Flashing SBSFU combined binary to STM32H755 with STM32_Programmer_CLI

tstokes · ‎2025-09-04

I am trying to write a .bat script to reliably flash my combined sbsfu and application binary to a stm32h755.

set cube_programmer_cli="C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\STM32_Programmer_CLI.exe"
set fw_bin="combined_sbsfu_cm7_cm4.bin"
set fw_base=0x08000000

if not exist %fw_bin% (
    echo Firmware binary not found. Exiting
    exit /b)

if not exist %cube_programmer_cli% (
    echo Cube Programmer CLI not found. Exiting
    exit /b)

@REM Load the combined binary
echo Installing combined_sbsfu_cm7_cm4.bin
%cube_programmer_cli% -c port=SWD -w %fw_bin% %fw_base%

%cube_programmer_cli% -c port=SWD -ob displ

echo Setting option bytes...

echo Setting WRP protection...
@REM Ensures the bootloader application is under write protection
@REM 0 is protected, 1 is unprotected
%cube_programmer_cli% -c port=SWD -ob nWRP0=0

echo Disabling CM4 boot and SWAP_BANK...
@REM Swap bank is unset by default but it is explicitly checked in the bootloader so disabled here
%cube_programmer_cli% -c port=SWD -ob BCM4=0x0 SWAP_BANK=0x0

echo Setting PCROP protection...
@REM Protect the keys from readout over SWD
@REM 0x08000600                        __ICFEDIT_SE_Key_region_ROM_start__ = (__ICFEDIT_SE_CallGate_region_ROM_end__ + 0x1)
@REM 0x080008ff                        __ICFEDIT_SE_Key_region_ROM_end__ = (__ICFEDIT_SE_Key_region_ROM_start__ + 0x2ff)
%cube_programmer_cli% -c port=SWD -ob PROT_AREA_START1=0x06 PROT_AREA_END1=0x08

@REM Only enable under final secure lock this is the point of no return
echo Setting the secure user memory area...
@REM 0x800000000....#0x080203FF
%cube_programmer_cli% -c port=SWD -ob SEC_AREA_START1=0x000 SEC_AREA_END1=0x203 SECURITY=0x01 RDP=0xCC

%cube_programmer_cli% -c port=SWD -g %fw_base%

@REM Wait 15 seconds
echo Please wait 15 seconds for the changes to take effect. Don't touch anything!
timeout /t 15

echo Installation complete. Please power cycle the device.
exit /b

The first attempt does not appear to be reliable, I've had some boards remain available on JTAG after I've run this script against them. It's not clear what state they are in.

For my second attempt, I am wondering if the option bytes should be written in one go

set cube_programmer_cli="C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\STM32_Programmer_CLI.exe"
set fw_bin="combined_sbsfu_cm7_cm4.bin"
set fw_base=0x08000000

if not exist %fw_bin% (
    echo Firmware binary not found. Exiting
    exit /b)

if not exist %cube_programmer_cli% (
    echo Cube Programmer CLI not found. Exiting
    exit /b)

@REM Load the combined binary
echo Installing combined_sbsfu_cm7_cm4.bin
%cube_programmer_cli% -c port=SWD -w %fw_bin% %fw_base%

%cube_programmer_cli% -c port=SWD -ob displ

echo Setting option bytes...

echo Setting WRP protection...
@REM Ensures the bootloader application is under write protection
@REM 0 is protected, 1 is unprotected
%cube_programmer_cli% -c port=SWD ^
    -ob nWRP0=0 ^
    BCM4=0x0 ^
    SWAP_BANK=0x0 ^
    PROT_AREA_START1=0x06 ^
    PROT_AREA_END1=0x08 ^
    SEC_AREA_START1=0x000 ^
    SEC_AREA_END1=0x203 ^
    SECURITY=0x01 ^
    RDP=0xCC ^
    SEC_AREA_START1=0x000 ^
    SEC_AREA_END1=0x203 ^
    SECURITY=0x01 ^
    RDP=0xCC

%cube_programmer_cli% -c port=SWD -g %fw_base%

@REM Wait 15 seconds
echo Please wait 15 seconds for the changes to take effect. Don't touch anything!
timeout /t 15

echo Installation complete. Please power cycle the device.
exit /b

Given the cost of locking hardware I'd like some community input on this process before I move ahead with it.

Has anyone succesfully written a similar script or found a reliable sequence of operations to get the firmware flashed and the option bytes set?

tstokes · ‎2025-09-11

My current theory is to try to get a one-liner together under reset so that the chip is held throughout the setup process.

