cancel
Showing results for 
Search instead for 
Did you mean: 

Firmware with SBSFU bootloader with SFI at manufacturing

h_adi
Associate

Hi,

I am doing feasibility on SBSFU bootloader on STM32H753ZI. Currently in our firmware we are planning to have a custom bootloader based on SBSFU for secure boot and update. But I came across SFI feature from ST to ensure protection at the manufacturing end.
1. Is it possible to use SFI package if we are using SBSFU as bootloader? Because I found SFI uses RSS bootloader(system bootloader) whereas SBSU is loaded from flash.
2. Is it mandatory to have an external flash if we want to use SFI, Can it work with just internal flash?
I am relatively new to this area. Kindly provide support.  

1 ACCEPTED SOLUTION

Accepted Solutions
STea
ST Employee

Hello @h_adi,
The Secure Firmware Installation solution, available on STM32L4, STM32H5, STM32H7, STM32L5, STM32U5, STM32WBA, and STM32WL microcontrollers, provides protection when devices are being programmed for the first time.so it has no links with the SBSFU which provides runtime Secuity at boot and update.
where the Secure Boot ensures the integrity and authenticity of the application firmware that runs inside a device.
Secure Firmware Update allows you to authenticate and verify the integrity of the required field updates.

two implementation schemes

  • X-CUBE-SBSFU, implementing the SBSFU mechanisms: easily set up all STM32 memory-protection mechanisms to isolate Secure Boot and Firmware Update functions from the main application. A reference implementation of ST's secure element, STSAFE, which maximizes the security level of the final application, is included. STM32L4 implementation also offers secure storage.
  • TFM_SBSFU, implementing the same mechanisms on devices loaded with TF-M (Trusted Firmware-M), and delivered with STM32Cube packages.

More on this could be found in this STM32Trust - STMicroelectronics and you can also check this Wiki pages to get a better understanding of this tow solutions:
-Security:SFI - stm32mcu

-Security:Introduction to Secure boot and Secure firmware update - stm32mcu

Regards

 

 

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

View solution in original post

1 REPLY 1
STea
ST Employee

Hello @h_adi,
The Secure Firmware Installation solution, available on STM32L4, STM32H5, STM32H7, STM32L5, STM32U5, STM32WBA, and STM32WL microcontrollers, provides protection when devices are being programmed for the first time.so it has no links with the SBSFU which provides runtime Secuity at boot and update.
where the Secure Boot ensures the integrity and authenticity of the application firmware that runs inside a device.
Secure Firmware Update allows you to authenticate and verify the integrity of the required field updates.

two implementation schemes

  • X-CUBE-SBSFU, implementing the SBSFU mechanisms: easily set up all STM32 memory-protection mechanisms to isolate Secure Boot and Firmware Update functions from the main application. A reference implementation of ST's secure element, STSAFE, which maximizes the security level of the final application, is included. STM32L4 implementation also offers secure storage.
  • TFM_SBSFU, implementing the same mechanisms on devices loaded with TF-M (Trusted Firmware-M), and delivered with STM32Cube packages.

More on this could be found in this STM32Trust - STMicroelectronics and you can also check this Wiki pages to get a better understanding of this tow solutions:
-Security:SFI - stm32mcu

-Security:Introduction to Secure boot and Secure firmware update - stm32mcu

Regards

 

 

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.