How to import, build and debug STM32CubeMP2 StarterAppM33TD demonstration in STM32CubeIDE

Trusted domain applicability

This article is only applicable to M33-TD flavor of STM32MP2 series

Important

In this article, the STM32MP215F-DK Discovery kit is taken as example. Nevertheless, it is also applicable for STM32MP257F-EV1 Evaluation board Rev D.

This article gives some guidelines to support secure project on Arm^®-Cortex^®-M33 for M33-TD flavor focuses on building secure firmware (Trusted Firmware-M) alongside nonsecure firmware, and provides guidance on how to debug both. It can be used on both Windows and Linux workstations. However, the screenshots in this article were taken on a Linux workstation.

The secure project relies on the StarterApp_M33TD project delivered in STM32CubeMP2 Package. This project offers a secure build configuration using Trusted Firmware-M (TF-M).

1. Prerequisites[edit | edit source]

1.1. Hardware prerequisites[edit | edit source]

• Board must be connected to the workstation, refer to STM32MP215x-DKx_-_hardware_description for details.
• The ST-Link V3 cable must be connected to the PC USB port to display traces.​
• 2 consoles on your workstation are needed : one for Arm^®-Cortex^®-M33 and one for Arm^®-Cortex^®-A35. For that, 2 "USB to TTL serial cables" are needed, see STM32MP215x-DKx_-_hardware_description#Connecting USB to TTL serial cables

1.2. Software prerequisites[edit | edit source]

• STM32CubeIDE must be installed.
• STM32CubeMX must be installed.
• STM32CubeProgrammer must be installed.
• Download the M33-TD Starter Package: STM32MP2-Ecosystem-v6-1-0_release_for_M33-TD_flavor

• Install build environment and python dependencies for TF-M as described in How_to_configure,_build_and_deploy_TF-M#Prerequisites chapter.

Warning

Be careful to clone from the STMicroelectronics Github.

• Install sources of trusted-firmware-m as described in How_to_configure,_build_and_deploy_TF-M#Downloading_source chapter.

Trusted-firmware-m should be installed in STM32CubeMP2 Package, Middlewares/Third_Party/trusted-firmware-m.

• Go where you installed trusted-firmware-m

cd <working directory path>/STM32Cube_FW_MP2_V1.2.0/Middlewares/Third_Party/trusted-firmware-m

• Install, on the workstation, python libraries, needed for TF-M signature python script.

pip install -r tools/requirements.txt

Warning

The process running STM32CubeIDE must define HTTP and HTTPS proxies for the CMake command to successfully access the network. Network access is required to download TF-M sources and dependencies during CMake configure. For help to set up proxy please read How_to_set_up_proxy_and_P2P_Ethernet_connection_with_STM32CubeIDE On Linux® workstation, it is recommended to launch STM32CubeIDE from your terminal with configured proxy environment.

Warning

On Windows, you may need to rename the file "python.exe" as "python3.exe" to complete the build.

Warning

On Ubuntu 22.04, when compiling MCUboot BL2 after installing all required build tools and dependencies, you may encounter errors due to missing Python modules required by the scripts boot_record.py (requires cbor2) and image.py (requires intelhex) located in Third_Party/trusted-firmware-m/config_default/lib/ext/mcuboot-src/scripts/imgtool/. To resolve these issues, install the necessary packages by running: sudo pip install cbor2 intelhex imgtool in your terminal.

1.3. Import StarterApp_M33TD project into STM32CubeIDE[edit | edit source]

StarterApp_M33TD project is imported into STM32CubeIDE from STM32CubeMP2 Package using the menu File > Import....
Then, expand General, choose Existing Projects into Workspace.

StarterApp_M33TD imported project

A new window appears in Select root directory: click on Browse... and select in the STM32CubeMP2 firmware .../STM32Cube_FW_MP2_V1.2.0/Projects/STM32MP215F-DK/Demonstrations/StarterApp_M33TD/STM32CubeIDE.

Note that StarterApp_M33TD project is available from STM32CubeMPU package repository on local disk or from Projects/STM32MP215F-DK/Demonstrations/StarterApp_M33TD .

