 Bonjour et bienvenue à cette vidéo STM32 Tips. Aujourd'hui, j'aimerais que vous jouez ensemble avec le STM32 L5 TruZone et l'HDP et j'aimerais que vous l'avez dans une bonne façon. Le premier rappel sur TruZone et l'HDP. La seule problématique que j'adresse dans ce slide est la connexion. Vous avez 4 niveaux de l'HDP quand vous avez l'activité TruZone. L'HDP niveau 0, c'est à dire que vous pouvez toujours connecter. L'HDP niveau 2, c'est à dire que vous pouvez connecter à tous vos targets. Mais dans l'HDP 0.5 ou l'HDP 1, vous pouvez connecter pour sûr, mais seulement quand la connexion est dans le state non-sécur. C'est à dire que quand la connexion est en train d'avoir des codes dans l'application non-sécur. La conséquence est que si vous voulez connecter dans l'HDP 0.5 ou 1, vous devez s'assurer que la connexion soit exécutée dans l'application non-sécur. Donc, ce qui se passe, en fait, si je n'ai pas de l'application sur mon target ou si ça a été errorée par l'erreur, je vais briser mon dispositif. En fait, l'answer est dans la connexion que vous pouvez voir en CUBE Programmeur quand vous essayez d'activer l'HDP. La première, donnez-vous la solution. Nous strongly recommandons que vous gardez en software boot T0 check afin d'être capable d'appliquer le manuel boot address de Flash à RSS en utilisant l'external boot T0 European. C'était ce mécanisme que nous allons expérimenter ensemble. Après, vous avez une seconde warning. Votre dispositif peut être perdu pour toujours. Et parfois, il vous fréquentera et vous n'activerez pas et vous n'exprimez pas tout. C'est pourquoi je fais cette vidéo. Alors, let's see how we can activate the RSS on what is the RSS. In fact, RSS is some code that is inside the system Flash. And it's a task that will allocate resources Flash and SRAM to non-secure and then load the embedded boot loader which is a non-secure code. That mean when the embedded boot loader is running the core is in non-secure state. That mean we manage to connect. How we can activate the root security system The information is in the reference manual but I can sum up it for you. At the reset, the system test the boot log bit option byte. If this one is set to zero you will test another option byte which name is nsoftware boot T0. Depending on the value then you will test the boot T0 pin or the nboot T0 bit which is another option byte. And then depending on the value you will boot to the sec boot address which is an address in Flash or RSS, the root security system. So if you want to play with ADP and draw zone if you can ensure this pass is available on your target you can always activate the boot T0 pin, the root security system and ensure the core is in the non-secure state and you will be able to connect. So what is the full checklist to do before trying to activate the ADP? First check the RSS bootloader version I give you the address it's also in the reference manual this RSS bootloader version should not be D0. If you've got D0 that means you don't have a full RSS mechanism so please take care. Then check the option byte config we already discussed boot log bit should not be set while the nsoftware boot T0 bit should be set. Then you should ensure that on your target you manage to access the boot T0 pin. So on the nuclear it's quite simple it's a connector 11 pin 7. For the developing kit please have a look in the user manual of the board it's well explained but a little bit tricky frankly speaking. Let's switch to our target. First let's check the RSS bootloader version so always this address size 1 and I'm connect to my target. Version of my RSS is 19 no problem it's not D0 so the version is okay. Let's switch to the option byte. Here we can see that the truss zone is not activated I know it because all the security option byte are not here. So first I will activate my truss zone. As you can see now we've got some secure areas so truss zone is well activated. Let's check now the boot log bit and the nsoftware boot T0. It was in the user configuration at the bottom we've got boot log. This one is not checked. Perfect. Then the nsoftware boot T0 is checked. That means we detect boot T0 from the boot T0 pin. Connection is okay. Now I propose to eras my chip. That means I have nothing in the flash. That means when you will boot there is no code. So the code will be in the secure state. And I will activate ADP 0.5. This first running I already told you about. Are you sure your device may be lost forever? Okay let's do it. Option byte fail now. Can't upload because in fact it can't manage to reconnect. If I try to connect again as you can see it's not possible. The code is in secure state. My ADP level is 0.5 so I can't connect. I need to activate now the RSS. To do this I just need to put the boot T0 pin to level 1. How I can do this? I will do a short connection short cut on the connector 11 between the pin 5 and the pin 7. One is my boot T0 pin pin 5 is VDD. If I press reset you can see the both led switch on. That means we are in the RSS or the embedded boot loader precisely. So now I will manage to connect for sure. Let's check this. If I press connect Yes, everything is working fine. Now I can do a regression to the level 0 and at the same time and this is the only way to do it I can deactivate TREZONE because to deactivate TREZONE you need to do a regression from ADP0.5 or ADP1 to ADP0 and I apply. That's it. We manage to recover our board. So what we have seen together we know how to play now with STM32 TREZONE and ADP level and do it safely. We know how to remove TREZONE configuration now. So I hope it helps you to feel confident to play with all our security mechanism. Thanks for your attention.