How to build SBSFU when your company IT tools remove the exe files installed in the package

Jocelyn RICARD · ‎2020-06-25

As well as for TFM case, some IT tools remove exe files.

The SBSFU is using:

c:\STM32SecuWS\L4\STM32CubeExpansion_SBSFU_V2.3.0\Middlewares\ST\STM32_Secure_Engine\Utilities\KeysAndImages\win\prepareimage\prepareimage.exe

If this file was removed, please rename win directory to another one.

Then install python 3.7

go to :

c:\STM32SecuWS\L4\STM32CubeExpansion_SBSFU_V2.3.0\Middlewares\ST\STM32_Secure_Engine\Utilities\KeysAndImages\

and launch:

pip3 install -r requirements.txt

The file requirements.txt already exists and contains:

pycryptodome

pycryptodomex

ecdsa

pyelftools

numpy

Internet access is needed to process pip command.

Nothing else is needed. During build process the python script will automatically be selected.

Best regards

Jocelyn

ntfreak · ‎2020-06-30

I have exactly the same problem regarding the following binaries getting flagged and deleted:

STM32Cube_FW_L5_V1.2.0\Middlewares\Third_Party\trustedfirmware\bl2\ext\mcuboot\scripts\dist\assemble\assemble.exe
STM32Cube_FW_L5_V1.2.0\Middlewares\Third_Party\trustedfirmware\bl2\ext\mcuboot\scripts\dist\imgtool\imgtool.exe
 
STM32CubeExpansion_SBSFU_V2.3.0\Middlewares\ST\STM32_Secure_Engine\Utilities\KeysAndImages\win\prepareimage.exe
STM32CubeExpansion_SBSFU_V2.3.0\Middlewares\ST\STM32_Secure_Engine\Utilities\KeysAndImages\win\prepareimage\prepareimage.exe

For us the corporate tool in question is Cylance. Getting our IT to add an exception is near impossible, the work around for us is to digitally sign the binary in question. Luckily I have access to tools that enable us to sign these binaries.

So a comment for ST when you distribute any binary can you make sure it is digitally signed?

Regards

Frantz LEFRERE · ‎2020-07-02

Thanks Jocelyn, all info is in your post.