I attempted the below but I've lost the connection from presumably after the security bit has been set.

%cube_programmer_cli% -c port=SWD mode=UR ^
        -w %fw_bin% %fw_base% ^
        -ob nWRP0=0 ^
        -ob SWAP_BANK=0x0 ^
        -ob PROT_AREA_START1=0x06 ^
        -ob PROT_AREA_END1=0x08 ^
        -ob DMEP1=0x1 ^
        -ob SECURITY=0x01 ^
        -ob SEC_AREA_START1=0x000 ^
        -ob SEC_AREA_END1=0x203 ^
        -ob RDP=0xBB

      -------------------------------------------------------------------
                       STM32CubeProgrammer v2.17.0
      -------------------------------------------------------------------

ST-LINK SN  : 0036002A3234511133353533
ST-LINK FW  : V3J5M2
Board       : NUCLEO-H755ZI-Q
Voltage     : 3.29V
SWD freq    : 8000 KHz
Connect mode: Under Reset
Reset mode  : Hardware reset
Device ID   : 0x450
Revision ID : Rev V
Device name : STM32H7xx
Flash size  : 2 MBytes
Device type : MCU
Device CPU  : Cortex-M7/M4
BL Version  : 0x91



Memory Programming ...
Opening and parsing file: SBSFU_UserApp.bin
  File          : SBSFU_UserApp.bin
  Size          : 150.84 KB
  Address       : 0x08000000


Erasing memory corresponding to segment 0:
Erasing internal memory sectors [0 1]
Download in Progress:
██████████████████████████████████████████████████ 100%

File download complete
Time elapsed during download operation: 00:00:01.176

UPLOADING OPTION BYTES DATA ...

  Bank          : 0x00
  Address       : 0x5200201c
  Size          : 308 Bytes

██████████████████████████████████████████████████ 100%


PROGRAMMING OPTION BYTES AREA ...
Warning: Option Byte: nwrp0, value: 0x0, was not modified.

Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.008

PROGRAMMING OPTION BYTES AREA ...
Warning: Option Byte: swap_bank, value: 0x0, was not modified.

Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.003

PROGRAMMING OPTION BYTES AREA ...
Warning: Option Byte: prot_area_start1, value: 0x6, was not modified.

Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.002

PROGRAMMING OPTION BYTES AREA ...
Warning: Option Byte: prot_area_end1, value: 0x8, was not modified.

Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.002

PROGRAMMING OPTION BYTES AREA ...
Warning: Option Byte: dmep1, value: 0x1, was not modified.

Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.002

PROGRAMMING OPTION BYTES AREA ...

  Bank          : 0x00
  Address       : 0x5200201c
  Size          : 308 Bytes

██████████████████████████████████████████████████ 100%

UPLOADING OPTION BYTES DATA ...

  Bank          : 0x00
  Address       : 0x5200201c
  Size          : 308 Bytes

██████████████████████████████████████████████████ 100%

OPTION BYTE PROGRAMMING VERIFICATION:
  Address       : 0x5200201c
  Size          : 308 Bytes

██████████████████████████████████████████████████ 100%

UPLOADING OPTION BYTES DATA ...

  Bank          : 0x00
  Address       : 0x5200201c
  Size          : 308 Bytes

▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
Error: Uploading Option Bytes bank: 0 failed
Error: Reloading Option Bytes Data failed

Error: Database: There's no active configuration for this device. All the 8 configurations are disabled!
Time elapsed during option Bytes configuration: 00:00:03.257

Jocelyn RICARD · ‎2025-09-12

Hello @tstokes ,

Setting the secure area on STM32H7 is not easy. I have never tried using the programmer to do that, as this is too risky.

You are using SBSFU so, you can enable the flag SFU_SECURE_USER_PROTECT_ENABLE

Also, I never had the opportunity to check this in SBSFU but used this as a base to write my own code that I already shared somewhere in the forum.

You can see how this is done in SFU_LL_SECU_SetProtectionSecUser

It first sets the SECURITY bit, resets and then sets the secure area by calling SFU_LL_RSS->resetAndInitializeSecureAreas

In order to be sure, I would first comment out the actual calls and check exactly what is done using the traces, especially if you have changed the mapping.

If this looks good (start address and size) then uncomment the calls and make if work.

Make sure that you disable the #define SFU_DAP_PROTECT_ENABLE to be able to regain access to the board with JTAG if you want to be able to regress the board.

