NUCLEO-H563ZI_OEMiROT_Boot Example

mjurjevic · ‎2024-06-11

Hi,

I'm trying to integrate MCUBoot into an existing STM32CubeIDE project. As I wasn't sure where to start, I've found an example in STM32CubeIDE for NUCLEO-H563ZI.
After generating the project, I've tried building it but I've got errors related to missing "common.h" header in most of source files under Middlewares/mbed-crypto/*. Is this an overlook in example code or am I supposed to add it?

Then I've tried adding blank "common.h" file just to resolve these errors which worked but then I'm getting a lot of "undefined reference to mbedtls_*" functions. I've attached full build logs.
Same questions as above, am I supposed to provide these functions or there's missing sources in example?

BR,

Marin

Florian LR · ‎2024-06-12

@mjurjevic ,

Ok I see, while I'm investigating on why the library is not automatically copied in this folder, you can still have a project working with one of these solutions :

- Copy the missing files from the STM32Cube_FW_H5_V1.2.0\Middlewares\Third_Party\mbed-crypto\library in your project Middlewares\Third_Party\mbed-crypto\library (the STM32Cube_FW_H5_V1.2.0 is by default located in C:\Users\**yourID**\STM32Cube\Repository\).

- Include the path STM32Cube_FW_H5_V1.2.0\Middlewares\Third_Party\mbed-crypto\library in the project (Properties->C/C++ General->Paths and Symbols).

- Or the simple solution, just open the project from STM32Cube_FW_H5_V1.1.1\Projects\NUCLEO-H563ZI\Applications\ROT\OEMiROT_Boot\STM32CubeIDE.

I hope this will help,

Best Regards,
Florian LR

View solution in original post

Florian LR · ‎2024-06-11

Hi @mjurjevic and welcome to the STCommunity,

Which STM32CubeFW version are you using ?

The example is not supposed to have any missing files when you build it from the CubeFW. Did you copy paste the example out of the CubeFW? The file common.h is located under \Middlewares\Third_Party\mbed-crypto\library, and that path is supposed to be included in the project.

Now regarding the OEMiROT example, and the way it works, you can refer to the related wiki pages which describes the configurations needed in different use cases, this could help you for your integration :
OEMiRoT STM32H5 How to Introduction

How to start with OEMiRoT on STM32H573

I hope this will help you,
Best Regards,

Florian LR

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

mjurjevic · ‎2024-06-12

Hi Florian,

I'm using STM32CubeIDE:
Version: 1.15.1
Build: 21094_20240412_1041 (UTC)

STM32Cube_FW_H5_V1.2.0

I created project from STM32CubeIDE through File > New > STM32 Project

I don't see the common.h in the path you mentioned:

> l Middlewares/Third_Party/mbed-crypto/library 
total 932K
drwxr-xr-x 2 marin marin 4.0K Jun 11 13:16 .
drwxr-xr-x 4 marin marin 4.0K Jun 11 13:16 ..
-rw-r--r-- 1 marin marin  78K Jun 11 13:26 aes.c
-rw-r--r-- 1 marin marin  32K May 17 14:27 aesni.c
-rw-r--r-- 1 marin marin  12K Jun 11 13:26 asn1parse.c
-rw-r--r-- 1 marin marin  88K May 17 14:27 bignum.c
-rw-r--r-- 1 marin marin 3.0K May 17 14:27 bignum_internal.h
-rw-r--r-- 1 marin marin  55K May 17 14:27 cipher.c
-rw-r--r-- 1 marin marin  59K May 17 14:27 cipher_wrap.c
-rw-r--r-- 1 marin marin  28K May 17 14:27 constant_time.c
-rw-r--r-- 1 marin marin  14K May 17 14:27 constant_time_internal.h
-rw-r--r-- 1 marin marin 1.2K May 17 14:27 constant_time_invasive.h
-rw-r--r-- 1 marin marin  29K May 17 14:27 ctr_drbg.c
-rw-r--r-- 1 marin marin  23K May 17 14:27 ecdh.c
-rw-r--r-- 1 marin marin  34K May 17 14:27 ecdsa.c
-rw-r--r-- 1 marin marin 118K May 17 14:27 ecp.c
-rw-r--r-- 1 marin marin  60K May 17 14:27 ecp_curves.c
-rw-r--r-- 1 marin marin 2.5K May 17 14:27 ecp_invasive.h
-rw-r--r-- 1 marin marin  21K May 17 14:27 entropy.c
-rw-r--r-- 1 marin marin 7.3K May 17 14:27 entropy_poll.c
-rw-r--r-- 1 marin marin 4.1K May 17 14:27 hkdf.c
-rw-r--r-- 1 marin marin 8.9K May 17 14:27 md2.c
-rw-r--r-- 1 marin marin  13K May 17 14:27 md4.c
-rw-r--r-- 1 marin marin  14K May 17 14:27 md5.c
-rw-r--r-- 1 marin marin  24K May 17 14:27 md.c
-rw-r--r-- 1 marin marin  19K May 17 14:27 memory_buffer_alloc.c
-rw-r--r-- 1 marin marin  11K May 17 14:27 platform.c
-rw-r--r-- 1 marin marin 4.4K May 17 14:27 platform_util.c
-rw-r--r-- 1 marin marin  81K May 17 14:27 rsa.c
-rw-r--r-- 1 marin marin  14K May 17 14:27 rsa_internal.c
-rw-r--r-- 1 marin marin  17K May 17 14:27 sha256.c

