2024-06-03 04:54 AM - edited 2024-06-04 11:14 PM
Hi,
I am doing feasibility on SBSFU bootloader on STM32H753ZI. Currently in our firmware we are planning to have a custom bootloader based on SBSFU for secure boot and update. But I came across SFI feature from ST to ensure protection at the manufacturing end.
1. Is it possible to use SFI package if we are using SBSFU as bootloader? Because I found SFI uses RSS bootloader(system bootloader) whereas SBSU is loaded from flash.
2. Is it mandatory to have an external flash if we want to use SFI, Can it work with just internal flash?
I am relatively new to this area. Kindly provide support.
Solved! Go to Solution.
2024-06-05 08:17 AM
Hello @h_adi,
The Secure Firmware Installation solution, available on STM32L4, STM32H5, STM32H7, STM32L5, STM32U5, STM32WBA, and STM32WL microcontrollers, provides protection when devices are being programmed for the first time.so it has no links with the SBSFU which provides runtime Secuity at boot and update.
where the Secure Boot ensures the integrity and authenticity of the application firmware that runs inside a device.
Secure Firmware Update allows you to authenticate and verify the integrity of the required field updates.
two implementation schemes
More on this could be found in this STM32Trust - STMicroelectronics and you can also check this Wiki pages to get a better understanding of this tow solutions:
-Security:SFI - stm32mcu
-Security:Introduction to Secure boot and Secure firmware update - stm32mcu
Regards
2024-06-05 08:17 AM
Hello @h_adi,
The Secure Firmware Installation solution, available on STM32L4, STM32H5, STM32H7, STM32L5, STM32U5, STM32WBA, and STM32WL microcontrollers, provides protection when devices are being programmed for the first time.so it has no links with the SBSFU which provides runtime Secuity at boot and update.
where the Secure Boot ensures the integrity and authenticity of the application firmware that runs inside a device.
Secure Firmware Update allows you to authenticate and verify the integrity of the required field updates.
two implementation schemes
More on this could be found in this STM32Trust - STMicroelectronics and you can also check this Wiki pages to get a better understanding of this tow solutions:
-Security:SFI - stm32mcu
-Security:Introduction to Secure boot and Secure firmware update - stm32mcu
Regards