt the project to the correct device. For this, open the Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/STiROT_iLoader and STiROT_Appli projects:
    • Using IAR (EWARM):
      • Go to "Options", select "General Options", in the "Target" field select "device" then ST > STM32H7 > STM32H7S3 and choose ST STM32H7S3L8 device.
      • Go to "Options", select "C/C++ Compiler", and in the "Preprocessor" tab change the compilation symbol (STM32H7S3xx instead of STM32H7S7xx).
    • Using STM32CubeIDE:
      • Go to "Properties", select the "C/C++ General" tab then "Paths an Symbols", and in the "Symbols" tab select the symbols for "GNU C" and change the compilation flag (STM32H7S3xx instead of STM32H7S7xx).
    • Using KEIL (MDK-ARM):
      • Go to "Options" and select the "Device" tab to choose your device.
      • Go to "Options", select the "C/C++ (AC6)" tab, and in the "Define" field, in "Preprocessor Symbols", change the compilation symbol (STM32H7S3xx instead of STM32H7S7xx).
  4. Adapt the provisioning files to the NUCLEO-H7S3L8 board:
    • Firmware/Projects/NUCLEO-H7S3L8/ROT_Provisioning/env.sh:
      • Update the stm32ExtLoaderFlash variable with -elbl $stm32programmercli_path/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1-OBL.stldr.
      • Update the stm32ExtLoaderFlashOpen variable with -el $stm32programmercli_path/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1.stldr.
    • Firmware/Projects/NUCLEO-H7S3L8/ROT_Provisioning/env.bat:
      • Update the stm32ExtLoaderFlash variable with -elbl %stm32tool_path%/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1-OBL.stldr.
      • Update the stm32ExtLoaderFlashOpen variable with -el %stm32tool_path%/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1.stldr.

You are now ready to follow any of the follofing tutorials:

1.2. OEMiRoT project creation

This paragraph shows how to create the OEMiRoT projects for the NUCLEO-H7S3L8 board starting from STM32H7S78-DK OEMiRoT projects. In the package, only readme files are provided in Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT, so the generation of the OEMiROT_Boot and OEMiROT_Appli projects can be done by following these steps:

