FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hi i am using nucleo L073Rz board , how do we authenticate a user application bin file flashed in to a board from iap is the correct bin and move on to run.

svii
Associate III

‎2020-11-25 08:39 PM

The problem is crc used in iap for transferring the bin file is to only check for errors during the transfer process , however i dont want any random bin files to be flashed into the flash or executed from it, only certain signed bin files need to be run .kindly suggest a way or does stm32 already have any inbuilt features while generating the bin file that i could use that i am missing.Thanks in advance.

Labels:
0 Kudos
3 REPLIES 3
KnarfB
Principal III

‎2020-11-25 11:04 PM

You may check the tables in https://www.st.com/content/st_com/en/stm32trust.html and look at https://www.st.com/en/embedded-software/x-cube-sbsfu.html

0 Kudos
Ozone
Lead II

‎2020-11-26 12:01 AM

Why using bin files ?

Even the old HEX and S19 file formats have per-line CRCs.

My company uses a second-stage BL in most applications that calculates a checksum over the code area, and compares it with one embedded in the code.

But that requires external tools and additional steps in the build process.

The advantage - it is done at every startup, and can catch corruptions.

0 Kudos
Tesla DeLorean
Guru

‎2020-11-26 06:51 AM

The X/Y-MODEM provides for block level CRC, what you minimally want is a longitudinal CRC over the entire image. The STM32 has a 32-bit CRC unit, and this can be used to check a PC side value computed and added to the end of the image. This is a topic area covered many times over the years.

One could perhaps use a SHA-256, or a salted one, for increased integrity. The L083 variant contains a hash unit, but these things can be done in software too.

To provide some protection the loader firmware would need to be locked down, as well as encrypting the image. If you have everything secure, you might also consider elliptic curve signing methods as this would only need a public key on the STM32 side to validate. The software footprint for something like SECP192 is still quite substantial.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
0 Kudos
Top