Menu
▾
▴
#132 Disabling Trustzone on STM32L5
I'm trying to disable trustzone on a STM32L5 device.
See OPTR register at p227 of the reference manual (https://www.st.com/resource/en/reference_manual/dm00346336-stm32l552xx-and-stm32l562xx-advanced-arm-based-32-bit-mcus-stmicroelectronics.pdf)
I'm following those steps:
1 read the option bytes, TZ is 1 and RDP is at level 0 (0xAA)
2 set the RDP to 0x55 (because TZ regression requires simultaneous RDP regression)
3 write option bytes
4 reset in DFU (boot0 pin) and read option bytes again, RDP is 0x55 as expected
5 set RDP to 0xAA and TZ to 0
6 write option bytes
7 device seems to go in some failure mode with dfu enumeration failing
8 reset in DFU read option bytes back as they were at step 5
$ ./dfu-util -l
dfu-util 0.11
Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2021 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY
Please report bugs to http://sourceforge.net/p/dfu-util/tickets/
Found DFU: [0483:df11] ver=0200, devnum=69, cfg=1, intf=0, path="1-1.1.4.2", alt=2, name="@OTP Memory /0x0BFA0000/01*512 e", serial="203933685230"
Found DFU: [0483:df11] ver=0200, devnum=69, cfg=1, intf=0, path="1-1.1.4.2", alt=1, name="@Option Bytes /0x40022040/01*48 e", serial="203933685230"
Found DFU: [0483:df11] ver=0200, devnum=69, cfg=1, intf=0, path="1-1.1.4.2", alt=0, name="@Internal Flash /0x08000000/256*02Kg", serial="203933685230"
$ rm optr;./dfu-util -v -a 1 -s 0x40022040 -U optr && xxd optr
dfu-util 0.11
Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2021 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY
Please report bugs to http://sourceforge.net/p/dfu-util/tickets/
libusb version 1.0.24 (11584)
Opening DFU capable USB device...
Device ID 0483:df11
Device DFU version 011a
DFU attributes: (0x0b) bitCanDnload bitCanUpload bitWillDetach
Detach timeout 255 ms
Claiming USB DFU Interface...
Setting Alternate Interface #1 ...
Determining device status...
DFU state(2) = dfuIDLE, status(0) = No error condition is present
DFU mode device DFU version 011a
Device returned transfer size 1024
DfuSe interface name: "Option Bytes "
dfu-util: Non-valid multiplier ' ', assuming bytes
Memory segment at 0x40022040 1 x 48 = 48 (rw)
Limiting upload to end of memory segment, 48 bytes
Upload [=========================] 100% 48 bytes
Upload done.
00000000: aaf8 efff 7f00 0008 7f00 f90b 7c00 000c ............|...
00000010: 80ff bfff 807f 807f ffff 80ff ffff 80ff ................
00000020: 81ff 80ff 807f 807f ffff 80ff ffff 80ff ................
$ xxd optr && ./dfu-util -v -a 1 -s 0x40022040:will-reset -D optr
00000000: 55f8 efff 7f00 0008 7f00 f90b 7c00 000c U...........|...
00000010: 80ff bfff 807f 807f ffff 80ff ffff 80ff ................
00000020: 81ff 80ff 807f 807f ffff 80ff ffff 80ff ................
dfu-util 0.11
Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2021 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY
Please report bugs to http://sourceforge.net/p/dfu-util/tickets/
libusb version 1.0.24 (11584)
dfu-util: Warning: Invalid DFU suffix signature
dfu-util: A valid DFU suffix will be required in a future dfu-util release
Opening DFU capable USB device...
Device ID 0483:df11
Device DFU version 011a
DFU attributes: (0x0b) bitCanDnload bitCanUpload bitWillDetach
Detach timeout 255 ms
Claiming USB DFU Interface...
Setting Alternate Interface #1 ...
Determining device status...
DFU state(2) = dfuIDLE, status(0) = No error condition is present
DFU mode device DFU version 011a
Device returned transfer size 1024
DfuSe interface name: "Option Bytes "
dfu-util: Non-valid multiplier ' ', assuming bytes
Memory segment at 0x40022040 1 x 48 = 48 (rw)
Downloading element to address = 0x40022040, size = 48
Download from image offset 00000000 to memory 40022040-4002206f, size 48
dfu-util: Error during download get_status
$ ./dfu-util -l
dfu-util 0.11
Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2021 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY
Please report bugs to http://sourceforge.net/p/dfu-util/tickets/
$ ./dfu-util -l
dfu-util 0.11
Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2021 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY
Please report bugs to http://sourceforge.net/p/dfu-util/tickets/
Found DFU: [0483:df11] ver=0200, devnum=72, cfg=1, intf=0, path="1-1.1.4.2", alt=2, name="@OTP Memory /0x0BFA0000/01*512 e", serial="203933685230"
Found DFU: [0483:df11] ver=0200, devnum=72, cfg=1, intf=0, path="1-1.1.4.2", alt=1, name="@Option Bytes /0x40022040/01*48 e", serial="203933685230"
Found DFU: [0483:df11] ver=0200, devnum=72, cfg=1, intf=0, path="1-1.1.4.2", alt=0, name="@Internal Flash /0x08000000/256*02Kg", serial="203933685230"
$ rm optr;./dfu-util -v -a 1 -s 0x40022040 -U optr && xxd optr
dfu-util 0.11
Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2021 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY
Please report bugs to http://sourceforge.net/p/dfu-util/tickets/
libusb version 1.0.24 (11584)
Opening DFU capable USB device...