  1. Get the source files from the STM32H7S78-DK project:
    • Copy the Firmware/Projects/STM32H7S78-DK/Applications/ROT/OEMiROT_Boot content (except readme.md/.html) into the Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/OEMiROT_Boot folder.
    • Copy the Firmware/Projects/STM32H7S78-DK/Applications/ROT/OEMiROT_Appli content (except readme.md/.html) into the Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/OEMiROT_Appli folder.
    • Copy the Firmware/Projects/STM32H7S78-DK/ROT_Provisioning content (except readme.md/.html) into Firmware/Projects/NUCLEO-H7S3L8/ROT_Provisioning.
  2. Change the board name in the Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT project configurations (from STM32H7S78-DK to NUCLEO-H7S3L8):
    • Open OEMiROT_Boot/EWARM/Project.ewp and Project.ewd (with a text editor, like Notepad++) and replace everywhere in the file:
      • STM32H7S78-DK_OEMiROT_Boot with NUCLEO-H7S3L8_OEMiROT_Boot
      • STM32H7S78-DK\Exe with NUCLEO-H7S3L8\Exe
      • STM32H7S78-DK\Obj with NUCLEO-H7S3L8\Obj
      • STM32H7S78-DK\List with NUCLEO-H7S3L8\List
    • Open OEMiROT_Boot/MDK-ARM/Project.uvprojx and Project.uvoptx (with a text editor, like Notepad++) and replace everywhere in the file:
      • STM32H7S78-DK_OEMiROT_Boot with NUCLEO-H7S3L8_OEMiROT_Boot
    • Open OEMiROT_Boot/STM32CubeIDE/.cproject, .project, and postbuild.sh (with a text editor, like Notepad++) and replace everywhere in the file:
      • STM32H7S78-DK_OEMiROT_Boot with NUCLEO-H7S3L8_OEMiROT_Boot
    • Open OEMiROT_Appli/EWARM/Project.ewp and Project.ewd (with a text editor, like Notepad++) and replace everywhere in the file:
      • STM32H7S78-DK_OEMiROT_Appli with NUCLEO-H7S3L8_OEMiROT_Appli
      • STM32H7S78-DK\Exe with NUCLEO-H7S3L8\Exe
      • STM32H7S78-DK\Obj with NUCLEO-H7S3L8\Obj
      • STM32H7S78-DK\List with NUCLEO-H7S3L8\List
    • Open OEMiROT_Appli/MDK-ARM/Project.uvprojx and Project.uvoptx (with a text editor, like Notepad++) and replace everywhere in the file:
      • STM32H7S78-DK_OEMiROT_Appli with NUCLEO-H7S3L8_OEMiROT_Appli
    • Open OEMiROT_Appli/STM32CubeIDE/.cproject, .project, and postbuild.sh (with a text editor, like Notepad++) and replace everywhere in the file:
      • STM32H7S78-DK_OEMiROT_Appli with NUCLEO-H7S3L8_OEMiROT_Appli
  3. Adapt the project to the correct device. For this, open the Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/OEMiROT_Boot and OEMiROT_Appli projects:
    • Using IAR (EWARM):
      • Go to "Options", select "General Options", in the "Target" field select "device" then ST > STM32H7 > STM32H7S3 and choose ST STM32H7S3L8 device.
      • Go to "Options", select "C/C++ Compiler", and in the "Preprocessor" tab change the compilation symbol (STM32H7S3xx instead of STM32H7S7xx).
      • Open the "prebuild.cmd" file (located in "Firmware/Projects/NUCLEO-H7S3L8/Applications/ROT/OEMiROT_Boot/EWARM") and change the compilation symbol (-DSTM32H7S3xx instead of -DSTM32H7S7xx).
    • Using STM32CubeIDE:
      • Go to "Properties", select the "C/C++ Build" tab then "Settings", and in the "Build Steps" tab change the command in "Pre-build steps" by updating the compilation symbol (STM32H7S3xx instead of STM32H7S7xx). This is applicable only for the OEMiROT_Boot project.
      • Go to "Properties", select the "C/C++ General" tab then "Paths and Symbols", and in the "Symbols" tab select the symbols for "GNU C" and change the compilation flag (STM32H7S3xx instead of STM32H7S7xx).
    • Using KEIL (MDK-ARM):
      • Go to "Options", select the "Device" tab and choose your device.
      • Go to "Options", select the "C/C++ (AC6)" tab, and in the "Define" field in "Preprocessor Symbols", change the compilation symbol (STM32H7S3xx instead of STM32H7S7xx).
      • Go to "Options", select the "User" tab, and change the "Run #2" command in the "Before Build/Rebuild" field by updating the define matching with your platform ("-DSTM32H7S3xx" instead of "-DSTM32H7S7xx"). This is applicable only for the OEMiROT_Boot project.
  4. Adapt the provisioning files to the NUCLEO-H7S3L8 board:
    • Firmware/Projects/NUCLEO-H7S3L8/ROT_Provisioning/env.sh:
      • Update the stm32ExtLoaderFlash variable with -elbl $stm32programmercli_path/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1-OBL.stldr
      • Update the stm32ExtLoaderFlashOpen variable with -el $stm32programmercli_path/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1.stldr
    • Firmware/Projects/NUCLEO-H7S3L8/ROT_Provisioning/env.bat:
      • Update the stm32ExtLoaderFlash variable with -elbl %stm32tool_path%/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1-OBL.stldr
      • Update the stm32ExtLoaderFlashOpen variable with -el %stm32tool_path%/ExternalLoader/MX25UW25645G_NUCLEO-H7S3L8-XSPIM1.stldr
Warning white.png Warning
By default, the "load and run execution" mode of OEMiROT_Boot project is configured to run from external RAM memory. This configuration is not applicable for NUCLEO-H7S3L8. The switch OEMIROT_LOAD_AND_RUN must be updated.

You are now ready to follow any of the follofing tutorials:

Info white.png Information
OEMuRoT can be generated by compiling the OEMiRoT_Boot project with the OEMUROT_ENABLE switch activated

2. OEMiROT project adaptation for STM32H7R devices

This paragraph shows how to adapt an existing STM32H7S OEMiRoT example to be compatible with an STM32H7R MCU.

