wolfSSL · aidangarske · May 15, 2026
diff --git a/.github/workflows/test-configs.yml b/.github/workflows/test-configs.yml
@@ -456,6 +456,18 @@ jobs:
       arch: arm
       config-file: ./config/examples/stm32h5-dualbank.config
 
+  stm32n6_test:
+    uses: ./.github/workflows/test-build.yml
+    with:
+      arch: arm
+      config-file: ./config/examples/stm32n6.config
+
+  stm32n6_tz_test:
+    uses: ./.github/workflows/test-build.yml
+    with:
+      arch: arm
+      config-file: ./config/examples/stm32n6-tz.config
+
   stm32h5_tz_test:
     uses: ./.github/workflows/test-build.yml
     with:

diff --git a/Makefile b/Makefile
@@ -242,6 +242,11 @@ ifeq ($(TARGET),stm32h5)
 	# Don't build a contiguous image
     MAIN_TARGET:=wolfboot.bin test-app/image_v1_signed.bin
 endif
+
+ifeq ($(TARGET),stm32n6)
+	# Don't build a contiguous image
+    MAIN_TARGET:=wolfboot.bin test-app/image_v1_signed.bin
+endif
 endif # TZEN=1
 
 ifeq ($(TARGET),x86_64_efi)
@@ -289,6 +294,11 @@ ifeq ($(TARGET),zynq7000)
     MAIN_TARGET:=wolfboot.bin test-app/image_v1_signed.bin
 endif
 
+ifeq ($(TARGET),stm32n6)
+    # wolfBoot runs from SRAM, app from XIP on external NOR - no contiguous factory.bin
+    MAIN_TARGET:=wolfboot.bin test-app/image_v1_signed.bin
+endif
+
 ifeq ($(TARGET),rp2350)
     MAIN_TARGET:=include/target.h keytools wolfboot_signing_private_key.der pico-sdk-info
 endif
@@ -684,6 +694,12 @@ stack-usage: wolfboot.bin
 image-header-size: wolfboot.bin
 	$(Q)echo $(IMAGE_HEADER_SIZE) > .image_header_size
 
+## Target-specific flash targets
+ifeq ($(TARGET),stm32n6)
+flash: wolfboot.bin test-app/image_v1_signed.bin
+	$(Q)tools/scripts/stm32n6_flash.sh --skip-build
+endif
+
 
 cppcheck:
 	cppcheck -f --enable=warning --enable=portability \

diff --git a/arch.mk b/arch.mk
@@ -290,6 +290,18 @@ ifeq ($(ARCH),ARM)
 
   endif
 
+  ifeq ($(TARGET),stm32n6)
+    CORTEX_M55=1
+    CFLAGS+=-Ihal
+    ARCH_FLASH_OFFSET=0x70000000
+    # Boot ROM copies FSBL from NOR to AXISRAM2 at 0x34180400.
+    # The signing -la flag in the flash script must match.
+    WOLFBOOT_ORIGIN=0x34180400
+    EXT_FLASH=1
+    PART_UPDATE_EXT=1
+    PART_SWAP_EXT=1
+  endif
+
   ifeq ($(TARGET),rp2350)
     CORTEX_M33=1
     CFLAGS+=-Ihal
@@ -442,12 +454,22 @@ else
     CORTEXM_ARM_EXTRA_CFLAGS+=-DWOLFSSL_ARMASM -DWOLFSSL_ARMASM_NO_HW_CRYPTO \
                               -DWOLFSSL_ARMASM_NO_NEON -DWOLFSSL_ARMASM_THUMB2
   endif
+  ifeq ($(CORTEX_M55),1)
+    CORTEX_M33=1
+    CFLAGS+=-mcpu=cortex-m55 -DCORTEX_M55
+    LDFLAGS+=-mcpu=cortex-m55
+  endif
   ifeq ($(CORTEX_M33),1)
-    CFLAGS+=-mcpu=cortex-m33 -DCORTEX_M33
-    LDFLAGS+=-mcpu=cortex-m33
+    CFLAGS+=-DCORTEX_M33
+    ifneq ($(CORTEX_M55),1)
+      CFLAGS+=-mcpu=cortex-m33
+      LDFLAGS+=-mcpu=cortex-m33
+    endif
     ifeq ($(TZEN),1)
       ifneq (,$(findstring stm32,$(TARGET)))
-        OBJS+=hal/stm32_tz.o
+        ifneq ($(TARGET),stm32n6)
+          OBJS+=hal/stm32_tz.o
+        endif
       endif
       CFLAGS+=-mcmse
       SECURE_LDFLAGS+=-Wl,--cmse-implib -Wl,--out-implib=./src/wolfboot_tz_nsc.o

