Continuous reset loop with SBSFU on STM32L4R9. Reset always happens right at the moment the secure engine is called.

NAhme.2 · ‎2021-05-20

When the Secure Engine Call (inside SE_Init() function) is called in this line:

e_ret_status = (*SE_CallGatePtr)(SE_INIT_ID, peSE_Status, primask_bit, uSystemCoreClock);

(which is between a SE_EnterSecureMode and SE_ExitSecureMode).

The MCU resets at this point, the reset happens continuously (reset loop) always at this line. The code executed until after SE_EnterSecureMode(&primask_bit); is called. I have added TRACE calls to check this.

Here is the problem area:

/* Enter Secure Mode */
  TRACE("\r\n= [SE_Init] SE_EnterSecureMode...");
  SE_EnterSecureMode(&primask_bit);
 
  /* Secure Engine Call */
  TRACE("\r\n= [SE_Init] (*SE_CallGatePtr)..."); //RESET HAPPENS BELOW:
  e_ret_status = (*SE_CallGatePtr)(SE_INIT_ID, peSE_Status, primask_bit, uSystemCoreClock);
  TRACE("\r\n= [SE_Init] (*SE_CallGatePtr) done");
 
  /* Exit Secure Mode */
  TRACE("\r\n= [SE_Init] SE_ExitSecureMode...");
  SE_ExitSecureMode(primask_bit);

I have setup all other paramters correctly for STM32L4R9 following AN5056 section 3 (Porting X-CUBE-SBSFU to another board) and have made appropriate memory mapping changes for Secure Engine, SBSFU, Download Area, Active Image defined flash sections. Also the SE RAM1 sections. As per errata, I have defined SE firewall protected RAM1 to be under maximum 128KB (instead of 192KB) - actually just 4KB.

I have also seen this issue and applied the recommendation, to no success:

https://community.st.com/s/question/0D50X0000ADEGfr/firewall-reset-when-accessing-unprotected-sram1-memory-stm32l4r9

I have no idea what is happening. I'm not even sure it's the firewall spurious reset. I disabled SFU_FWALL_PROTECT_ENABLE define and the same issue persists. Also if it was an actual firewall (or other reset) I would get the TRACE printout telling me that. This is just a inexplicable reset.

Any help is appreciated. It's a complete showstopper with SBSFU.

Jocelyn RICARD · ‎2021-07-01

Hello,

On STM32L4 the regression is easy to perform thanks to RDP0 => RDP1 => RDP0.

For you information firewall is not activated through option bytes.

But you are right it is always necessary to check the security configuration when you are doing a porting.

Best regards

Jocelyn

przemyslaw jakobczak · ‎2024-05-10

I've the same problem.I've implemented on my own board (MCU STM32WLE5CCU6) bootloader SBSFU from example 'STM32Cube_FW_WL_V1.3.0\NUCLEO-WL55JC\BFU_1_Slot'. Everything works ok.In my own aplication i must change download channel from usart to by radio FSK. Because of handling radio i must change linker scripts in bootloader apping_fwimg.ld, mapping_sbsfu.ld). I must resize section SBSFU Code Region to bigger. I've changed 'SB_region_ROM_end' from value 0x0800CFFF to 0x08013FFF. Also i must changed following regions: KMS_DataStorage_start = 0x08014000;KMS_DataStorage_end = 0x08015FFF;SLOT_Blob_Dwl_1_start = 0x08016000; SLOT_Blob_Dwl_1_end = 0x080167FF;SLOT_Active_1_start = 0x08016800; SLOT_Active_1_end = 0x0803FFFF. After compiled and runned code i have always the same problem. When the Secure Engine Call (inside SE_Init() function) is called in this line:

e_ret_status = (*SE_CallGatePtr)(SE_INIT_ID, peSE_Status, primask_bit, uSystemCoreClock); (which is between a SE_EnterSecureMode and SE_ExitSecureMode).

The MCU resets at this point, the reset happens continuously (reset loop) always at this line.

In bootloader i disabled all security Ips by SECBOT_DISABLE_SECURITY_IPS. To increase SBSFU code, i changed linker scripts. Beside this i must something yet change?

I suspect this error that i crossed area 64kB (0x10000) for SE code + SBSFU (end KMS_DataStorage_end = 0x08015FFF).Can i change SBSFU Code region above 0x08010000 ?