cancel
Showing results for 
Search instead for 
Did you mean: 

X-CUBE-SBSFU bootloader porting

nemethfer
Associate

Hello.

I downloaded and tried your "Secure boot & secure firmware update software expansion for STM32Cube" solution.

https://www.st.com/en/embedded-software/x-cube-sbsfu.html

It works great on my Nucleo-64 board, and the next step what I wanted to do is port it to my own MCU (STM32F2xx).

Here comes my question: Do you have any guide that shows step-by-step what to do exactly?

I started with SECoreBin. I created a project for my own MCU. Changed the HAL, but got errors. I realized that, my MCU had sectors, instead of pages, okay, I changed that to fit my needs. Then I still got errors regarding the CRC, okay I changed that also. etc. etc. etc. Now I can compile everything (in the SECoreBin project), but I get linker errors. I probably have to change something in the linker script.

So the bottom line is: whatever I do, I face a new problem. I am kinda lost in this work. This is why I need some kind of step-by-step guide. If such thing exists.

Or an alternative question: Can I request an official porting for STM32F2xx? That would instantly solve all my problems. 🙂

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
Cedric LECOUTRE
ST Employee

Hi @nemethfer​ ,

the X-CUBE-SBSFU package is today only available for STM32L4, and heavily relying on peripherals/functionalities from this product family for activating different security mechanisms. It will especially use the FireWall and PCROP, which are not available on the STM32F2 product family.

So in short, you can not port this package easily from a product family to another, and there will be no simple guide for this. Only within the same product family or close ones (STM32L4 and STM32L0 for instance) this could be feasible.

On top, to my knowledge, there is no short term release planned for a X-CUBE-SBSFU package on STM32F2. Which does not mean that something can not be re-implemented on STM32F2 for your needs.

As mentioned by @Community member​ , the best way would be to contact ST MCU support teams through ST online support - at https://my.st.com/ols - to share your business case and requirements/requested functionalities: i.e. what do you want to protect in your product, from which kind of attack, etc.. ? There is also a good introduction to these concepts in the STM32 security basics MOOC with hands-on exercises (https://www.st.com/content/st_com/en/support/learning/stm32-education/stm32-moocs/basic-of-security-in-stm32.html).

Best regards,

Cédric

View solution in original post

8 REPLIES 8

The F2 and F4 parts should be very similar beyond the CM3 vs CM4

Perhaps you can discuss with the FAE supporting your account, or have ST provide you with the list of consultants with competence in this area.

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..
Cedric LECOUTRE
ST Employee

Hi @nemethfer​ ,

the X-CUBE-SBSFU package is today only available for STM32L4, and heavily relying on peripherals/functionalities from this product family for activating different security mechanisms. It will especially use the FireWall and PCROP, which are not available on the STM32F2 product family.

So in short, you can not port this package easily from a product family to another, and there will be no simple guide for this. Only within the same product family or close ones (STM32L4 and STM32L0 for instance) this could be feasible.

On top, to my knowledge, there is no short term release planned for a X-CUBE-SBSFU package on STM32F2. Which does not mean that something can not be re-implemented on STM32F2 for your needs.

As mentioned by @Community member​ , the best way would be to contact ST MCU support teams through ST online support - at https://my.st.com/ols - to share your business case and requirements/requested functionalities: i.e. what do you want to protect in your product, from which kind of attack, etc.. ? There is also a good introduction to these concepts in the STM32 security basics MOOC with hands-on exercises (https://www.st.com/content/st_com/en/support/learning/stm32-education/stm32-moocs/basic-of-security-in-stm32.html).

Best regards,

Cédric

So, this is a lie: "X-CUBE-SBSFU is built on top of STM32Cube software technology, making the portability across different STM32 microcontrollers easy."

https://www.st.com/en/embedded-software/x-cube-sbsfu.html

Cedric LECOUTRE
ST Employee

Hi @Mark Peter Vargha​,

I will not say it this way: as shared above, this is true today within L4/L0 product family. It will be even more true by next year when X-CUBE-SBSFU will start to be available on some other first representative of the different STM32 product families.

If you have a specific business need to share, feel free please contact us through ST Online Support (https://my.st.com/ols).

Best regards,

Cédric

"this is true today within L4/L0 product family"

There is no mention about this limitation in the official documentation. Nowhere.

AN5056:

"Porting X-CUBE-SBSFU onto another board X-CUBE-SBSFU supplements the STM32Cube™ software technology, making portability across different STM32 microcontrollers easy. It comes with a set of examples implemented on given STM32 boards that are useful starting points to port the X-CUBE-SBSFU onto another STM32 board. The NUCLEO-L476RG and NUCLEO-L432KC boards are used as examples in this document."

Data brief:

"X-CUBE-SBSFU is built on top of STM32Cube software technology, making the portability across different STM32 microcontrollers easy. It is provided as reference code to demonstrate the state-of-the-art usage of STM32 security protection. The X-CUBE-SBSFU Expansion Package comes with examples running on the STM32L4 Series. "

"The X-CUBE-SBSFU Expansion Package runs on STM32 32-bit microcontrollers based on the Arm®(a) Cortex®-M processor. "

UM2262:

"X-CUBE-SBSFU supplements the STM32Cube software technology, making portability across different STM32 microcontrollers easy. It comes with an example implementation running on the NUCLEO-L476RG platform. X-CUBE-SBSFU is provided as reference code to demonstrate state-of-the-art usage of the STM32 security protection mechanisms. It is a starting point for OEM"

So it would be nice to mention the limitations...

I agree that a more straight-forward approach would be much more preferable.

There is nothing more annoying to an engineer than a salesman who says YES to every feature the customer asks about, where NO or I DON'T KNOW are the appropriate responses. The salesman cashes the commission check, and the engineer has to work long hours cleaning up the mess, or mollifying the customer.

ST needs to take a much more measured approach to putting things in slide-decks and data sheets, to avoid saying things that they are not ready to support with demonstration code, and validation reports. ISO compliance would seem to require such restraint.

Failure to do so just poisons the well.

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..
ranran
Senior II

Hello,

Is it that X-CUBE-SBSFU is not available for STM32H7 familiy ?

Thanks,

ranran

Check with your local sales office, almost certainly a port available

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..