StarterApp_M33TD imported project

Resulting project structure contains two projects:

• StarterApp_M33TD_CM33_NonSecure, HAL-based project, addressing nonsecure part of application.
• StarterApp_M33TD_CM33_trusted-firmware-m, pre-set CMake STM32CubeIDE project for TF-M, with link to sources: trusted-firmware-M pointing inside STM32CubeMP2 Package Middlewares/Third_Party/trusted-firmware-m

StarterApp_M33TD imported project

1.4. Set up and configure the StarterApp_M33TD_CM33_trusted-firmware-m project[edit | edit source]

1.4.1. Configure trusted-firmware-m link[edit | edit source]

Information

This section is normally not needed if you followed the #Software_prerequisites and installed the trusted-firmware-m sources in Middlewares/Third_Party/trusted-firmware-m. You should only follow it if your trusted-firmware-m is empty: trusted-firmware-m imported empty link

To use the Trusted Firmware-M (TF-M) source files in your project, you need to specify the path to the TF-M repository.

As shown in the screenshot below, enter the correct path to the TF-M source folder in the STM32CubeIDE project settings to properly link the repository with your CMake-based project configuration.

Right click in trusted-firmware-m -> Properties -> Resources -> Edit and provide the path to trusted-firmware-m directory .

trusted-firmware-m link to source files

To get source code, follow the instructions in How_to_configure,_build_and_deploy_TF-M#Installing_sources. You can then refresh STM32CubeIDE project and view sources.

StarterApp_M33TD imported project

1.4.2. CMake configuration[edit | edit source]

In order to check CMake command

• right click on StarterApp_M33TD_CM33_trusted-firmware-m->Properties-> C/C++ build, click on CMake Settings tab, then in Other Options put your "CMake command" Apply > Apply and close

The trusted-firmware-M project is imported with pre-configured settings, but some of them can be customized.

Below an example of STM32MP215F-DK board - CMake project usage settings:

-DTFM_PLATFORM=stm/stm32mp215f_dk 
-DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake 
-DSTM32_BOOT_DEV=sdmmc1 # This option can be modified if you are not using the SD-CARD as boot memory.
-DTFM_PROFILE=profile_medium 
-DSTM32_M33TDCID=ON 
-DCMAKE_BUILD_TYPE=Relwithdebinfo 
-DNS=OFF 
-DDTS_EXT_DIR=../../../../../../../../Utilities/dt-stm32mp
-DDTS_BOARD_BL2=stm32mp2/m33-td/mcuboot/stm32mp215f-dk-cm33tdcid-ostl-sdcard-bl2.dts
-DDTS_BOARD_S=stm32mp2/m33-td/tfm/stm32mp215f-dk-cm33tdcid-ostl-sdcard-s.dts
-DDEBUG_AUTHENTICATION=FULL  # Enabled for Debug Purpose, Default: this option is removed.

Warning

You must manually update DTS_EXT_DIR because the one delivered in STM32Cube_FW_MP2_V1.2.0 is not correct. The path value should be ../../../../../../../../Utilities/dt-stm32mp.

2. Set up embedded software[edit | edit source]

2.1. Populate the board with OpenSTLinux release for M33-TD flavor [edit | edit source]

Flash OpenSTLinux Starter Package ecosystem release v6.1.0 dedicated to M33-TD flavor on your SD card, following instructions given in STM32MP21_Discovery_kits_-_Starter_Package#Downloading_the_image_and_flashing_it_on_the_board chapter.

2.2. Boot the board[edit | edit source]

2.2.1. Configure boot pins[edit | edit source]

Once the embedded software has been downloaded in the board, specific boot pins configuration is needed to boot on Arm^®-Cortex^®-M33 with the wished dual mass storage:

• Arm^®-Cortex^®-M33 from SD card,
• Arm^®-Cortex^®-A35 from SD card.

You must refer to STM32MP215x-DKx_-_hardware_description#Boot_switches to configure the boot pin correctly for M33-TD flavor .

2.2.2. Create a second console[edit | edit source]

Two consoles are needed to check the dual boot.
See How_to_open_several_serial_consoles

To trace boot logs for Arm^®-Cortex^®-M33 and Arm^®-Cortex^®-A35, you must open two consoles on windows.

2.2.3. Start your board[edit | edit source]

To boot your board, you need to reset it by pressing on the Reset button on the board.

