Skip to main content
svii
Associate III
November 26, 2020
Question

Hi i am using nucleo L073Rz board , how do we authenticate a user application bin file flashed in to a board from iap is the correct bin and move on to run.

  • November 26, 2020
  • 3 replies
  • 789 views

The problem is crc used in iap for transferring the bin file is to only check for errors during the transfer process , however i dont want any random bin files to be flashed into the flash or executed from it, only certain signed bin files need to be run .kindly suggest a way or does stm32 already have any inbuilt features while generating the bin file that i could use that i am missing.Thanks in advance.

This topic has been closed for replies.

3 replies

KnarfB
Super User
November 26, 2020
Ozone
Principal
November 26, 2020

Why using bin files ?

Even the old HEX and S19 file formats have per-line CRCs.

My company uses a second-stage BL in most applications that calculates a checksum over the code area, and compares it with one embedded in the code.

But that requires external tools and additional steps in the build process.

The advantage - it is done at every startup, and can catch corruptions.

Tesla DeLorean
Guru
November 26, 2020

The X/Y-MODEM provides for block level CRC, what you minimally want is a longitudinal CRC over the entire image. The STM32 has a 32-bit CRC unit, and this can be used to check a PC side value computed and added to the end of the image. This is a topic area covered many times over the years.

One could perhaps use a SHA-256, or a salted one, for increased integrity. The L083 variant contains a hash unit, but these things can be done in software too.

To provide some protection the loader firmware would need to be locked down, as well as encrypting the image. If you have everything secure, you might also consider elliptic curve signing methods as this would only need a public key on the STM32 side to validate. The software footprint for something like SECP192 is still quite substantial.

Tips, Buy me a coffee, or three.. PayPal Venmo (See Profile) Up vote any posts that you find helpful, it shows what's working..