This adaptation is possible only with IAR and KEIL due to the 64-Kbyte memory footprint limitation (software cryptography over consumption vs hardware cryptography).

This adaptation can be done based on STM32H7S78-DK as described below. It can also be done based on NUCLEO-H7S3L8 once OEMiRoT projects are created (OEMiRoT project creation).

To perform this adaptation, execute the following steps:

  1. Adapt the project to the correct device. For this, open the Firmware/Projects/STM32H7S78-DK/Applications/ROT/OEMiROT_Boot and OEMiROT_Appli projects:
    • Using IAR (EWARM):
      • Go to "Options", select "General Options", and in the "Target" field select "device" then ST > STM32H7 > STM32H7R7 to choose ST STM32H7R7L8 device.
      • Go to "Options", select "C/C++ Compiler" and then the "Preprocessor" tab, and change the compilation symbol (STM32H7R7xx instead of STM32H7S7xx).
      • Open the prebuild.cmd file (located in Firmware/Projects/STM32H7S78-DK/Applications/ROT/OEMiROT_Boot/EWARM) and change the compilation symbol (-DSTM32H7R7xx instead of -DSTM32H7S7xx).
    • Using KEIL (MDK-ARM):
      • Go to "Options", select the "Device" tab and then STMicroelectronics > STM32H7 series > STM32H7R7 to choose STM32H7R7L8 device
      • Go to "Options", select the "C/C++ (AC6)" tab, and in the "Define" field in "Preprocessor Symbols" change the compilation symbol (STM32H7R7xx instead of STM32H7S7xx).
      • Go to "Options", select the "User" tab, and change the "Run #2" command in the "Before Build/Rebuild" field by updating the define matching with your platform ("-DSTM32H7R7xx" instead of "-DSTM32H7S7xx"). This is applicable only for the OEMiROT_Boot project.
  2. Adapt the provisioning files to the STM32H7R device:
    • Firmware/Projects/STM32H7S78-DK/ROT_Provisioning/OEMiROT/obkey_provisioning.bat, obkey_provisioning_open.bat, and provisioning.bat (.sh):
      • Update the device_type variable with H7R
    • Firmware/Projects/STM32H7S78-DK/ROT_Provisioning/DA/Config/DA_Config.xml, DA_ConfigWithPassword.xml:
      • Use a text editor to set the field DoEncryption to 0 and use STM32TrustedPackageCreator to generate matching .obk files
    • Firmware/Projects/STM32H7S78-DK/ROT_Provisioning/OEMiROT/Config/OEMiROT_Config.xml:
      • Use a text editor to set the field DoEncryption to 0 and use STM32TrustedPackageCreator to generate matching .obk files
    • Firmware/Projects/STM32H7S78-DK/ROT_Provisioning/env.sh:
      • Update the stm32ExtLoaderFlash variable with -elbl $stm32programmercli_path/ExternalLoader/MX66UW1G45G_STM32H7S78-DK-SFIx.stldr
      • Update the stm32ExtLoaderFlashOpen variable with -el $stm32programmercli_path/ExternalLoader/MX66UW1G45G_STM32H7S78-DK.stldr
    • Firmware/Projects/STM32H7S78-DK/ROT_Provisioning/env.bat:
      • Update the stm32ExtLoaderFlash variable with -elbl %stm32tool_path%/ExternalLoader/MX66UW1G45G_STM32H7S78-DK-SFIx.stldr
      • Update the stm32ExtLoaderFlashOpen variable with -el %stm32tool_path%/ExternalLoader/MX66UW1G45G_STM32H7S78-DK.stldr
Info white.png Information
For the NUCLEO-H7S3L8 external flash loader, do not forget to do the same adaptation by removing "XSPIM1" from the file name: MX25UW25645G_NUCLEO-H7S3L8-OBL.stldr and MX25UW25645G_NUCLEO-H7S3L8.stldr.

You are now ready to follow Security:How to start with OEMiRoT on STM32H7S to run the OEMiRoT example. Even if it was initially written for STM32H7S devices, it is also relevant for STM32H7R.


Retrieved from "https://wiki.stmicroelectronics.cn/stm32mcu/index.php?title=Security:How_to_create_ROT_examples_for_STM32H7RS&oldid=60848"