See dual boot steps, on the both consoles, in the screenshot below:

2.3. Configure StarterAppM33TD application with Device tree generated by STM32CubeMX[edit | edit source]

Information

This part is optional. It is needed if you want to use the device tree generated from CubeMX

The StarterAppM33TD application can be configured to run with a device tree generated by STM32CubeMX project.

To create an M33-TD flavor STM32CubeMX project, follow instructions given in How_to_create_STM32MPU_projects_with_STM32CubeMX#Create_an_STM32MP2_series_project

• Below an example of the device tree files generated by CubeMX

username@hostname:~/Downloads/MP2_TFM_TEST/MP21_board/CM33/DeviceTree$ tree

└── MP21_board
   ├── mcuboot
   │   ├── stm32mp215f-mp21_board-mx.dts
   │   ├── stm32mp215f-mp21_board-mx-rcc.dtsi
   │   ├── stm32mp215f-mp21_board-mx-resmem.dtsi
   │   ├── stm32mp215f-mp21_board-mx-rif.dtsi
   │   └── stm32mp21-mx.dtsi
   └── tf-m
       ├── stm32mp215f-mp21_board-mx.dts
       ├── stm32mp215f-mp21_board-mx-rcc.dtsi
       ├── stm32mp215f-mp21_board-mx-resmem.dtsi
       └── stm32mp215f-mp21_board-mx-rif.dtsi

• In order to build with STM32CubeMX Device Tree user have to update CMake project usage settings.
• Only these ones should be updated :

-DDTS_EXT_DIR=/local/home/username/Downloads/MP2_TFM_TEST/MP21_board/CM33/DeviceTree 
-DDTS_BOARD_BL2=MP21_board/mcuboot/stm32mp215f-mp21_board-mx.dts 
-DDTS_BOARD_S=MP21_board/tf-m/stm32mp215f-mp21_board-mx.dts

3. Build updated project[edit | edit source]

3.1. Build the StarterApp_M33TD_CM33_trusted-firmware-m project[edit | edit source]

• StarterApp_M33TD_CM33_trusted-firmware-m project generates bl2.stm32 , ddr_phy_signed.bin , tfm_s.bin , tfm_s.elf and bl2.elf.
• StarterApp_M33TD_CM33_NonSecure project generates StarterApp_M33TD_CM33_NonSecure_tfm_s_ns_signed.bin

So when bl2 or tfm-s are rebuilt, you need to rebuild StarterApp_M33TD_CM33_NonSecure project in order to link and sign secure tfm_s.bin and StarterApp_M33TD_CM33_NonSecure.bin thanks to "postbuild" command, explained below in the article.

You can configure your project doing right click to your StarterApp_M33TD_CM33_trusted-firmware-m > CMake configure.

Information

If you already made the CMake configuration in the past, you can override it by selecting Delete and Reconfigure.

Then run the build of StarterApp_M33TD_CM33_trusted-firmware-m by cliking on the hammer build icon from eclipse.

The generated ELF files tfm_s.elf and bl2.elf, are needed to debug. They can be found in:

• StarterApp_M33TD_CM33_trusted-firmware-m/trusted-firmware-m/config_default/api_ns/bin/ tfm_s.elf
• StarterApp_M33TD_CM33_trusted-firmware-m/trusted-firmware-m/config_default/api_ns/bin/ bl2.elf

3.2. Build the StarterApp_M33TD_CM33_NonSecure project[edit | edit source]

To generate the bin object StarterApp_M33TD_CM33_NonSecure_tfm_s_ns_signed.bin, you need to activate the generation of the .bin from right click StarterApp_M33TD_CM33_NonSecure > Properties > C/C++ Build > Settings > MCU/MPU Post build outputs > select covert to binary file(-O binary ):

The StarterApp_M33TD_CM33_NonSecure project is used to get StarterApp_M33TD_CM33_NonSecure_tfm_s_ns_signed.bin object in order to link and sign secure tfm_s.bin, and non secure StarterApp_M33TD_CM33_NonSecure.bin
thanks to "postbuild" command visible in C/C++ Build > Settings and in tab Build Steps:

