SBSFU - Start in different flash memory sector

STsch.1 · ‎2021-12-29

Hi,

I'm using a STM32F722RE and in my current application, I used sector 2 and 3 of the flash as a virtual EEPROM. The memory of the controller looks like this:

So sector 4 should be enough for the SBSFU and I would like to set my application to sector 5 and the download area to sector 6. Now, when I change everything in the linkerscript, the controller goes somewhere unexpected and I lose the debug connection,

What I have done:

The linkerscript of the SECoreBin is unchanged.

The linkerscripts of the SBSFU are changed as follow:

STM32F722REx_FLASH.ld:

/* Entry Point */
ENTRY(Reset_Handler)
 
/* Highest address of the user mode stack */
_estack = 0x2003C000;    /* end of RAM */
/* Generate a link error if heap and stack don't fit into RAM */
_Min_Heap_Size = 0;      /* required amount of heap  */
_Min_Stack_Size = 0x2000; /* required amount of stack */
 
INCLUDE mapping_fwimg.ld
INCLUDE mapping_sbsfu.ld
 
/* Specific SBSFU definition */
__ICFEDIT_intvec_start__    = 0x08010000;
SE_Binary_region_ROM_Length = __ICFEDIT_SE_Code_region_ROM_end__ - __ICFEDIT_SE_CallGate_region_ROM_start__ + 1;
 
/* Specify the memory areas */
MEMORY
{ 
 ISR_VECTOR (rx)               : ORIGIN = __ICFEDIT_intvec_start__, LENGTH = VECTOR_SIZE
 SE_Binary_region_ROM (rx)     : ORIGIN = __ICFEDIT_SE_CallGate_region_ROM_start__, LENGTH = SE_Binary_region_ROM_Length 
}

mapping_fwimg:

/* Slots must be aligned on sector size */
 
/* Active slot #1 : 1984 kbytes */
__ICFEDIT_SLOT_Active_1_start__  = 0x08020000;  
__ICFEDIT_SLOT_Active_1_end__    = 0x0803FFFF;
__ICFEDIT_SLOT_Active_1_header__ = __ICFEDIT_SLOT_Active_1_start__;
 
/* Slots not configured */
__ICFEDIT_SLOT_Active_2_header__ = 0x00000000;
__ICFEDIT_SLOT_Active_2_start__  = 0x00000000;
__ICFEDIT_SLOT_Active_2_end__    = 0x00000000;
__ICFEDIT_SLOT_Active_3_header__ = 0x00000000;
__ICFEDIT_SLOT_Active_3_start__  = 0x00000000;
__ICFEDIT_SLOT_Active_3_end__    = 0x00000000;

mapping_sbsfu:

/* SE Code region protected by protected area */
VECTOR_SIZE = 0x400;
__ICFEDIT_SE_Code_region_ROM_start__       = 0x08010000 + VECTOR_SIZE;
__ICFEDIT_SE_CallGate_region_ROM_start__   = __ICFEDIT_SE_Code_region_ROM_start__;  /* No need to do +4 as we have dummy bytes in SE_CoreBin .ld file */
__ICFEDIT_SE_CallGate_region_ROM_end__     = __ICFEDIT_SE_Code_region_ROM_start__ + 0x1FF;
 
/* SE key region protected by protected area */
__ICFEDIT_SE_Key_region_ROM_start__        = __ICFEDIT_SE_CallGate_region_ROM_end__ + 0x1;
__ICFEDIT_SE_Key_region_ROM_end__          = __ICFEDIT_SE_Key_region_ROM_start__ + 0xFF;
 
/* SE Startup: call before enabling protected area*/
__ICFEDIT_SE_Startup_region_ROM_start__    = __ICFEDIT_SE_Key_region_ROM_end__ + 0x1;
__ICFEDIT_SE_Code_nokey_region_ROM_start__ = __ICFEDIT_SE_Startup_region_ROM_start__ + 0x100;
/* Aligned SE End at the end of the 1st 32Kbytes of flash, MPU protection isolation constraints */
__ICFEDIT_SE_Code_region_ROM_end__         =  0x08017FFF;
 
/* SE IF ROM: used to locate Secure Engine interface code out of protected area */
__ICFEDIT_SE_IF_region_ROM_start__         = __ICFEDIT_SE_Code_region_ROM_end__ + 1;
__ICFEDIT_SE_IF_region_ROM_end__           = __ICFEDIT_SE_IF_region_ROM_start__ + 0x8FF;
 
/* SBSFU Code region */
__ICFEDIT_SB_region_ROM_start__            = __ICFEDIT_SE_IF_region_ROM_end__ + 0x1;
/* Aligned SE End at the end of the 1st 64Kbytes of flash, MPU protection isolation constraints */
__ICFEDIT_SB_region_ROM_end__              =  0x0801FFFF;

So I don't see what is wrong here? Do I need to change something else?

