cancel
Showing results for 
Search instead for 
Did you mean: 

Adding SBSFU_BOOT to Your STM32 Project

Istillaga
Senior

Hello,

I have created my own program using TrustZone and I want to add the SBSFU_BOOT project to it. How can I do this?

1 ACCEPTED SOLUTION

Accepted Solutions
Jocelyn RICARD
ST Employee

Hello @Istillaga,

There are slight differences between the project example provided with SBSFU_Boot and a "standard" secure/non secure project generated by STM32CubeMX.

For instance, examples uses a startup file written in C instead of assembly.

So, you may need to replace this assembly file by the c file.

As a general point the example provided with SBSFU_Boot is the reference that will help you.

The main point is the linker file.

Either you reuse same linker file as in the example. In that case you need to adapt your project to be able to include this  "region_defs.h" file (you can find how this is done in example)

Other possibility is to manually change your linker file with hardcoded addresses but this may lead to issue when you decide to change the mapping.

Finally, you will need to add the postbuild command to generate the signed images. Here this is copy paste of commands.

I hope this will help

Best regards

Jocelyn


 

View solution in original post

2 REPLIES 2
Imen.D
ST Employee

Hello @Istillaga ,

The secure boot solution on STM32U5 is based on MCUBoot. 

You will find the ready-to-use SBSFU_Boot application, which is available within STM32CubeU5 package : 

STM32CubeU5/Projects/B-U585I-IOT02A/Applications/SBSFU/SBSFU_Boot at main · STMicroelectronics/STM32CubeU5 · GitHub

This project is used to generate the SBSFU_Boot binary file. The core function of this application relies on the MCUBoot middleware, the trusted firmware (TFM) middleware (only Boot Loader stage 2 part) and the mbed-crypto middleware.

I advise you to follow the instructions in the SBSFU readme file.

For more details, please refer to the following resources:

  • AN5447: Overview of Secure Boot and Secure Firmware Update solution on Arm® TrustZone® STM32 microcontrollers
  • UM2851: Getting started with STM32CubeU5 TFM application that provides many details on the secure boot solution (apart from TFM)
When your question is answered, please close this topic by clicking "Accept as Solution".
Thanks
Imen
Jocelyn RICARD
ST Employee

Hello @Istillaga,

There are slight differences between the project example provided with SBSFU_Boot and a "standard" secure/non secure project generated by STM32CubeMX.

For instance, examples uses a startup file written in C instead of assembly.

So, you may need to replace this assembly file by the c file.

As a general point the example provided with SBSFU_Boot is the reference that will help you.

The main point is the linker file.

Either you reuse same linker file as in the example. In that case you need to adapt your project to be able to include this  "region_defs.h" file (you can find how this is done in example)

Other possibility is to manually change your linker file with hardcoded addresses but this may lead to issue when you decide to change the mapping.

Finally, you will need to add the postbuild command to generate the signed images. Here this is copy paste of commands.

I hope this will help

Best regards

Jocelyn