The default postbuild command of the project is made for Windows. On Linux Host, you should update it with the one below:

python ${workspace_loc:/StarterApp_M33TD_CM33_trusted-firmware-m/trusted-firmware-m/config_default/api_ns/image_signing/scripts/assemble.py} --layout ${workspace_loc:/StarterApp_M33TD_CM33_trusted-firmware-m/trusted-firmware-m/config_default/api_ns/image_signing/layout_files/signing_layout_s_ns.o} --secure ${workspace_loc:/StarterApp_M33TD_CM33_trusted-firmware-m/trusted-firmware-m/config_default/api_ns/bin/tfm_s.bin} --non_secure ${BuildArtifactFileBaseName}.bin --output ${BuildArtifactFileBaseName}_tfm_s_ns.bin; python ${workspace_loc:/StarterApp_M33TD_CM33_trusted-firmware-m/trusted-firmware-m/config_default/api_ns/image_signing/scripts/wrapper/wrapper.py} --version 2.1.0 --layout ${workspace_loc:/StarterApp_M33TD_CM33_trusted-firmware-m/trusted-firmware-m/config_default/api_ns/image_signing/layout_files/signing_layout_s_ns.o} --key ${workspace_loc:/StarterApp_M33TD_CM33_trusted-firmware-m/trusted-firmware-m/config_default/api_ns/image_signing/keys/image_s_signing_private_key.pem} --public-key-format full --align 1 --pad --pad-header -H 0x800 -s 1 -L 128 --measured-boot-record ${BuildArtifactFileBaseName}_tfm_s_ns.bin ${BuildArtifactFileBaseName}_tfm_s_ns_signed.bin;

Select StarterApp_M33TD_CM33_NonSecure project. This project has only one build configuration: CM33TDCID_m33_ns_tfm_s_sign.
Build can be done using standard eclipse Build icon, it generates StarterApp_M33TD_CM33_NonSecure_tfm_s_ns_signed.bin, visible after a project refresh.

4. Populate board with the created project[edit | edit source]

To flash your board, the recommended way is to take an existing tsv and update it with generated binaries :

• arm-trusted-firmware-m:
  • bl2.stm32
  • ddr_phy_signed.bin

• arm-trusted-firmware-m-cube
  • StarterApp_M33TD_CM33_NonSecure_tfm_s_ns_signed.bin

You need first to configure the boot pin correctly, in Forced USB boot for flash memory programming for that refer to STM32MP215x-DKx_-_hardware_description#Boot_switches.

To modify the "tsv" file:

• Go inside <working directory path>/Starter-Package/stm32mp2-m33td-openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11/images/stm32mp2-m33td/flashlayout_st-image-weston/optee/.
• Make a copy the tsv FlashLayout_sdcard_stm32mp215f-dk-cm33tdcid-ostl-optee.tsv in the same directory.
• And rename it by adding STM32CubeIDE Firmware project name. For example by adding FW, the name becomes FlashLayout_sdcard_stm32mp215f-dk-cm33tdcid-ostl-optee_FW.tsv

.tsv file copy

• Open the new tsv and update all the Opt column of unmodified partitions to PE in order to getting flashing quickly. (Yellow part of the picture below)
• Update the paths to use the new binaries generated with STM32CubeIDE (Red part of the picture below):
  • Replace fsblm1 and fsblm2 binary with arm-trusted-firmware-m/bl2.stm32
  • Replace m33ddr-a binary with arm-trusted-firmware-m/ddr_phy_signed.bin
  • Replace m33fw-a binary with arm-trusted-firmware-m-cube/StarterApp_M33TD_CM33_NonSecure_tfm_s_ns_signed.bin

Resulting image :

Update .tsv file with generated binaries

4.1. Populate board with the created project with STM32CubeIDE[edit | edit source]

STM32CubeIDE proposes Flash device memory menu, based onto STM32CubeProgrammer and its .tsv files. This menu allows to flash an on-board SD-Card.

• Select StarterApp_M33TD_CM33 project and right click to get Program memory device.

• Go in Tab Flash memories programmer:
  • Fill Binaries Directory with the path to the folder with binaries inside the Starter Package should be <working directory path>/Starter-Package/stm32mp2-m33td-openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11/images/stm32mp2-m33td/
  • Fill TSV File with the updated .tsv file.
  • Click on Download button.

