Hello everyone,
I am working with the STM32H7B3-DK and evaluating the SBSFU package with a dual image slot configuration using SECBOOT_ECCDSA_WITH_AES128_CBC_SHA256. I have a few questions and kindly request your guidance:
Please confirm if we can load sbsfu.bin or sbsfu.out via USART with BOOT0 = 1 and then program UserApp.sfb via the secure bootloader (BOOT0 = 0). Do we need a header bin? If yes, how can we merge only sbsfu.bin and the header bin while excluding UserApp.bin?
With RDP Level 2 set, is it still possible to update UserApp.sfb via USART when BOOT0 = 0?
Can SFU_SECURE_USER_PROTECT_ENABLE be enabled or disabled during development, and can reprogramming still be done via USART or SWD outside development mode?
During development, can we disable all security IPs, load sbsfu_userapp.bin, and later enable protections over USART followed by a power cycle? Is this workflow possible?
If RDP Level 1 is configured, can option bytes and protections (PCROP, secure user area) be reset via ST programmer tool?
Is it possible to debug the UserApp with SBSFU active, both with and without protections? Please suggest a simple method for IAR EWARM.
Could SBSFU protections (e.g., MPU settings) interfere with X-CUBE-CLASSB functional safety tests or RAMECC monitoring, potentially causing failures?
Thank you in advance for your guidance and advice.
@Jocelyn RICARD @Fred @KDJEM.1
