FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32 Bootloader: FAA DO-178 Certification?

Go to solution
Niramas
Associate II

‎2025-04-24 1:16 PM - last edited on ‎2025-04-29 9:52 AM by

Is the internal bootloader on the STM32H723 DO-178 certified?   It just dawned on me that the whole line of CPUs might be disqualified for aircraft use because the bootloader code "flies" with the aircraft and all such code must be certified to the level declared by the system (DAL levels A-D).   Do you have avionics customers that use these?  Can the bootloader be erased?

Regards,

Mark

Labels:
0 Kudos
17 REPLIES 17
Go to solution
Niramas
Associate II
In response to Pavel A.

‎2025-04-28 11:02 AM

No Pavel, that is completely incorrect.   I am addressing embedded avionics equipment that is most certainly connected to the avionics system.  Your PC is not DO-178 avionics software.   This whole dioscussion is based on using an STM32 in avionics systems.

0 Kudos
Go to solution
Karl Yamashita
Principal
In response to Niramas

‎2025-04-28 12:12 PM

The bootloader is never activated or accessed unless you physically boot it into bootloader mode.

Like @Pavel A. said, it's passive. You have the option to write your own bootloader and get it certified.

Don't worry, I won't byte.
TimerCallback tutorial! | UART and DMA Idle tutorial!

If you find my solution useful, please click the Accept as Solution so others see the solution.
0 Kudos
Go to solution
Pavel A.
Evangelist III

‎2025-04-29 1:22 AM

Then, pity. The STM32 is removed from flight ((

 

0 Kudos
Go to solution
Niramas
Associate II
In response to Karl Yamashita

‎2025-04-29 8:10 AM

If it's there it can be executed and therefore subject to certification criteria.  The FAA doesn't F-around when it comes to safety-critical systems.

0 Kudos
Go to solution
Karl Yamashita
Principal
In response to Niramas

‎2025-04-29 9:15 AM

Sounds like it would be a hardware design issue if the FAA can physically get the built bootloader to run, unless they do a hardware modification to do so. 

Would you trust the FAA to certify code versus accidently getting the bootloader to run? They can't even manage the airspace without planes nearly colliding into each other, or helicopter mishaps. 

Don't worry, I won't byte.
TimerCallback tutorial! | UART and DMA Idle tutorial!

If you find my solution useful, please click the Accept as Solution so others see the solution.
0 Kudos
Go to solution
Niramas
Associate II
In response to Karl Yamashita

‎2025-04-29 10:20 AM

Hi Karl,

Thank you for trying to help but you need some DO-178 experience to ask relevant questions on this subject.

Regards,

Mark

0 Kudos
Go to solution
Karl Yamashita
Principal
In response to Niramas

‎2025-04-29 10:35 AM

And yet, you're the OP asking question on the matter. 

Don't worry, I won't byte.
TimerCallback tutorial! | UART and DMA Idle tutorial!

If you find my solution useful, please click the Accept as Solution so others see the solution.
0 Kudos
Go to solution
Niramas
Associate II
In response to Karl Yamashita

‎2025-04-29 2:12 PM

What's your point?  I was asking if it was pre-certified?

0 Kudos
Top