diff --git a/config/examples/stm32n6-tz.config b/config/examples/stm32n6-tz.config
@@ -0,0 +1,49 @@
+ARCH?=ARM
+TARGET?=stm32n6
+TZEN?=1
+SIGN?=ECC256
+HASH?=SHA256
+DEBUG?=0
+DEBUG_UART?=1
+VTOR?=1
+NO_ASM?=0
+NO_MPU=1
+SPI_FLASH?=0
+ALLOW_DOWNGRADE?=0
+NVM_FLASH_WRITEONCE?=0
+WOLFBOOT_VERSION?=1
+V?=0
+SPMATH?=1
+RAM_CODE?=1
+WOLFBOOT_SECTOR_SIZE?=0x1000
+WOLFBOOT_PARTITION_SIZE?=0x100000
+# Boot partition: secure alias (0x70020000). wolfBoot itself runs
+# Secure and reads + verifies the signed image through this alias
+# while RISAF12 region 1 has SEC=1 covering the full XSPI2 window.
+# Right before do_boot() BLXNSes into the application, hal_prepare
+# _boot() flips RISAF12 subregion A (offset 0x20000..0x11FFFF) to NS
+# so the NS CPU can fetch its own code from 0x90020000. The
+# test-app linker promotes this base address to the NS-IDAU alias
+# 0x9xxxxxxx by adding 0x20000000 -- same XSPI2 NOR sectors, IDAU =
+# Non-Secure view.
+WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x70020000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x00120000
+WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x00010000
+IMAGE_HEADER_SIZE?=1024
+# Boot partition is on the same XSPI2 NOR flash as update/swap.
+# PART_BOOT_EXT routes boot partition reads through ext_flash API (SPI
+# commands) instead of XIP, avoiding bus faults when XSPI2 toggles
+# between memory-mapped and command mode during firmware updates.
+CFLAGS_EXTRA+=-DPART_BOOT_EXT
+BOOTLOADER_PARTITION_SIZE=0x40000
+# NSC veneers: placed in the NS alias of the top 4 KB of wolfBoot's
+# 256 KB AXISRAM2 region. Physical bytes are shared with FLASH (same
+# SRAM); SAU promotes this NS view to NSC so secure-gateway stubs are
+# reachable via BLXNS from the NS app. WOLFCRYPT_TZ is off in this
+# config, so the section is empty -- but the linker requires a home.
+WOLFBOOT_NSC_ADDRESS?=0x2418F000
+WOLFBOOT_NSC_SIZE?=0x1000
+# Keyvault unused while WOLFCRYPT_TZ=0; reserve a small dummy region
+# so the H5-derived linker template substitutes cleanly.
+WOLFBOOT_KEYVAULT_ADDRESS?=0x2418E000
+WOLFBOOT_KEYVAULT_SIZE?=0x1000
diff --git a/config/examples/stm32n6.config b/config/examples/stm32n6.config
@@ -0,0 +1,30 @@
+ARCH?=ARM
+TARGET?=stm32n6
+SIGN?=ECC256
+HASH?=SHA256
+DEBUG?=0
+DEBUG_UART?=1
+VTOR?=1
+NO_ASM?=0
+NO_MPU=1
+SPI_FLASH?=0
+ALLOW_DOWNGRADE?=0
+NVM_FLASH_WRITEONCE?=0
+WOLFBOOT_VERSION?=1
+V?=0
+SPMATH?=1
+RAM_CODE?=1
+WOLFBOOT_SECTOR_SIZE?=0x1000
+WOLFBOOT_PARTITION_SIZE?=0x100000
+WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x70020000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x00120000
+WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x00010000
+IMAGE_HEADER_SIZE?=1024
+# Boot partition is on the same XSPI2 NOR flash as update/swap.
+# PART_BOOT_EXT ensures boot partition reads go through ext_flash API
+# (SPI commands) instead of XIP, avoiding bus faults when XSPI2 toggles
+# between memory-mapped and command mode during firmware updates.
+CFLAGS_EXTRA+=-DPART_BOOT_EXT
+# Enable verbose fault handler so a hardfault prints registers via UART
+CFLAGS_EXTRA+=-DDEBUG_HARDFAULT
+BOOTLOADER_PARTITION_SIZE=0x40000
diff --git a/config/openocd/openocd_stm32n6.cfg b/config/openocd/openocd_stm32n6.cfg
@@ -0,0 +1,108 @@
+# OpenOCD config for NUCLEO-N657X0-Q with MX25UM51245G NOR on XSPI2
+
+source [find interface/stlink.cfg]
+transport select swd
+
+set CHIPNAME stm32n6x
