 Hello, and welcome to this presentation describing the various boot configurations of the STM32L5. The STM32L5 offers multiple boot options according to trust zone activation. When trust zone is disabled by setting TZEN to 0, the Cortex M33 core can boot from either the user image present in the internal memory or the system bootloader, which downloads the user image from a serial interface. When trust zone is enabled by setting TZEN to 1, the Cortex M33 core can boot from either the user image present in secure internal memory or the RSS. RSS is the secure part of the secure bootloader, in charge of user image decryption amongst other things. Unlike the Cortex M4, which always boot at address 0, the Cortex M33 samples inputs that determine the boot address. When trust zone is disabled, in it VTOR inputs are used, which receives an address programmed in option bytes. The state of the boot 0 pin selects either non-secure boot address 0 or non-secure boot address 1. When trust zone is enabled, in it VTOR's S inputs are used, which receives an address programmed in option bytes, or a fixed address when RSS is selected. The state of the boot 0 pin, or option bit N boot 0, selects which of the two addresses will be used. The state of the boot 0 pin selects which boot address is used on the condition that the NSW boot 0 option bit is equal to 1. When the NSW boot 0 option bit is equal to 0, the state of the boot 0 pin is ignored and replaced with the state of another option bit called N boot 0. In this case, the port H3 pin, which supports the boot 0 functionality, becomes a general purpose IO. This slide details the boot configuration when trust zone is disabled. The microcontroller boots in non-secure mode. The readout protection can be set to levels 0, 1, or 2. The boot address is programmable through non-secure option bytes. The boot program can be mapped anywhere in the internal memories, flash or SRAM. The boot loader has a unique entry point in system flash, which is the default value of NSBoot ADD1. This slide details the boot configuration when trust zone is enabled. The microcontroller boots in secure mode, and the boot space must be located in secure area. The readout protection can be set to levels 0, 0.5, 1, or 2. The boot address is programmable through secure option bytes. The boot program can be mapped anywhere in the internal secure memories, flash or SRAM. The RSS has a unique entry point in system flash. RSS CMDR is a register defined in the sysconf module. It is used to pass a command to be executed by the RSS. When the value in this register is non-null, the MCU will boot on RSS at the next system reset, knowing that this register is only reset by a power on reset. Therefore, the RSS CMDR register enables a boot loader to call RSS after applying a warm reset to the microcontroller. This can be done by an in application programming boot loader, or a JTAG, or serial wire boot loader. Boot lock is an option bit that guarantees a unique boot entry when it is set. When boot lock is set, system boots systematically on address set in secure boot address 0 option bytes. This address cannot be modified. Boot lock can be set without any constraint. It is not possible to deactivate the boot lock option bit. Boot lock has the precedence over other boot configuration selection features. RSS CMDR boot 0 pin and end boot 0 option bit. This table summarizes the boot options when trust zone is disabled. When the NSW boot 0 option bit is equal to 1, the boot address depends on the state of the boot 0 pin. Whether NS boot ADD 0 pointing to user image entry point in an internal memory, or NS boot ADD 1, which is by default the entry point of the system boot loader. When the NSW boot 0 option bit is equal to 0, the option bit end boot 0 replaces the boot 0 pin state. This table summarizes the boot options when trust zone is enabled. The center of the table is similar to the table on the previous slide, except that NS boot ADD 0 is replaced with SEC boot ADD 0 and NS boot ADD 1 is replaced with the fixed address of the RSS. The two additional columns, boot lock and RSS CMDR, are specific to secure boot. When boot lock is set to 1, the boot address is unique and defined in SEC boot ADD 0, whatever the other parameters. When RSS CMDR is non-null and boot lock is set to 0, boot in RSS is performed. The boot configuration module has relationships with the following other module. Memory protection, system configuration.