FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FW Signature check error due to hash mismatch

DenysK
Visitor

‎2025-09-30 8:36 AM

Hello @Jocelyn RICARD ,

I’m integrating SBSFU v2.7.0 on an STM32WB55 to enable secure OTA firmware updates. I’m hitting a problem where the runtime hash verification fails: the hash computed by SBSFU at boot does not match the hash in the image header, so the image is erased.

I dump the decrypted bytes in RAM (before programming) over LPUART and convert them to a binary for comparison with the build output. Assuming the dump/conversion are correct, the streams match up to ~60 KiB, then diverge consistently until the end of the file. This suggests the symmetric key is correct and the early pipeline is fine, but later bytes are corrupted before or during the decrypt-in-place / program sequence.

Here is how printing every decrypted chunk within DecryptImageInPlace function:

DenysK_0-1759246389237.png

For context, I'm using:

  • Internal MCU flash

  • Single-bank (no swap/rollback)

  • OTA via ST BLE Sensor app

  • Protections temporarily disabled for debugging; verbose logs enabled

What works

  • Ran 1_Image example on NUCLEO-WB55RG successfully.

  • Adapted UserApp example (UART tweak) to our board and performed an encrypted update successfully with the example image.

Integration steps for our app

  • Replaced ST’s UserApp with our project.

  • Added required includes and post-build script.

  • Reused the example linker, adjusted heap/stack, added a shared RAM section for both cores, and ensured the output is padded to a multiple of 16 bytes (AES block size).

  • Did not change SLOT_Active_1 layout (app is much smaller).

  • Set the vector table via mapping_export.h (VTOR at 0x08016200).

  • Built SECoreBin + SBSFU + our UserApp successfully.

  • Full chip erase; provisioned symmetric key; flashed SBSFU.elf.

  • Performed OTA update → FW signature check error.

  • Ensured the hash, firmware size and initialisation vector populated in the header by the scripts match the header fields in memory after loading the firmware.
  • Checked for gaps in memory using the .elf file, to prove loadable regions are address-contiguous.

The post below mentions corruption could happen if the data cache is enabled when the MPU protection is enabled. In my case, I have disabled all protections and also tried to disable cashing (not sure whether it was done correctly) but no success in solving this issue.  

stm32 - Issues in SBSFU usage with MPU for a FreeRTOS based User Application - STM32H7 - Electrical Engineering Stack Exchange

Many thanks for your guidance. I can share dumps or run any diagnostic you recommend.

 

 

Labels:
0 Kudos
0 REPLIES 0
Top