STsch.1 · ‎2021-12-30

From my testing, always when I choose another start address for the SBSFU than 0x8000000, the update process over tera term fails and the SBSFU firmware gets bricked. The thing is, the SBSFU boots correctly before I flash the first time the application.

I also tried to split as follows, but this leads to the same error:

/* SE Code region protected by protected area */
VECTOR_SIZE = 0x400;
__ICFEDIT_SE_Code_region_ROM_start__       = 0x08000000 + VECTOR_SIZE;
__ICFEDIT_SE_CallGate_region_ROM_start__   = __ICFEDIT_SE_Code_region_ROM_start__;  /* No need to do +4 as we have dummy bytes in SE_CoreBin .ld file */
__ICFEDIT_SE_CallGate_region_ROM_end__     = __ICFEDIT_SE_Code_region_ROM_start__ + 0x1FF;
 
/* SE key region protected by protected area */
__ICFEDIT_SE_Key_region_ROM_start__        = __ICFEDIT_SE_CallGate_region_ROM_end__ + 0x1;
__ICFEDIT_SE_Key_region_ROM_end__          = __ICFEDIT_SE_Key_region_ROM_start__ + 0xFF;
 
/* SE Startup: call before enabling protected area*/
__ICFEDIT_SE_Startup_region_ROM_start__    = __ICFEDIT_SE_Key_region_ROM_end__ + 0x1;
__ICFEDIT_SE_Code_nokey_region_ROM_start__ = __ICFEDIT_SE_Startup_region_ROM_start__ + 0x100;
/* Aligned SE End at the end of the 1st 32Kbytes of flash, MPU protection isolation constraints */
__ICFEDIT_SE_Code_region_ROM_end__         =  0x08007FFF;
 
/* SE IF ROM: used to locate Secure Engine interface code out of protected area */
__ICFEDIT_SE_IF_region_ROM_start__         =  0x08010000; /*__ICFEDIT_SE_Code_region_ROM_end__ + 1;*/
__ICFEDIT_SE_IF_region_ROM_end__           = __ICFEDIT_SE_IF_region_ROM_start__ + 0x8FF;
 
/* SBSFU Code region */
__ICFEDIT_SB_region_ROM_start__            = __ICFEDIT_SE_IF_region_ROM_end__ + 0x1;
/* Aligned SE End at the end of the 1st 64Kbytes of flash, MPU protection isolation constraints */
__ICFEDIT_SB_region_ROM_end__              =  0x0801FFFF;

I need sector 2 and 3 for my application, sector 4 is 64kbyte at once, and I need at least two pages for the virtual eeprom emulation. I don't see, why it should not be possible to start at another sector or at least, only the vector table at 0x08000000 and the rest goes to sector 4?

STsch.1 · ‎2022-01-04

I also have trouble here, when I set the vector table to 0x08000000 and the rest of the SBSFU to 0x08010000. I can start a firmware update over UART, but the SBSFU crashed after the start and is then permanently destroyed until I erase and reprogram it. Might there be a problem with the MPU set in the example projects?

Bubbles · ‎2022-01-04

Hi @STsch.1 ,

well you can temporarily disable MPU in the app_sfu.h and see if it works without MPU. If it does, you are another step closer to solution.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

STsch.1 · ‎2022-01-04

Well, I defined SECBOOT_DISABLE_SECURITY_IPS to deactivate all the safety features, still no success. I really don't know what else I could try.

STsch.1 · ‎2022-01-04

I tested now the STM32L152RE example, there I was able to start the SBSFU at 0x08010000, when the vector table is at 0x08000000 (also tested without MPU). Now, I think there is some other settings that needs to be adjusted for each uC type, but I really don't find anything about that.

STsch.1 · ‎2022-01-04

Ok, i could solve it, it works, when I put the application to 0x08040000. I really don't see, why it does not work for 0x08020000, there is nothing else there, that should make complications.

Bubbles · ‎2022-01-04

I'm not sure whether you are still on F7 or it's the L1 now, but I'm glad you managed to make it work.

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

STsch.1 · ‎2022-01-04

I am still on the F722, but I don't get it why it does not work when the app is at 0x08020000, there is nothing in this flash region from the SBSFU and I also tested it on different hardwares to ensure, the flash is ok. Also MPU is disabled. I need to further investigate this.