cancel
Showing results for 
Search instead for 
Did you mean: 

Clarification on SBSFU Use

Richard Lowe
Senior III
Posted on May 12, 2018 at 19:55

Secure Boot and Secure Firmware Update is just awesome. Very excited to use it. However, for whatever reason, the process of setting up and practical usage of it is quite confusing.

I've loaded the demo application(s) into Atollic and found that nothing works to the degree that the application notes explain. Have the ''Hands on'' workshop but found it more of a ''load the demo.... see it works'' but little in the way of explanation.

I've been using

http://www.st.com/content/ccc/resource/technical/document/user_manual/group0/33/ee/5b/6b/c7/43/44/3e/DM00414687/files/DM00414687.pdf/jcr:content/translations/en.DM00414687.pdf

 as the only reference. 0690X0000060KcbQAE.png

This should be clear but it isn't.

Here is my understanding:

  1. Start a project that will be the ''SECoreBin''. It has no main and is compiled as a object file that will be used in the next step.
  2. Start another project that is the SBSFU and it will use the object file from step &sharp1, it also does not have an entry point so it is also compiled as an object file.
  3. ? User app create..... Isn't the user application part of the project? Is the only way to load the user application is through the SFU process?

What I'm looking for is some clarification and ideally some more detailed instructions on how the project workflow is setup.

#secure-boot #secure-update #update #sbsfu
6 REPLIES 6
Richard Lowe
Senior III
Posted on May 29, 2018 at 01:57

Example, here is the entire 'Step by Step' software installation instructions:

5.2

Software setup

This section lists the minimum requirements for the developer to setup the SDK, run the

sample scenario, and customize applications.

5.2.1

Development toolchains and compilers

Select one of the Integrated Development Environments supported by the STM32Cube

Expansion Package.

Take into account the system requirements and setup information provided by the selected

IDE provider.

With instructions like that, who needs the forums.

Tim Campbell
Associate II
Posted on June 04, 2018 at 11:39

Hi Richard

We as well as the Getting Started doc, we followed readme.txt  files in the source and were able to build everything using IAR, and got the demo to work on a Nucleo L476RG demo board.

The user app is a separate project because the post-build steps create an encrypted and signed binary which only your bootloader can receive and de-crypt. It's a really nice system and will be very useful to us when it is fully developed.

We found that user apps that were not correctly encrypted would be send OK but did not run - the failure was silent, so it was difficult to see if SBSFU was working correctly.   We discovered it was, but an error message on decrypt failure would help us.

Also we are struggling to port the whole a package to another board, but I suspect we will be able to fix this with a bit more work and time.

Tim

Richard Lowe
Senior III
Posted on June 04, 2018 at 14:59

I've ported it over to Atollic without too much stress. The difficult part for me was the lack of detail in pre-compile / post-compile commands. Inclusion of what directories and which libraries. Had to dig through the .project files to find those details.

Right now my roadblock is converting the .bat file into a respectable .sh file. Doing development on Windows is becoming more and more of a pain and less of a luxury.

thompi
Associate

I also find myself lost in the example code (which works great). But there's literally no information about how to set up your own project, creating uC dependent SECoreBins and SBSFU. I could setup a project with CubeMX, but what comes next? How do I set up the necessary projects to create uC dependent SECoreBin and SBSFU? I would be so much more helpful if ST described the way how to use the software, and not only how to run a small demo.

Jaanda
Associate II

SBSFU is the actual bootloader application and not just an object file. After building the SECoreBin you can build the SBSFU and load it into the controller using stlink. When u build the user app project u may notice that there is a merged binary which is also created that is a combined binary of SBSFU,SECoreBin and the User App. U may flash(stlink utility) this to flash both bootloader and app in one go(e.g. during production).

Dimi
Associate III

Hello guys, as far as I understand you are (trying to use or) using the reference ST secure bootloader from SBSFU, is this correct?

It seems the situation you were in 5 months ago is the same today for STM32H7, there is a big missing piece of BPS+Documentation surrounding RSS needed for secure bootloader on the H7.