You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I’ve successfully built a Zephyr RTOS blinky application for the NUCLEO-H533RE board. Flashing the zephyr.hex using west flash or STM32CubeProgrammer works perfectly — the LED blinks and the serial terminal prints the expected status messages.
To enhance security, I’m now trying to encrypt and sign the firmware using STM32TrustedPackageCreator and provision the board using STiROT. I followed the STM32CubeH5 GitHub examples and used the STiROT_Code_Init_Image.xml file, modifying it to point to my zephyr.bin. Provisioning was successful, and the board state was set to PROVISIONED.
However, after flashing the generated zephyr_enc_sign.hex, the board does not blink, and the serial terminal remains silent — indicating the firmware is not executing.
Here’s what I’ve done:
Used STiROT/Image/STiROT_Code_Init_Image.xml and modified paths to point to zephyr.bin.
Generated the encrypted and signed image using STM32TrustedPackageCreator.
Successfully provisioned the board and set its final state to PROVISIONED.
During the process, I noticed this message:
Programming the option bytes and flashing the images...
Successful optional bytes programming and image flashing.
And finally the following message:
=====
===== The board is correctly configured.
===== Power off/on the board to start the application.
=====
Questions:
Has anyone here tried to secure a zephyr app using STiROT? If so how did you achieve, any changes to the board overlay with regards to memory mapping?
Is there a specific configuration or memory mapping required for Zephyr-based applications to work with STiROT?
Are there known limitations or adjustments needed when using Zephyr RTOS with STiROT provisioning?
In short, I am working on Secure Boot and I know zephyr supports TF-M. I haven't explored TF-M yet and that would be my next step to play around with. However, I am wondering if anyone here have tried to achieve secure boot with STiROT.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello Zephyr Community,
I’ve successfully built a Zephyr RTOS blinky application for the NUCLEO-H533RE board. Flashing the zephyr.hex using west flash or STM32CubeProgrammer works perfectly — the LED blinks and the serial terminal prints the expected status messages.
To enhance security, I’m now trying to encrypt and sign the firmware using STM32TrustedPackageCreator and provision the board using STiROT. I followed the STM32CubeH5 GitHub examples and used the STiROT_Code_Init_Image.xml file, modifying it to point to my zephyr.bin. Provisioning was successful, and the board state was set to PROVISIONED.
However, after flashing the generated zephyr_enc_sign.hex, the board does not blink, and the serial terminal remains silent — indicating the firmware is not executing.
Here’s what I’ve done:
Used STiROT/Image/STiROT_Code_Init_Image.xml and modified paths to point to zephyr.bin.
Generated the encrypted and signed image using STM32TrustedPackageCreator.
Successfully provisioned the board and set its final state to PROVISIONED.
During the process, I noticed this message:
And finally the following message:
Questions:
In short, I am working on Secure Boot and I know zephyr supports TF-M. I haven't explored TF-M yet and that would be my next step to play around with. However, I am wondering if anyone here have tried to achieve secure boot with STiROT.
Beta Was this translation helpful? Give feedback.
All reactions