Home > Workshops >

Secure and Non-Secure application co-existence using TrustZone security technology

Bob Waskeiwicz - Tim Nakonsut - STMicroelectronics - Watch Now

This 2-hour hands-on workshop will use the STMicroelectronics NUCLEO-L552ZE-Q board to configure and activate the Cortex-M33 TrustZone to secure an application. A Blinky application will be used to demonstrate how the STM32L5 TrustZone can secure the peripherals and memory. The workshop will be divided into approximately 20-minute segments alternating between lecture and hands-on. The STM32CubeMX configuration tool will be used to configure the STM32L5 device and to generate the Blinky LED application code for secure and non-secure applications. No source code compiler or IDE is required as the pre-complied binaries will be provided. The STM32cube Programmer tool and the embedded STLINK/V3 will be used to load the binaries into the STM32L5 device.

Workshop Agenda (may change prior to event)

1.Overview of the STM32L5 and Cortex M33 Device
Hands-On: Configure and download a non-secure Blinky application

2. Overview of the TrustZone
Hands-On: Configure and download a secure Blinky application

3. Review the secure and Non-Secure application co-existence using TrustZone
Hands-On: Add the non-secure Blinky application to the trusted application.

4. Review the trustZone Faults and Regression
Hands-On: Change the non-secure Blinky application to attempt access to the secure LED.
Hands-On: Turnoff and mass erase the STM32L5 TrustZone.

The materials for this workshop can be downloaded at:

https://www.dropbox.com/sh/9r810zc8pjxg83e/AADBTOrcSGIJX43auwkT_ziya?dl=0

M↓ MARKDOWN HELP
italicssurround text with
*asterisks*
boldsurround text with
**two asterisks**
hyperlink
[hyperlink](https://example.com)
or just a bare URL
code
surround text with
`backticks`
strikethroughsurround text with
~~two tilde characters~~
quote
prefix with
>

Cesar_Santos
Score: 0 | 4 months ago | no reply

Excellent presentation!!! That gave an idea on how chips are a fundamental part of a system security, and how ST L5 is doing this.
As a question, I would like to quote one of you comments during minute 04 of this presentation, in which you mention there are 03 types of attacks: "physical attack on a chip, board layer attack to an assembly AND remote hack through a port into a device".
Most materials and information over the internet cover topics 01 and 03, but haven't heard of "board layer attack to an assembly" until now. Do you have any reference about this, so I can start reading more on such subject? Thanks in advance.

Bruce_Lueckenhoff
Score: 0 | 5 months ago | no reply

Kindly disregard the message below -- I recovered it myself using method #2 (jumpering Boot0 to VDD)


Help! -- STM32CubeProgrammer gets into a state where it cannot connect to the board!

Please advise how to unbrick/unlock this board.

Trying to follow the un-setting the TZEN directions at about 1:48:30 time mark,
Have the board powered from USB-C, set the readout protection from AA to DC
But now the STM32CubeProgrammer cannot connect. Get 2 Dialog boxes:

1) Error: initializing the OptionBytes Failed
2) Error: Uploading OptionBytes bank: 0 Failed

Verbose level 3 Log follows:

11:27:53:399 : STLinkUSBDriver.dll loaded 11:27:53:402 : STLinkUSBDriver.dll loaded 11:27:53:403 : ST-LINK SN : 0668FF353638425043085636 11:27:53:403 : ST-LINK FW : V2J34M25 11:27:53:404 : Voltage : 3.29V 11:27:53:409 : SWD freq : 4000 KHz 11:27:53:411 : Connect mode: Hot Plug 11:27:53:411 : Reset mode : Software reset 11:27:53:548 : Device ID : 0x472 11:27:53:795 : Reading data... 11:27:53:796 : r ap 0 @0x40022040 0x00000004 bytes 11:27:53:796 : Reading data... 11:27:53:798 : r ap 0 @0x40022040 0x00000004 bytes 11:27:53:799 : Reading data... 11:27:53:799 : r ap 0 @0x0BFA05E0 0x00000004 bytes 11:27:53:800 : Reading data... 11:27:53:801 : r ap 0 @0x40022040 0x00000004 bytes 11:27:53:801 : Reading data... 11:27:53:803 : r ap 0 @0x40022040 0x00000004 bytes 11:27:53:803 : Reading data... 11:27:53:806 : r ap 0 @0x40022040 0x00000004 bytes 11:27:53:806 : Reading data... 11:27:53:808 : r ap 0 @0x40022040 0x00000004 bytes 11:27:53:808 : Reading data... 11:27:53:810 : r ap 0 @0x40022040 0x00000004 bytes 11:27:53:810 : Reading data... 11:27:53:813 : r ap 0 @0x40022040 0x00000004 bytes 11:27:53:813 : Reading data... 11:27:53:815 : r ap 0 @0x40022040 0x00000004 bytes 11:27:53:815 : Reading data... 11:27:53:815 : r ap 0 @0x40022040 0x00000004 bytes 11:27:53:815 : Reading data... 11:27:53:815 : r ap 0 @0x40022040 0x00000004 bytes 11:27:53:817 : Database: Config 0 is active. 11:27:53:819 : flash loader /Applications/STMicroelectronics/STM32Cube/STM32CubeProgrammer/STM32CubeProgrammer.app/Contents/MacOs/bin/FlashLoader/0x472.stldr is loaded 11:27:53:819 : Reading data... 11:27:53:820 : r ap 0 @0x0BFA05E0 0x00000004 bytes 11:27:53:821 : failed to read the requested memory content 11:27:54:050 : UPLOADING OPTION BYTES DATA ... 11:27:54:050 : Bank : 0x00 11:27:54:050 : Address : 0x40022040 11:27:54:050 : Size : 32 Bytes 11:27:54:051 : Reading data... 11:27:54:051 : r ap 0 @0x40022040 0x00000020 bytes 11:27:54:051 : Error: Uploading Option Bytes bank: 0 failed 11:27:54:115 : Error: Initializing the Option Bytes failed 11:27:54:164 : Disconnected from device.

Bruce_Lueckenhoff
Score: 0 | 5 months ago | 2 replies

as of 10:05 Eastern 5/21/2020, I get an error playing the video:

Sorry
This video does not exist.

wbstvnsn
Score: 0 | 5 months ago | 1 reply

Hey, Bruce. I wasn't able to attend the workshop this morning and got the same result you did when I came here. If you registered for the workshop and received a confirmation email, click on the GoToWebinar register link, fill in your info (if it's not already there), hit the 'Register' button and it will take you to the recording (I discovered this by accident).

If you don't have a confirmation email, here's the link:
https://attendee.gotowebinar.com/register/997093625781687308
Good luck!

Bruce_Lueckenhoff
Score: 0 | 5 months ago | no reply

Thanks, that worked great

Stephane.Boucher
Score: 1 | 5 months ago | no reply

It should work fine now - took longer than anticipated to upload.

OUR SPONSORS