Build & Load: STM32 (S/NS)

Build and load programs with S/NS segregation on STM32 without debugging

Overview

This document describes how to build, load, and run RTK-based programs with S/NS segregation for the Cortex-M33 STM32 series of MCUs without debugging.

• Tested with STM32U585 and STM32H573.

• The native binary file format is ELF, both with or without debugging.

• S/NS programs comprise two ELF files, one for the Secure program and the NSC veneers, one for the Non-secure program.

• make-elf creates the ELF files.

• The suite of tools used is Astrobe for RP2350 – despite its name, at its core it is a compiler and linker for processors based on Cortex-M33, which work well for the STM32U585 and STM32H573. Specific .ini config files are needed with the correct address ranges, and the framework provides the STM32-specific modules.

• Other guides:

  • Secure/Non-secure with debugging: Build, Load & Debug: STM32 (S/NS)
  • Non-S/NS, without debugging: Build & Load: STM32
  • Non-S/NS, with debugging: Build, Load & Debug: STM32

See also Practical Notes.

Set-up

Prerequisites

The build configuration must be set up as explained in:

• Set-up: Build Scripts on STM32

STM32 Configuration

The following MCU configuration is assumed:

• TrustZone is enabled

• the 2MB flash memory has been configured, via option bytes

  • block 1 of 1 MB is Secure (address alias: 0C000000H)
  • block 2 of 1 MB is Non-secure (address alias: 08100000H)

Project

• Directories:

  • S program in <project-dir>/sec
  • NS program in <project-dir>/nonsec

• Commands as shown are run with cwd = <project-dir>.

• Two Astrobe configuration files are required, one for the Secure and one for the Non-secure program. An easy way to provide the configuration files is to place them directly in the project directories sec and nonsec, where they can be picked up by the build scripts.

• Refer to Compile and Link: STM32 for the address ranges as used by the example programs.

Steps

1. Build the ELF Files

Building the two ELF files for the Secure and the Non-secure program is a multi-step process, which is best implemented and executed using a build script.

The S/NS example programs provide build-elf.cmd, which builds both the Secure and Non-secure ELF binaries, called S-program.elf and NS-program.elf below. This script can serve as basis for your own projects and programs.

2. Load the ELF Files

There are two options:

• STM32CubeProgrammer GUI, or
• STM32_Programmer_CLI

2a. STM32CubeProgrammer GUI

1. connect via ST-Link (click the button on top right, green/yellow-ish)
2. left hand side, use tab "Memory & File editing"
3. new tab => open <NS-program>.elf
4. click the blue-ish Download button
5. new tab => open <S-program>.elf
6. click the blue-ish Download button
7. after downloading, press the board reset button to start the Secure program

2b. STM32_Programmer_CLI

STM32_Programmer_CLI.exe -c port=SWD -d <nonsec/NS-program>.elf
STM32_Programmer_CLI.exe -c port=SWD -d <sec/S-program>.elf -s

The -s option resets the board and starts the Secure program.

STM32_Programmer_CLI uses the on-board ST-Link firmware to connect.

See External Tools how to install the STM32 programmer.

Inside the Build Script

The build script executes the following steps. Upon error, the script terminates.

1. Compile the Secure program, running AstrobeBuild, which recursively compiles all modules as needed.

2. Run sec-epilogue to add the Secure epilogues to all procedures that are exposed to the Non-secure world.

3. Re-compile the Secure program to ensure that it contains the Secure epilogues.

4. Link the Secure program, running AstrobeLink.

5. Run gen-secure to create the Non-secure Callable (NSC) binary, containing one gateway veneer block per procedure exposed to the Non-secure world, plus the interface modules for the Non-secure code to call into the Secure world via the gateways.

6. Run make-elf to create the Secure ELF binary in sec, with the NSC binary embedded.

7. Run build-clean to remove the Secure-side object files. The Secure and Non-secure sides use different alias address spaces for flash and SRAM; compiled modules embed those addresses, so every imported module must be re-built before linking the Non-secure side. Otherwise AstrobeLink rejects the Secure-side objects with "wrong version" errors.

8. Compile the Non-secure program, running AstrobeBuild.

9. Link the Non-secure program, running AstrobeLink.

10. Run make-elf to create the Non-secure ELF binary in nonsec.

Last updated: 16 May 2026