Add wolfBoot port for STM32N6 (NUCLEO-N657X0-Q)#720
Open
aidangarske wants to merge 4 commits intomasterfrom
Open
Add wolfBoot port for STM32N6 (NUCLEO-N657X0-Q)#720aidangarske wants to merge 4 commits intomasterfrom
aidangarske wants to merge 4 commits intomasterfrom
Conversation
aidangarske
force-pushed
the
stm32n6-port-wolfboot
branch
from
fedaf00 to
1416f2f
Compare
dgarske
requested changes
Mar 13, 2026
Member
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Great work! I haven't tested on hardware yet, but have looked over each line.
dgarske
requested changes
Mar 18, 2026
Add HAL, build system, test app, and documentation for the STM32N6 (Cortex-M55) targeting the NUCLEO-N657X0-Q board. wolfBoot runs from SRAM as FSBL and boots a signed application via XIP from external NOR flash on XSPI2.
Fix PLL1 bypass bit (PLL1BYP) in PLL1CFGR1 that Boot ROM leaves set, which was routing HSI 64 MHz directly to PLL output instead of the 1200 MHz VCO. CPU now runs at 600 MHz (verified via DWT CYCCNT). - Clear PLL1CFGR1 BYP bit to enable VCO output - Simplify PLL1CFGR3 configuration to single write - Consolidate flash write/erase into shared nor_flash_write/erase helpers - Rename xspi_ functions to octospi_ for consistency with register macros - Add CORTEX_M55 define to arch.mk for future use - Add clock tree documentation in clock_config() and PWR_VOSCR - Combine CPUSW and SYSSW clock switch into single register write - Add XSPI2 RAMFUNCTION comments and TEF error handling - Add release announcement doc (docs/release-stm32n6.md) - wolfBoot binary: 23KB, test-app: 3KB
dgarske
previously approved these changes
Mar 18, 2026
dgarske
force-pushed
the
stm32n6-port-wolfboot
branch
from
4100805 to
cc789ae
Compare
- Fix UART: remove static from uart_write, fix signature to match printf.h, correct PCLK2 clock frequency (200 MHz not 300 MHz) - Add SAU configuration: blanket NSC region for non-TZ, proper secure/non-secure SAU regions for TZEN=1 - Add PART_BOOT_EXT support: boot and update partitions share the same XSPI2 NOR flash, ext_flash_addr() translates absolute memory-mapped addresses to device-relative offsets - Buffer XIP data in nor_flash_write() before SPI commands - Move dcache_enable() after octospi_init() to prevent stale reads - Add TZ_SECURE() macro with conditional secure/non-secure peripheral base addresses in hal/stm32n6.h - Add TZEN=1 support: wolfBoot runs from secure SRAM (0x24000000), app boots into non-secure state, flash script auto-detects TZEN - Exclude STM32N6 from stm32_tz.o (uses its own SAU config) and from blxns boot path (CORTEX_M55 uses regular boot) - Enhanced test-app with UART output, partition info, version display, state handling, and auto-success for TESTING state - Add stm32n6-tz.config example and CI entries in test-configs.yml - Update Targets.md with TrustZone, SAU, PART_BOOT_EXT, and UART clock documentation - Add DEBUG_UART=1 and RAM_CODE=1 to stm32n6.config
dgarske
force-pushed
the
stm32n6-port-wolfboot
branch
from
cc789ae to
896c2a7
Compare
…ing code was only loading to SRAM)
dgarske
requested changes
Mar 23, 2026
Member
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
This PR is in good shape, but the boot ROM from QSPI isn't working. @aidangarske please work on it. Not rush on this, it can be post release. I think it does require some OTP registers to be set, but I tried setting OTA124 and it didn't change the results. Note you also have to set BOOT0/BOOT1 jumpers to switch between boot modes.
aidangarske
commented
Apr 14, 2026
Member
Author
aidangarske
left a comment
aidangarske
left a comment
There was a problem hiding this comment.
Skoll Code Review
Scan type: review-security
Overall recommendation: COMMENT
Findings: 5 total — 4 posted, 1 skipped
4 finding(s) posted as inline comments (see file-level comments below)
Posted findings
- [Medium] TZEN=1 boot path sets secure VTOR to non-secure application memory —
src/boot_arm.c:422-466 - [Medium] octospi_write_enable ignores return value allowing silent flash operation failures —
hal/stm32n6.c:143-147 - [Low] Flash script uses predictable temporary file path —
tools/scripts/stm32n6_flash.sh:142 - [Info] Documentation describes TZEN=1 secure SRAM alias but code uses non-secure alias for both modes —
docs/Targets.md:1855-1860
Skipped findings
- [Low]
Unaligned uint32_t pointer dereference in octospi_cmd data transfer loop
Review generated by Skoll
Member
|
@aidangarske how's this going? If you won't have time in the next week let me know and I can finish it up. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add TrustZone (TZEN=1) support for the STM32N6 port with proper secure/non-secure SAU configuration, firmware update swap support, and an enhanced test application with UART output.
Features
0x24000000) using secure peripheral aliases. SAU configured with proper secure/non-secure regions. Application boots into non-secure state.0x34000000) with blanket SAU NSC region for full memory access.PART_BOOT_EXTto handle shared XSPI2 NOR flash between boot and update partitions.wolfBoot_success()handling for TESTING state. LED indicates firmware version (blue=v1, red=v2+).config/examples/stm32n6-tz.configfor TrustZone-enabled builds.stm32n6andstm32n6-tzbuild tests totest-configs.yml.--test-updatemode now writes update trigger magic (pBOOT) and auto-detects TZEN for correct SRAM load address.Fixes
uart_writelinkage: Removedstaticqualifier and fixed signature to matchprintf.h(unsigned int len).hal_init()— without it, the IDAU blocks secure CPU access to XSPI2 memory-mapped region (0x70000000), causing bus faults during image verification.PART_BOOT_EXT, the update swap reads boot partition data via XIP while XSPI2 is in SPI command mode, causing bus faults. Theext_flash_*functions now translate absolute memory-mapped addresses to device-relative offsets.nor_flash_write()copies source data to a stack buffer before issuing SPI commands, since the source pointer may reference XIP flash that becomes inaccessible when XSPI2 leaves memory-mapped mode.dcache_enable()afteroctospi_init()to prevent caching stale data from the flash region before memory-mapped mode is configured.blxnsnon-secure boot path and non-secure VTOR, since the CPU security state depends on the SRAM alias used (IDAU-based), not a runtime TrustZone transition.openocd-org/openocd(not ST fork) fortarget/stm32n6x.cfgsupport.Test Results (NUCLEO-N657X0-Q hardware)