 Hello and welcome to this presentation describing the various boot configurations of the STM32L5. The STM32L5 offers multiple boot options according to trust zone activation. When trust zone is disabled by setting TZEN to 0, the Cortex M33 core can boot from either the user image present in the internal memory or the system bootloader, which downloads the user image from a serial interface. When trust zone is enabled by setting TZEN to 1, the Cortex M33 core can boot from either the user image present in secure internal memory or the RSS. RSS is the secure part of the secure bootloader, in charge of user image decryption amongst other things. Unlike the Cortex M4, which always boot at address 0, the Cortex M33 samples inputs that determine the boot address. When trust zone is disabled, init vtor inputs are used, which receives an address programmed in option bytes. The state of the boot 0 pin selects either non-secure boot address 0 or non-secure boot address 1. When trust zone is enabled, init vtors s inputs are used, which receives an address programmed in option bytes or a fixed address when RSS is selected. The state of the boot 0 pin, or option bit n boot 0, selects which of the two addresses will be used. The state of the boot 0 pin selects which boot address is used on the condition that the n sw boot 0 option bit is equal to 1. When the n sw boot 0 option bit is equal to 0, the state of the boot 0 pin is ignored and replaced with the state of another option bit called n boot 0. In this case, the port h3 pin, which supports the boot 0 functionality, becomes a general purpose IO. This slide details the boot configuration when trust zone is disabled. The microcontroller boots in non-secure mode. The readout protection can be set to levels 0, 1, or 2. The boot address is programmable through non-secure option bytes. The boot program can be mapped anywhere in the internal memories, flash or SRAM. The bootloader has a unique entry point in system flash, which is the default value of ns boot ADD1. This slide details the boot configuration when trust zone is enabled. The microcontroller boots in secure mode and the boot space must be located in secure area. The readout protection can be set to levels 0, 0.5, 1, or 2. The boot address is programmable through secure option bytes. The boot program can be mapped anywhere in the internal secure memories, flash or SRAM. The RSS has a unique entry point in system flash. RSS CMDR is a register defined in the sysconf module. It is used to pass a command to be executed by the RSS. When the value in this register is non-null, the MCU will boot on RSS at the next system reset, knowing that this register is only reset by a power-on reset. Therefore, the RSS CMDR register enables a bootloader to call RSS after applying a warm reset to the microcontroller. This can be done by an in application programming bootloader or a JTAG or serial wire bootloader. Bootlock is an option bit that guarantees a unique boot entry when it is set. When bootlock is set, system boots systematically on address set in secure boot address 0 option bytes. This address cannot be modified. Bootlock can be set without any constraint. It is not possible to deactivate the bootlock option bit. Bootlock has the precedence over other boot configuration selection features. RSS CMDR, boot zero pin and end boot zero option bit. This table summarizes the boot options when trust zone is disabled. When the NSW boot zero option bit is equal to one, the boot address depends on the state of the boot zero pin. Either NS boot ADD zero pointing to user image entry point in an internal memory or NS boot ADD one which is by default the entry point of the system bootloader. When the NSW boot zero option bit is equal to zero, the option bit end boot zero replaces the boot zero pin state. This table summarizes the boot options when trust zone is enabled. The center of the table is similar to the table on the previous slide except that NS boot ADD zero is replaced with SEC boot ADD zero and NS boot ADD one is replaced with the fixed address of the RSS. The two additional columns bootlock and RSS CMDR are specific to secure boot. When bootlock is set to one, the boot address is unique and defined in SEC boot ADD zero, whatever the other parameters. When RSS CMDR is non-null and bootlock is set to zero, boot in RSS is performed. The boot configuration module has relationships with the following other module, memory protection, system configuration,