Program memory device menu

4.2. Populate board with the created project with STM32CubeProgrammer[edit | edit source]

• First step requires to copy the generated binaries from STM32CubeIDE in the folder indicated in the updated tsv.

Update .tsv file with generated binaries copied on OpenSTLinux Starter Package

Copy in arm-trusted-firmware-m folder the binaries:

bl2.stm32
ddr_phy_signed.bin

By default, they are generated in
STM32Cube_FW_MP2_V1.2.0/Middlewares/Third_Party/trusted-firmware-m/config_default/api_ns/bin/

Copy in arm-trusted-firmware-m-cube the binary:

StarterApp_M33TD_CM33_NonSecure_tfm_s_ns_signed.bin

By default, it is generated in
STM32Cube_FW_MP2_V1.2.0/Projects/STM32MP215F-DK/Demonstrations/StarterApp_M33TD/STM32CubeIDE/CM33/NonSecure/CM33TDCID_m33_ns_tfm_s_sign/

4.2.1. Flashing with STM32_Programmer_CLI[edit | edit source]

• Go inside the binaries folder of the Starter Package: <working directory path>/Starter-Package/stm32mp2-m33td-openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11/images/stm32mp2-m33td/

• Then use the STM32_Programmer_CLI with the new tsv generated. Below, an example of command to use:

PC>$ STM32_Programmer_CLI -c port=usb1 -w flashlayout_st-image-weston/optee/FlashLayout_sdcard_stm32mp215f-dk-cm33tdcid-ostl-optee_FW.tsv

4.2.2. Flashing with STM32CubeProgrammer GUI Application[edit | edit source]

• Run STM32CubeProgrammer GUI Application

Updating target with stm32cubeprog application ...

• Fill Binaries Directory with the path to binaries inside OpenSTLinux images: <working directory path>/Starter-Package/stm32mp2-m33td-openstlinux-6.6-yocto-scarthgap-mpu-v25.06.11/images/stm32mp2-m33td/.
• Fill TSV File with the updated .tsv file.
• Connect to the target through USB
• Click on Download button.

5. How to debug[edit | edit source]

5.1. Prerequisites to debug[edit | edit source]

Once the download is completed, you must configure again the Boot Pin for M33-TD flavor boot. You must refer to STM32MP215x-DKx_-_hardware_description#Boot_switches.

5.2. Debug bl2[edit | edit source]

Open a console in STM32CubeIDE and reboot the board, you should see logs like this:​

BL2 waiting for debugger in Arm^®-Cortex^®-M33 Console

By default the code should be stuck in the bl2.​

Select StarterApp_M33TD_CM33_trusted-firmware-m project and right click to get Debug As > Debug configurations....

Double click STM32 C/C++ Application and create debug configuration:

• In main tabulation, Search Project and select bl2.elf.
• In Debugger tabulation:
  • Load Mode and select thru JTAG/SWD link (Engineering mode).
• In Startup tabulation:
  • Remove all the Initialization Commands
  • Disable in Runtime Options the Resume checkbox.
  • Select the Load Image and Symbols element click Edit and disable Download.

And click on Apply.

Launching debug session

Warning

Click on "Expand", visible on the right side of the page, to view STM32MP21 Warnings.

Configuration file error

If you run the debug on STM32MP21, you will encounter an error. This is due to an error in the generated cfg file.

In the project explorer, in the root of the project, click on StarterApp_M33TD_CM33_trusted-firmware-m config_default.cfg, copy it and paste it to duplicate it. You can call it StarterApp_M33TD_CM33_trusted-firmware-m config_default_user.cfg. Then open the new file and replace the last line with:

source [find target/stm32mp21x.cfg]

Then we need to modify again the debug configuration. Select StarterApp_M33TD_CM33_trusted-firmware-m project and right click to get Debug As > Debug configurations.... Click on the configuration created previously, by default it should be StarterApp_M33TD_CM33_trusted-firmware-m config_default

• In Debugger tabulation:
  • In configuration Script area, select User Defined and point to your updated cfg file.

Debugger starting issue

On STM32MP21, a limitation prevent to make the debug start up in STM32CubeIDE, this should be done in two terminals.