Device ID 0483:df11
Device DFU version 011a
DFU attributes: (0x0b) bitCanDnload bitCanUpload bitWillDetach
Detach timeout 255 ms
Claiming USB DFU Interface...
Setting Alternate Interface #1 ...
Determining device status...
DFU state(2) = dfuIDLE, status(0) = No error condition is present
DFU mode device DFU version 011a
Device returned transfer size 1024
DfuSe interface name: "Option Bytes "
dfu-util: Non-valid multiplier ' ', assuming bytes
Memory segment at 0x40022040 1 x 48 = 48 (rw)
Limiting upload to end of memory segment, 48 bytes
Upload [=========================] 100% 48 bytes
Upload done.
00000000: 55f8 efff 7f00 0008 7f00 f90b 0000 0000 U...............
00000010: 0000 0000 0000 0000 ffff 80ff ffff 80ff ................
00000020: 0000 0000 0000 0000 ffff 80ff ffff 80ff ................
$ xxd optr && ./dfu-util -v -a 1 -s 0x40022040:will-reset -D optr
00000000: aaf8 ef7f 7f00 0008 7f00 f90b 0000 0000 ................
00000010: 0000 0000 0000 0000 ffff 80ff ffff 80ff ................
00000020: 0000 0000 0000 0000 ffff 80ff ffff 80ff ................
dfu-util 0.11
Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2021 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY
Please report bugs to http://sourceforge.net/p/dfu-util/tickets/
libusb version 1.0.24 (11584)
dfu-util: Warning: Invalid DFU suffix signature
dfu-util: A valid DFU suffix will be required in a future dfu-util release
Opening DFU capable USB device...
Device ID 0483:df11
Device DFU version 011a
DFU attributes: (0x0b) bitCanDnload bitCanUpload bitWillDetach
Detach timeout 255 ms
Claiming USB DFU Interface...
Setting Alternate Interface #1 ...
Determining device status...
DFU state(2) = dfuIDLE, status(0) = No error condition is present
DFU mode device DFU version 011a
Device returned transfer size 1024
DfuSe interface name: "Option Bytes "
dfu-util: Non-valid multiplier ' ', assuming bytes
Memory segment at 0x40022040 1 x 48 = 48 (rw)
Downloading element to address = 0x40022040, size = 48
Download from image offset 00000000 to memory 40022040-4002206f, size 48
dfu-util: Error during download get_status
$ ./dfu-util -l
dfu-util 0.11
Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2021 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY
Please report bugs to http://sourceforge.net/p/dfu-util/tickets/
dfu-util: Failed to retrieve language identifiers
dfu-util: Failed to retrieve language identifiers
dfu-util: Failed to retrieve language identifiers
dfu-util: Failed to retrieve language identifiers
dfu-util: Failed to retrieve language identifiers
dfu-util: Failed to retrieve language identifiers
Found DFU: [0483:df11] ver=0200, devnum=72, cfg=1, intf=0, path="1-1.1.4.2", alt=2, name="UNKNOWN", serial="UNKNOWN"
Found DFU: [0483:df11] ver=0200, devnum=72, cfg=1, intf=0, path="1-1.1.4.2", alt=1, name="UNKNOWN", serial="UNKNOWN"
Found DFU: [0483:df11] ver=0200, devnum=72, cfg=1, intf=0, path="1-1.1.4.2", alt=0, name="UNKNOWN", serial="UNKNOWN"
$ rm optr;./dfu-util -v -a 1 -s 0x40022040 -U optr && xxd optr
dfu-util 0.11
Copyright 2005-2009 Weston Schmidt, Harald Welte and OpenMoko Inc.
Copyright 2010-2021 Tormod Volden and Stefan Schmidt
This program is Free Software and has ABSOLUTELY NO WARRANTY
Please report bugs to http://sourceforge.net/p/dfu-util/tickets/
libusb version 1.0.24 (11584)
Opening DFU capable USB device...
Device ID 0483:df11
Device DFU version 011a
DFU attributes: (0x0b) bitCanDnload bitCanUpload bitWillDetach
Detach timeout 255 ms
Claiming USB DFU Interface...
Setting Alternate Interface #1 ...
Determining device status...
DFU state(2) = dfuIDLE, status(0) = No error condition is present
DFU mode device DFU version 011a
Device returned transfer size 1024
DfuSe interface name: "Option Bytes "
dfu-util: Non-valid multiplier ' ', assuming bytes
Memory segment at 0x40022040 1 x 48 = 48 (rw)
Limiting upload to end of memory segment, 48 bytes
Upload [=========================] 100% 48 bytes
Upload done.
00000000: 55f8 efff 7f00 0008 7f00 f90b 0000 0000 U...............
00000010: 0000 0000 0000 0000 ffff 80ff ffff 80ff ................
00000020: 0000 0000 0000 0000 ffff 80ff ffff 80ff ................
Any help would be appreciated.
Thanks!
Discussion
Anonymous
