STM32N6 custom boot

Artur5 · ‎2025-05-25

Hi. I need to create my own boot leader that will be able to update itself and the application as well. I don't want to sign this boot leader and the application every time. Is it possible to create a simple FSBL that will be signed and permanently placed in memory and its only task will be to jump to my bootloader, which will not be signed? I don't fully understand this, because in many places you can find information that the application must also be signed, but e.g. the FSBL that is in the examples only does jump to the application (it does not check any signatures or header)

BR

Artur

Julian E. · ‎2025-05-27

Hello @Artur5,

Yes, if the entry point address of your bootloader is always located at the same place (typically, the second 32-bit word in the binary), then the FSBL (First Stage Boot Loader) can jump directly to it without needing to sign the bootloader.

(In this context, the "bootloader" refers to the third binary executed, after the BootROM and the FSBL.)

That said, during analysis, it was found that in some cases the entry point of the bootloader might not be in the usual place. Unfortunately, the specific compilation conditions that lead to this behavior are not well documented.

Have a good day,

Julian

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.