• To get the command to run in the first one, you need to go in the debug configuration that you created previously.

Select StarterApp_M33TD_CM33_trusted-firmware-m project and right click to get Debug As > Debug configurations....

• Click on the configuration created previously, by default it should be StarterApp_M33TD_CM33_trusted-firmware-m config_default
• In Debugger tabulation:
  • In GDB Server Command Line Options: Click on Show Command Line.
  • Then Copy & Close

• Open two shell command line on your Linux Host.
  • In the first one, paste the command and hit enter to run it.
  • In the second one, type:

telnet localhost 4444

Once the connection is done, type:

targets
STM32MP215FANx.m33 arp_examine

Once it is done, you can go back to STM32CubeIDE.

Click on Debug and you should see that you are in /StarterApp_M33TD_CM33_trusted-firmware-m/trusted-firmware-m/platform/ext/target/stm/common/stm32mp2xx/bl2/boot_hal.c.

You can just use the step into button to continue your debug in the BL2.

5.3. Debug TF-M secure[edit | edit source]

Information

A way to control entry point of the TF-M debug session could be to add a debug loop. enum tfm_hal_status_t tfm_hal_platform_init(void) { // Debug loop entry volatile int i=1; while(i); The debug session starts inside this debug loop. In variable tab, you can modify the value of “i” to 0 to unlock the loop and then it become possible to step into TF-M initialization code.

When debugging TF-M Secure and nonsecure firmware, please note that both run with cache enabled (D-Cache and I-Cache) by default. Because of this, standard breakpoints and variable modifications may not work as expected during debugging.

To avoid these limitations and to make easier the debug, you can disable the cache for debug purpose.

5.3.1. Disabling Cache[edit | edit source]

• You need to modify your CMake settings and add at the beginning:

-DSTM32_CACHE_ENABLED=OFF

The explanation to reach the CMake settings is available here: CMake_configuration

• Then run the CMake Configure and the build of the trusted-firmware-m Build_the_StarterApp_M33TD_CM33_trusted-firmware-m_project

• Build the NonSecure project Build_the_StarterApp_M33TD_CM33_NonSecure_project

• Flash the new binaries Populate_board_with_the_created_project

5.3.2. Create the TF-M debug configuration[edit | edit source]

Select StarterApp_M33TD_CM33_trusted-firmware-m project and right click to get Debug As > Debug configurations. Double click STM32 C/C++ Application and edit debug configuration:

• Rename it with _tfm at the end of the name
• InMain tabulation:
  • Search Project and select tfm_s.elf.
• InDebugger tabulation:
  • Load Mode and select thru JTAG/SWD link (Engineering mode).
• In Startup tabulation:
  • Disable Resume.
  • Remove monitor halt & monitor reset
  • Select the Load Image and Symbols element click Edit and disable Download.

Warning

Click on "Expand", visible on the right side of the page, to view Without Disabling Cache.

Without disabling the cache, you will be limited and will have to use hardware breakpoints (limited to 8). To allow the Hardware breakpoint, it will be necessary to modify two fields in the debug configuration.

• InDebugger tabulation:
  • In Openocd Options, add -bc "gdb_breakpoint_override hard"
    
• In Startup tabulation:
  • In Initialization Commands , add monitor gdb_breakpoint_override hard

Warning

Click on "Expand", visible on the right side of the page, to view STM32MP21 Warnings.

Configuration file error

If you run the debug on STM32MP21, you will encounter an error. This is due to an error in the generated cfg file.

Select StarterApp_M33TD_CM33_trusted-firmware-m project and right click to get Debug As > Debug configurations....

• Click on the configuration that you created.
• In Debugger tabulation:
  • In configuration Script area, select User Defined and point to your updated cfg file created during the chapter Debug_bl2

Debugger starting issue

On STM32MP21, a limitation prevent to make the debug start up in STM32CubeIDE, this should be done in two terminals.

• To get the command to run in the first one, you need to go in the debug configuration that you created previously.

Select StarterApp_M33TD_CM33_trusted-firmware-m project and right click to get Debug As > Debug configurations....