+set WORKAREASIZE 0x10000
+
+source [find target/stm32n6x.cfg]
+
+# Work-area above wolfBoot SRAM region
+$_TARGETNAME configure -work-area-phys 0x34020000 -work-area-size $WORKAREASIZE -work-area-backup 0
+
+# XSPI2 NOR flash bank (memory-mapped at 0x70000000, regs at 0x5802A000)
+set XSPI2_BANK_ID [llength [flash list]]
+flash bank $CHIPNAME.xspi2 stmqspi 0x70000000 0 0 0 $CHIPNAME.cpu 0x5802A000
+
+# Mark VDDIO supplies valid (required for XSPI2 GPIO)
+proc pwr_enable_io_supply {} {
+    mmw 0x5602825C 0x00040000 0   ;# RCC_AHB4ENR: PWR clock
+    mmw 0x56024834 0x00000100 0   ;# SVMCR1: VDDIO4SV
+    mmw 0x56024838 0x00000100 0   ;# SVMCR2: VDDIO5SV
+    mmw 0x5602483C 0x00000300 0   ;# SVMCR3: VDDIO2SV + VDDIO3SV
+}
+
+# Port N GPIO for XSPI2 (PN0-PN11, AF9, very high speed)
+proc xspi2_gpio_init {} {
+    mmw 0x5602825C 0x00002000 0          ;# RCC_AHB4ENR: GPION clock
+    sleep 1
+    mmw 0x56023400 0x00AAAAAA 0x00555555 ;# MODER: AF mode
+    mmw 0x56023408 0x00FFFFFF 0          ;# OSPEEDR: very high
+    mmw 0x5602340C 0 0x00FFFFFF          ;# PUPDR: no pull
+    mww 0x56023420 0x99999999            ;# AFRL: AF9
+    mww 0x56023424 0x00009999            ;# AFRH: AF9
+}
+
+# XSPI2 init: single-SPI, /16 prescaler, NOR reset, enter mmap mode
+proc xspi2_init {} {
+    mmw 0x56028260 0x00003000 0 ;# RCC_AHB5ENR: XSPI2 + XSPIM clocks
+    mmw 0x56028248 0x00000008 0 ;# RCC_MISCENR: XSPI PHY comp clock
+    sleep 1
+
+    mww 0x5802A000 0x00000000   ;# CR: disable
+    sleep 1
+    mww 0x5802A008 0x001A0308   ;# DCR1: DLYBYP, DEVSIZE=26, CSHT=3
+    mww 0x5802A00C 0x0000000F   ;# DCR2: prescaler /16
+    sleep 1
+    mww 0x5802A000 0x00000001   ;# CR: enable
+
+    # NOR flash software reset (0x66 + 0x99)
+    mmw 0x5802A000 0x00000002 0 ;# abort
+    sleep 1
+    mww 0x5802A024 0x0000000B   ;# FCR: clear flags
+    mww 0x5802A100 0x00000001   ;# CCR: IMODE=single
+    mww 0x5802A108 0x00000000   ;# TCR: no dummy
+    mww 0x5802A110 0x00000066   ;# IR: Reset Enable
+    sleep 1
+
+    mmw 0x5802A000 0x00000002 0 ;# abort
+    sleep 1
+    mww 0x5802A024 0x0000000B
+    mww 0x5802A100 0x00000001
+    mww 0x5802A108 0x00000000
+    mww 0x5802A110 0x00000099   ;# IR: Reset Memory
+    sleep 10
+
+    xspi2_mem_mapped
+}
+
+# Memory-mapped fast-read mode (single-SPI, 4-byte addr, 8 dummy cycles)
+proc xspi2_mem_mapped {} {
+    mmw 0x5802A000 0x00000002 0 ;# abort
+    sleep 1
+    mww 0x5802A000 0x30000001   ;# CR: mmap + enable
+    mww 0x5802A100 0x01003101   ;# CCR: IMODE=1, ADMODE=1, ADSIZE=3, DMODE=1
+    mww 0x5802A108 0x40000008   ;# TCR: DCYC=8, SSHIFT
+    mww 0x5802A110 0x0000000C   ;# IR: Fast Read 4B
+}
+
+# Set NOR flash params manually (SFDP not readable in single-SPI mode)
+proc xspi2_flash_set {} {
+    global XSPI2_BANK_ID
+    stmqspi set $XSPI2_BANK_ID MX25UM51245G 0x4000000 0x100 0x13 0 0x12 0x60 0x1000 0x21
+}
+
+# Full reinit for use when XSPI2 may already be configured
+proc xspi2_reinit {} {
+    global XSPI2_BANK_ID
+    pwr_enable_io_supply
+    xspi2_gpio_init
+    xspi2_init
+    xspi2_flash_set
+    flash probe $XSPI2_BANK_ID
+    xspi2_flash_set
+}
+
+$_TARGETNAME configure -event reset-init {
+    global XSPI2_BANK_ID
+    pwr_enable_io_supply
+    xspi2_gpio_init
+    xspi2_init
+    xspi2_flash_set
+    flash probe $XSPI2_BANK_ID
+    # Re-set after probe (stmqspi driver quirk)
+    xspi2_flash_set
+}
+
+init