FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32 AES bootloader

AlexSmart
Senior

‎2013-10-07 06:33 AM

Posted on October 07, 2013 at 15:33

Couldn't find topic related appnotes ... Is there any?

Like Atmel's http://www.atmel.com/Images/doc2589.pdf

There has to be a way to make a easy and protected firmware upgrade on STM chips!

Or I'm just bad at finding stuff...

#bootloader #stm32 #stm32 #bootloader #rdp
Labels:
0 Kudos
3 REPLIES 3
Tesla DeLorean
Guru

‎2013-10-07 07:56 AM

Posted on October 07, 2013 at 16:56

http://www.st.com/web/en/resource/technical/document/application_note/DM00044227.pdf

http://www.st.com/st-web-ui/static/active/cn/resource/technical/document/application_note/DM00075930.pdf

Now you might be able to get the code/docs out of ST, but it will likely require you to jump through a lot of hoops and sign a lot of paperwork.

Secure firmware is not magic, but is complicated to do thoroughly, and AES encryption code is readily available in the public domain. The F21x and F41x have hardware encryption also.

Securely locking down the device plays off against being able to update it. Ideally you want to disable JTAG/SWD interfaces and make them difficult to access. This of course does not protect you from people with physical access to your device, and the industrial methods to break and destroy it, and desire to do so.

The method and ideas expressed by Atmel, TI and NXP, et al are applicable to most devices, there will be some trade-offs in the hw/sw split of the implementations.

I'd recommend becoming familiar with the process, the need to keep end-to-end security, and the weakness/vulnerabilities in the system, and those whom you wish to protect against, and their skills/resources.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
0 Kudos
AlexSmart
Senior

‎2013-10-08 01:52 AM

Posted on October 08, 2013 at 10:52

I'm looking through http://www.st.com/web/catalog/tools/FM147/CL1794/SC961/SS1743/PF257903 right now.

It's great and basing on this stuff I can write my own boot code with decryption.

BUT! There is no example code for enabling/disabling readout protection. And this is ve-eeery important.
0 Kudos
AlexSmart
Senior

‎2013-10-08 05:12 AM

Posted on October 08, 2013 at 14:12

Ok, I found Read Protection functions in stm32f4xx_flash.c

But I can't understand, how to make a correct algorythm

Step 1. Manufacture. Boot code (BOOT) and software (SOFT) programmed by manufacturer.

            Read and write protections setted by BOOT.

Step 2. SOFT update by user via BOOT: read and write protections cleared by BOOT,   

            SOFT downloaded by BOOT, read and write protections setted by BOOT.

Everything is great, except when BOOT clearing the read protection it erasing itself, even when it's write protected.

What I'm missing???
0 Kudos
Top