 HDP Activation HDP stands for High Protect It's also called Secure Mem And in fact We will activate it together Do you remember what is our artworks, the High Protect It will add a new level of isolation of the TFM SBSFU Because when the SBSFU has finished its execution and before launching the TFM AP Secure it will rise a flag inside a register which will make it disappear That means once it's executed then it can't be accessed anymore by the code or by the system it can't be seen And it's what I propose we experiment together right now The scenario, in fact we will activate and configure the HDP The activation will be a code flag and the configuration will be to the set of the option byte Then we will check the debug configuration that after the execution of the TFM SBSFU we can see it from the TFM AP Secure or the TFM AP Non Secure So, first we need to activate it in the code So we will open the boot underscore hl underscore cfg.h file, so it was in the SBSFU And we will uncomment the TFM HDP Protect Enable flag Then we will recompile the SBSFU boot and we will flash this binary The next step will be to activate the hide protect at the option byte level So first we've got a flag to activate it so HDP 1 Enable and we have to set the size of this region and in fact it will be the hdp underscore pn flag And it's done, send the script step 7 Let's configure this first So, if I come back in the TFM SBSFU boot Now I will go in the Include Here you've got many many files and what is interesting us is the last one TFM SBSFU boot Inc Here you can find the boot hl cfg.h Ok So, I click on it If I put it in the full screen Then go on the line 41 And please uncomment TFM HDP Protect Enable The next step is to save the file Quite important because by default it won't be down by cube ID So please remember to save it Ok So, that's it to activate this functionality on the TFM SBSFU boot We just need to select now the project and then click on build again Let's wait this build is completion It's ok So, the next step will be to change my updated version of the SBSFU I just double click on it and then I have to activate the option byte linked to the HDP because if I only use it I would just write the flag but the functionality is not activated at option byte level it won't works So, don't forget to do the step 7 configure HDP You can see a reset have been triggered probably thanks to this connection that is done in the script So, everything is fine Now let's check with the debugger that this SBSFU is isolated So, to do this we will debug again the SBSFU boot so it will launch the previous configuration and then we will try to check the memory content at the address C00100 This is the location of the SBSFU you can check it where we flash this binary and let's see together So, I come back to cube ID So, now I will debug and this time it will automatically launch the configuration we have created together just before So, it won't flash the SBSFU it will only I will say launch the debugging session to debug perspective and we are stopped in the CFM SBSFU you can see here the location of the PC we are going A3FE but here in the memory I would like to check this address OX0C001 and in fact this is where we flash our SBSFU the code is behind this and you can also check this and you will be in the same location so, here I can see this memory if I press just resume it will stop you remember in the secure application because it was a breakpoint we set together and as you can see now this portion of the flash can't be seen anymore c'est vraiment ce que nous voulons faire c'est une isolation mais c'est aussi pour l'exécution point de vue si vous avez des informations à partager entre SBSFU et la application secure il devrait être préparé par la boot secure dans un ram qui est protégé et puis il peut être partagé avec la application CFM et c'est comme ça qu'on peut partager des informations entre ces deux blocs donc, encore une fois, je vais arrêter la débugging session et retourner à ma présentation donc après l'expérimentation la CFM SBSFU fonctionnalité, la compilation debug ici on voit juste comment activer cette fonctionnalité et aussi l'expérimentation c'est assez rapide mais assez simple mais c'est vraiment la cause de cette isolation maintenant la prochaine possible c'est d'activer l'adp0.5, ça veut dire la capacité de connecter seulement quand vous êtes dans le mode non-sécur ça veut dire que vous pouvez débugger seulement l'application non-sécur encore si vous arrêtez ici, s'il vous plaît, s'il vous plaît