FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is there a programatic way of retrieving the checksum of the NVM application?

bnguy.1
Associate III

‎2024-02-23 06:48 PM

I have an STM32H745 (Dual Core).. I'd like to verify the integrity of the M7 Core's Flash memory.

Is there any built in way of getting the checksum (perhaps something that St-Link Cube Programmer uses), or is the only way to write my own function?

 

Labels:
0 Kudos
3 REPLIES 3
TDK
Guru

‎2024-02-23 08:37 PM

There is no standard functionality for this. The only way is to write your own function.

If you feel a post has answered your question, please click "Accept as Solution".
0 Kudos
tjaekel
Lead
In response to TDK

‎2024-02-23 10:04 PM

Nothing built in, nothing used on debugger.

You could set some sectors on MCU flash to R/O (to avoid it is overwritten): via debugger you could remove the "write locks" before you program again a new image. But anybody can still do (knowing the "trick").

You can generate a checksum after the BIN/EFL was created. And you can append this checksum to the BIN/ELF file. When you flash it into MCU - the checksum is also stored there.
In order to find the checksum easier (it would be always on a different address): you can decide to store such a cheksum on a reserved and dedicated address location.

But:

  • you have to "patch" your BIN/ELF file (ELF file is potentially very difficult to patch!) in order to write the checksum into file, so that it is also in flash when MCU programmed
  • you have to write a function running in MCU which would check the flash content by calculating the real checksum and compare it with the stored checksum
  • BUT;
    it does not make real sense: anybody is still able to write a new MCU flash content - ripping out all what you had there.
    Or: if somebody modifies a little bit the source code, even he keeps the checksum stuff in place - but this code crashes now, e.g. during startup - you do not have any chance to run a checksum test
  • it is not a guarantee that your flash memory is not corrupted: if a "neutrino flies through your flash memory and flips a bit" - potentially you will realize it by the fact, that your FW does not work anymore as before

What you are potentially looking for is "Trust Zone" support. Check out MCUs with Trust Zone (e.g. STM32U5A5 and others). Or at least, check if you can set "Flash Lock Bits" via debugger (not really "secure": anybody can also remove again the lock bits).

Or: check if MCU has CRC features, e.g. to "protect" memory content via CRC checksums (and ability to correct bit errors). You would enable to use CRC and potentially you can query the MCU internal registers "if there was an CRC error correction needed". But you cannot repair the entire memory: if too many address locations are corrupted - nothing will work anymore as expected.

You are looking for "Trust Zone" and maybe "Tamper Protection": make it impossible that anybody can reflash or even read the flash content ("Secure Flash") or if somebody tries to "break in", e.g. via a debugger, tracing your code, reading your data in memory - you can let erase all data so that an intruder cannot find anything.
Check out the STM32U5x MCUs - they have all these "security" features.

0 Kudos
Pavel A.
Evangelist III

‎2024-02-24 01:23 AM

STM32H7 have a special command in the flash controller that calculates CRC of selected flash range. But IIRC there's some errata rendering it unusable. See HAL_FLASHEx_ComputeCRC

https://github.com/STMicroelectronics/stm32h7xx_hal_driver/blob/a13c7d54ce2a8493b3c2a4ae591953afee1ce5c2/Src/stm32h7xx_hal_flash_ex.c#L700

 

Top