Best regards

Jocelyn

tstokes · ‎2025-09-15

Hi @Jocelyn RICARD

Thank you for you responding. It is much appreciated.

I've been trying to follow the production workflow in section 4.4 of AN5056.
My understanding was that the preferred workflow was to disable SECBOOT_OB_DEV_MODE and set all option bytes via cube programmer. Your answer seems to suggest things are a little more nuanced than that.

Looking at SFU_LL_SECU_SetProtectionSecUser I also see that this function only sets the security bit when SECBOOT_OB_DEV_MODE is not defined.

So what would your proposed split be? BCM, PROT_AREA and SWAP_BANK seem easy enough to set via programmer. Should I then leave Security and RDP to be configured via SBSFU?

What is the disadvantage defining SECBOOT_OB_DEV_MODE and allowing SBSFU to set all the option bytes to secure itself? (assuming we run the firmware when we program it so the board is not left unsecured for any period of time)

Many thanks,

Toby

Edit 1: How can we configure SECURITY Mode for STM32H753 - STMicroelectronics Community
I've read @Fred's comments here which suggest SECBOOT_OB_DEV_MODE is more about preferred approach than development vs production.

tstokes · ‎2025-09-18

I've enabled everything except RDP Level 2 and reinstated OB_DEV_MODE. I've lost debug access to the board but I have the following on the UART. It appears either we are not reading the option bytes correctly or the writing of the security bit is failing.

The fact I've lost debug access suggests the bit may be set. That suggests to me that it's a read error.

= [SBOOT] SECURITY bit not set !
         Security bit set.
= [SBOOT] SecArea.size: 132096 SecArea.addr:8000000 - RESET
= [SBOOT] SECURITY bit not set !
         Security bit set.
= [SBOOT] SecArea.size: 132096 SecArea.addr:8000000 - RESET
= [SBOOT] SECURITY bit not set !
         Security bit set.
= [SBOOT] SecArea.size: 132096 SecArea.addr:8000000 - RESET
= [SBOOT] SECURITY bit not set !
         Security bit set.
= [SBOOT] SecArea.size: 132096 SecArea.addr:8000000 - RESET
= [SBOOT] SECURITY bit not set !
         Security bit set.
= [SBOOT] SecArea.size: 132096 SecArea.addr:8000000 - RESET

Jocelyn RICARD · ‎2025-09-18

Hello @tstokes ,

Yes OB_DEV_MODE is mostly used even for production because it simplifies the option bytes setup.

Did you make sure that SFU_DAP_PROTECT_ENABLE was disabled ?

You try to attach in hotplug but if reset is permanent it will probably not work.

Also you could try setting BOOT0 pin to VDD.

In any case this trace is strange. This is like the SBSFU couldn't write the OB. Are you sure you have a STM32H755 on your board an not a STMEZH745 ?

Best regards

Jocelyn

tstokes · ‎2025-09-19

Hi @Jocelyn RICARD

Yes, the board is a nucleo_h755ZI-Q and the markings confirm we are on the right chip as well.

Yes, DAP_PROTECT_ENABLE was commented out for the build. I've attempted hot plug and boot0 to vdd. This is why I'm on nucleos and not our production boards.

I started from the H753 example that comes with SBSFU and didn't really change much: the power suppply was switched from LDO to SMPS. I added some more trace statements and I removed the disabling of the UART Clock for visibility. app_sfu.h has commented SECBOOT_DISABLE_SECURITY_IPS DAP_PROTECT and the IWDG_Protect. SFU_SECURE_USER_PROTECT_ENABLE is enabled and RDP level is one.

One thing I have noticed looking back at the diff is that I made this change as recommended in the AN5056 section 3.3. Of course the app note assumes the option bytes are set externally which I'm moving away from now.

-  if ((psFlashOptionBytes->USERConfig & OB_SWAP_BANK_ENABLE) == OB_SWAP_BANK_DISABLE)
+  if (((psFlashOptionBytes->USERConfig & OB_SWAP_BANK_ENABLE) == OB_SWAP_BANK_DISABLE)  //Swap Not Configured
+      && ((psFlashOptionBytes->USERConfig & FLASH_OPTSR_BCM4) == 0x0))                  //CM4 Core disabled

However, I don't think this is the issue as the error messages are not from this code path. Unless there is something in the setting of the security bit that requires BCM4 to be unset. (There is no firmware loaded at the default CM4 boot address).