Hard fault after enable MPU protection

hw310404 · ‎2023-09-22

Porting SBSFU 2.6.2 to STM32G0B1CEU6 (512K FLASH and 144K RAM) based on Nucleo-G071RB example.

See the history of my previous Solved: SBSFU 2.6.2 firmware swapping issue - STMicroelectronics Community

After I solved the firmware swapping issue, I went on and test all the other security features. All are good until I turned

SFU_MPU_PROTECT_ENABLE on. Now I have hard fault as below:

 @7:8000000 size:e sub:c0 perm:5 exec:0
 @6:20000000 size:b sub:0 perm:1 exec:1
 @5:20000000 size:10 sub:0 perm:3 exec:1
 @4:8010000 size:a sub:0 perm:1 exec:1
 @3:8000000 size:f sub:0 perm:6 exec:0
 @2:8000000 size:12 sub:0 perm:3 exec:1
 @0:40000000 size:1c sub:0 perm:3 exec:1
 @1:40021000 size:9 sub:0 perm:1 exec:1


= [SBOOT] RuntimeProtections: 100
= [SBOOT] System Security Check successfully passed. Starting...


======================================================================
=              (C) COPYRIGHT 2017 STMicroelectronics                 =
=                                                                    =
=              Secure Boot and Secure Firmware Update                =
======================================================================


= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
          INFO: A Reboot has been triggered by a Software reset!
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: CHECK USER FW STATUS
          SLOT_ACTIVE_1 state = 1
          A FW is detected in the slot SLOT_ACTIVE_1
= [SBOOT] STATE: VERIFY USER FW SIGNATURE
          Hard fault
========= End of Execution ==========

The changes I did are just in stu_low_level_security.h to define the MPU region.

Changed region 2 (flash) from MPU_REGION_SIZE_128KB 0x00U to MPU_REGION_SIZE_512KB 0x00U

Changed region 5 (sram) from MPU_REGION_SIZE_64KB 0xE0 to MPU_REGION_SIZE_128KB 0x00U

All the rest of the settings looks good to me. Is there anything else I need to consider before I can use MPU function on a dual bank memory MCU?

@Jocelyn RICARD @Bubbles or anyone else who can point me to the right direction will be much appreciated!

Bubbles · ‎2023-09-25

Hi @hw310404,

When everything works without the MPU, you should check the linker file input and the map file output and align the MPU settings accordingly. It's difficult to be more specific.

There are generally 2 sets of MPU configuration. One active during secure boot and the second is engaged after boot, for the application to run. Maybe you only modified the SB part and not the runtime settings.

Regarding the dual bank, the MPU is feature of the core and doesn't care about split in banks.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

hw310404 · ‎2023-09-25

Thanks @Bubbles .

There are generally 2 sets of MPU configuration. One active during secure boot and the second is engaged after boot, for the application to run. Maybe you only modified the SB part and not the runtime settings.

I guess this could be the root cause of the issue. Hard fault occurred while calling SFU_LL_SECU_CheckApplyRuntimeProtections(SFU_THIRD_CONFIGURATION).

However, I can only find first and second configuration defined in 'sfu_low_level_security.h` file. Will have another look to see where and how SFU_THIRD_CONFIGURATION is defined.

Bubbles · ‎2023-09-26

Hi @hw310404,

the functionality you are looking for is all in sfu_low_level_security.c

The protections are applied in SFU_LL_SECU_SetProtectionMPU, and if you enable "SFU_VERBOSE_DEBUG_MODE" define, you'll see exactly which one failed.

MPU areas structures used in the function start around line 100 in the same file.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

hw310404 · ‎2023-09-26

Thanks for the reply. @Bubbles

I know the protection is done in SFU_LL_SECU_SetProtectionMPU and I can see the first and second configuration defined in sfu_low_level_security.h. The issue is I don't know is how and where the third configuration (SFU_THIRD_CONFIGURATION) is defined.

The log you've seen in the first thread is with SFU_VERBOSE_DEBUG_MODE enabled.

Still trying to understand how the third MPU configuration work. It gets applied in

SFU_BOOT_SM_VerifyUserFwSignature, I just can't tell what configuration is defined for it so I can modify it based on the MCU I am using.

hw310404 · ‎2023-11-08

@Bubbles Get back to this topic now. Looks like MPU is working at start up, I can see the following:

 @7:8000000 size:e sub:c0 perm:5 exec:0
 @6:20000000 size:b sub:0 perm:1 exec:1
 @5:20000000 size:11 sub:e0 perm:3 exec:1
 @4:8010000 size:a sub:0 perm:1 exec:1
 @3:8000000 size:f sub:0 perm:6 exec:0
 @2:8000000 size:12 sub:0 perm:3 exec:1
 @0:40000000 size:1c sub:0 perm:3 exec:1
 @1:40021000 size:9 sub:0 perm:1 exec:1

and sbsfu starts without any issue, "Hard fault" happened after I upload UserApp and before installing it. See below:

= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
          INFO: A Reboot has been triggered by a Software reset!
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: CHECK USER FW STATUS
          New Fw to be installed from slot SLOT_DWL_1
= [SBOOT] STATE: INSTALL NEW USER FIRMWARE
          Hard fault
========= End of Execution ==========

Any suggestions?

Since I have HDP working on this chip, how much will I lose if disable MPU?

Bubbles · ‎2023-11-29

Hi @hw310404,

first, MPU is dynamic protection, it gets reconfigured once or twice depending on each particular SBSFU setup, during execution.

second, while HDP is protecting the boot code in user flash very well, the MPU is also capable of protecting SRAM and registers.

The two protections have some overlap, but mostly it's a case of both being complement to each other.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.