• Click on the configuration created previously, by default it should be StarterApp_M33TD_CM33_trusted-firmware-m config_default
• In Debugger tabulation:
  • In GDB Server Command Line Options: Click on Show Command Line.
  • Then Copy & Close

• Open two shell command line on your Linux Host.
  • In the first one, paste the command and hit enter to run it.
  • In the second one, type:

telnet localhost 4444

Once the connection is done, type:

targets
STM32MP215FANx.m33 arp_examine

Once it is done, you can go back to STM32CubeIDE.

Apply and Debug.

Information

Each time you want to debug the TF-M, you should first debug the BL2 to pass the __WFI(); in the code. This Waiting for Interrupt is there to help to debug the BL2, but it can be commented for being able to load the TF-M directly. Go inside /StarterApp_M33TD_CM33_trusted-firmware-m/trusted-firmware-m/platform/ext/target/stm/common/stm32mp2xx/bl2/boot_hal.c In int stm32mp2_init_debug(void), replace __WFI(); with // __WFI(); Rebuild everything Flash the new binaries.

5.4. Debug StarterApp_M33TD_CM33_NonSecure[edit | edit source]

Information

Example of a way to control entry point of the CM33 Non Secure debug session. Comment the waiting point (while) that we added in Debug_TF-M_secure and instead edit StarterApp_M33TD_CM33_NonSecure/Application/User/Core/Src/main.c: In the function main, replace: #ifdef DEBUG with #ifndef DEBUG Build the updated project Build_updated_project Flash the new binaries Populate_board_with_the_created_project The debug session starts inside this debug loop. In variable tab, you can modify the value of “debug” to 0 to unlock the loop and then it become possible to step into TF-M initialization code.

SelectStarterApp_M33TD_CM33_NonSecure project and right click to get Debug As > Debug configurations. Double click STM32 C/C++ Application and edit debug configuration:

• In main tabulation, Search Project and select StarterApp_M33TD_CM33_NonSecure.elf.
• In Debugger tabulation, Load Mode and select thru JTAG/SWD link (Engineering mode).
  • In configuration Script select User Defined and point to your updated cfg
• In Startup tabulation:
  • Disable Resume.
  • Remove monitor halt & monitor reset
  • Select the Load Image and Symbols element click Edit and disable Download.

Warning

Click on "Expand", visible on the right side of the page, to view Without Disabling Cache.

If you kept the cache when following Disabling_Cache, you will be limited and will have to use hardware breakpoints (limited to 8).
To allow the Hardware breakpoint, it will be necessary to modify two fields in the debug configuration.

• InDebugger tabulation:
  • In Openocd Options, add -bc "gdb_breakpoint_override hard"
    
• In Startup tabulation:
  • In Initialization Commands , add monitor gdb_breakpoint_override hard

Warning

Click on "Expand", visible on the right side of the page, to view STM32MP21 Warnings.

Configuration file error

If you run the debug on STM32MP21, you will encounter an error. This is due to an error in the generated cfg file.

Select StarterApp_M33TD_CM33_trusted-firmware-m project and right click to get Debug As > Debug configurations....

• Click on the configuration that you created.
• In Debugger tabulation:
  • In configuration Script area, select User Defined and point to your updated cfg file created during the chapter Debug_bl2

Debugger starting issue

On STM32MP21, a limitation prevent to make the debug start up in STM32CubeIDE, this should be done in two terminals.

• To get the command to run in the first one, you need to go in the debug configuration that you created previously.

Select StarterApp_M33TD_CM33_trusted-firmware-m project and right click to get Debug As > Debug configurations....

• Click on the configuration created previously, by default it should be StarterApp_M33TD_CM33_trusted-firmware-m config_default
• In Debugger tabulation:
  • In GDB Server Command Line Options: Click on Show Command Line.
  • Then Copy & Close

• Open two shell command line on your Linux Host.
  • In the first one, paste the command and hit enter to run it.
  • In the second one, type:

telnet localhost 4444

Once the connection is done, type:

targets
STM32MP215FANx.m33 arp_examine

Once it is done, you can go back to STM32CubeIDE.

Apply and Debug.

Information

Compiler Optimization settings If you encounter an issue when starting a debug session, always confirm that the compiler optimization is set to Debug. In Properties -> C/C++ Build -> Settings -> MCU GCC Compiler -> Debugging -> Debug level should be set at Maximum (-g3)