4. Boot modes
At startup, a BOOT0 pin and NSBOOTADD[31:8]/SECBOOTADD[31:8] option bytes are used to select the boot memory address that includes:
- • Boot from any address in user flash memory
- • Boot from system memory:
- – Bootloader
- – ST immutable root of trust (ST-iROT)
- – Root security service (RSS)
- – Debug authentication library (RSS-DA)
Embedded bootloader
The embedded bootloader is located in the system memory, programmed by ST during production. It is used to reprogram the flash memory by using USART, I2C, I3C, SPI, FDCAN, or USB_FS in device mode through the DFU (device firmware upgrade).
Refer to AN2606 “ STM32 microcontroller system memory boot mode ”.
Embedded root security services (RSS)
The embedded RSS are located in the secure information block, programmed by ST during production.
Refer to AN4992 “ Overview secure firmware install (SFI) ”.
Embedded immutable root of trust (ST-iROT)
The embedded ST-iROT in the system memory, is programmed by ST during production. ST-iROT is the immutable root of trust managing the secure boot and secure install of the first updatable level to execute in a boot sequence.
Refer to AN6007 “ Introduction to ST immutable Root of Trust (STiROT) for STM32H5 MCUs ”.
Embedded debug authentication (ST-DA)
The embedded ST-DA in the system memory, is programmed by ST during production. ST-DA is the library that manages the debug authentication protocol by allowing to securely reopen the debug or to launch regressions on secured products in the field.
Refer to AN6008 “ Introduction to Debug Authentication (DA) for STM32 MCUs ”.
4.1 STM32H523/62/63xx boot modes
Table 23 and Table 24 provide the detail of the boot mode when the TrustZone is, respectively, disabled (TZEN = 0xC3) and enabled (TZEN = 0xB4).
Table 23. Boot mode when TrustZone is disabled (TZEN = 0xC3) - STM32H523/62/63xx devices
| PRODUCT_STATE | BOOT0 pin | Boot address option-byte selection | Boot area | ST programmed default value |
|---|---|---|---|---|
| Open | 0 | NSBOOTADD[31:8] | Boot address defined by user option byte NSBOOTADD[31:8] | Flash: 0x0800 0000 |
| - | 1 | NA | Bootloader | Bootloader |
| Provisioning | x | NA | RSS | RSS |
| Provisioned, Closed, Locked | x | NSBOOTADD[31:8] | Boot address defined by user option byte NSBOOTADD[31:8] | Flash: 0x0800 0000 |
Table 24. Boot mode when TrustZone is enabled (TZEN = 0xB4) - STM32H523/62/63xx devices
| PRODUCT_STATE | BOOT0 pin | Boot address option-byte selection | Boot area | ST programmed default value |
|---|---|---|---|---|
| Open | 0 | SECBOOTADD[31:8] | Boot address defined by user option byte SECBOOTADD[31:8] | Flash: 0x0C00 0000 |
| - | 1 | NA | Bootloader | Bootloader |
| Provisioning | x | NA | RSS | RSS |
| Provisioned, TZ_Closed, Closed, Locked | x | SECBOOTADD[31:8] | Boot address defined by user option byte SECBOOTADD[31:8] | Flash: 0x0C00 0000 |
Note: The BOOT_UBE is available only on STM32H533/73xx devices. Refer to Section 4.2 .
When TrustZone is enabled (TZEN = 0xB4), the boot space must be in secure area. The SECBOOTADD0[24:0] option bytes are used to select the boot secure memory address. A unique boot entry option can be selected by setting the SECBOOT_LOCK option bit.
4.2 STM32H533/73xx boot modes
Table 25 and Table 26 provide the detail of the boot mode products when the TrustZone is, respectively, disabled (TZEN = 0xC3) and enabled (TZEN = 0xB4).
Table 25. Boot mode when TrustZone is disabled (TZEN = 0xC3) - STM32H533/73xx
| PRODUCT_STATE | BOOT0 pin | BOOT_UBE FLASH_OPTSR [29:22] | Boot address option-byte selection | Boot area | ST programmed default value |
|---|---|---|---|---|---|
| Open | 0 | NA | NSBOOTADD[31:8] | Boot address defined by user option byte NSBOOTADD[31:8] | Flash: 0x0800 0000 |
| 1 | NA | NA | Bootloader | Bootloader | |
| Provisioning | x | NA | NA | RSS | RSS |
| Provisioned, Closed, Locked | x | NA | NSBOOTADD[31:8] | Boot address defined by user option byte NSBOOTADD[31:8] | Flash: 0x0800 0000 |
Table 26. Boot mode when TrustZone is enabled (TZEN = 0xB4) - STM32H533/73xx
| PRODUCT_STATE | BOOT0 pin | BOOT_UBE FLASH_OPTSR [29:22] | Boot address option-byte selection | Boot area | ST programmed default value |
|---|---|---|---|---|---|
| Open | 0 | x | SECBOOTADD [31:8] | Boot address defined by user option byte SECBOOTADD[31:8] | Flash: 0x0C00 0000 |
| - | 1 | 0xB4 | NA | Bootloader | Bootloader |
| - | 1 | 0xC3 | NA | ST-iROT | ST-iROT |
| Provisioning | x | NA | NA | RSS | RSS |
| Provisioned, TZ_Closed, Closed, Locked | x | 0xC3 | ST-iROT | ST-iROT | ST-iROT |
| 0xB4 | SECBOOTADD [31:8] | Boot address defined by user option byte SECBOOTADD[31:8] | Flash: 0x0C00 0000 |
When TrustZone is enabled (TZEN = 0xB4), the boot space must be in secure area. The SECBOOTADD0[24:0] option bytes are used to select the boot secure memory address. A unique boot entry option can be selected by setting the SECBOOT_LOCK option bit.