Florian LR · ‎2024-06-12

@mjurjevic ,

Ok I see, while I'm investigating on why the library is not automatically copied in this folder, you can still have a project working with one of these solutions :

- Copy the missing files from the STM32Cube_FW_H5_V1.2.0\Middlewares\Third_Party\mbed-crypto\library in your project Middlewares\Third_Party\mbed-crypto\library (the STM32Cube_FW_H5_V1.2.0 is by default located in C:\Users\**yourID**\STM32Cube\Repository\).

- Include the path STM32Cube_FW_H5_V1.2.0\Middlewares\Third_Party\mbed-crypto\library in the project (Properties->C/C++ General->Paths and Symbols).

- Or the simple solution, just open the project from STM32Cube_FW_H5_V1.1.1\Projects\NUCLEO-H563ZI\Applications\ROT\OEMiROT_Boot\STM32CubeIDE.

I hope this will help,

Best Regards,
Florian LR

mjurjevic · ‎2024-06-12

I was able to open project from filesystem as your last point suggested. Note that I've encountered issue with postbuild.sh script not being executable by default so I had to change that.

After that project builds fine. I'm now looking at Debug/ folder to see compiled binaries.
I see there is NUCLEO-H563ZI_OEMiROT_Boot.bin and elf, does this contain merged application and bootloader?
How would I go around building separate mcuboot binary and application binary?

BR

Florian LR · ‎2024-06-12

This project provides an OEMiROT example. OEMiROT boot path performs authenticity and the integrity checks of the project firmware and data images.

To ease the development process, a prebuild command and postbuild command are integrated in the project. The prebuild command is in charge of preparing the OEMiROT_Boot scatter file according to flash layout description. The postbuild command is in charge of preparing the provisioning scripts and the application image (firmware application managed by OEMiROT) configuration files in ROT_Provisioning/OEMiROT folder, according to the flash layout and OEMiROT configuration.

For a better understanding on how to add your own application, and how to generate the corresponding images, please refer to the wiki pages I linked you before :

OEMiRoT STM32H5 How to Introduction

How to start with OEMiRoT on STM32H573 and 563

You will find an introduction on the way the OEMiROT works and a step by step example on how to build the application and boot to provision your device.

Best Regards,

Florian

mjurjevic · ‎2024-06-13

Are there step by step for STM32CubeIDE? I see IAR Embedded Workbench listed as requirement but no mention of STM32CubeIDE

Florian LR · ‎2024-06-13

It's the same step by step for STM32CubeIDE. In fact, you only open the IDE to compile the projects to be able to use them, but it follows the same steps. Further in the step by step there is slight modifications in the main.c file, but nothing you can't do easily in STM32CubeIDE.

In the step by step they go to parameters only to check if the MCU is recognized, but you can find that information in the STM32CubeIDE parameters too.

The only difference is that you will need to open the projects located under the folders named STM32CubeIDE and not EWARM.

Best Regards,

Florian

mjurjevic · ‎2024-06-14

I see in documentation differentiation between data and code images. What is the purpose of this?

In flash_layout.h of OEMiROT_Boot example data images are set to 0 meaning they're not used.

/* Flash layout configuration : begin ****************************************/
#define MCUBOOT_OVERWRITE_ONLY     /* Defined: the FW installation uses overwrite method.
                                      UnDefined: The FW installation uses swap mode. */

#define MCUBOOT_EXT_LOADER         /* Defined: Use system bootloader (in system flash).
                                               To enter it, press user button at reset.
                                      Undefined: Do not use system bootloader. */

#define MCUBOOT_APP_IMAGE_NUMBER 2 /* 1: S and NS application binaries are assembled in one single image.
                                      2: Two separated images for S and NS application binaries. */

#define MCUBOOT_S_DATA_IMAGE_NUMBER 0   /* 1: S data image for S application.
                                           0: No S data image. */

#define MCUBOOT_NS_DATA_IMAGE_NUMBER 0  /* 1: NS data image for NS application.
                                           0: No NS data image. */

Also I'm still struggling to understand where is mcuboot positioned in this setup? Is it the second stage bootloader?
Can it be used without OEMiROT?