FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How code in internal flash of STM32U5 can be protected from copying, if it is stored decrypted?

VTver.1
Associate III

‎2023-05-08 11:31 AM

Flash writing procedure has just finished. The next step, anyone can assume, is verification, that code has been written correctly, which involves reading the flashed memory. At this stage, if I trace the API calls, which Cube tool does to perform flash reading. Does this mean I can copy the firmware without having vendor keys? Please point me at which step I'm wrong.

0 Kudos
25 REPLIES 25
VTver.1
Associate III
In response to Pavel A.

‎2023-05-11 08:11 AM

Thank you @Pavel A.​ and @Jocelyn RICARD​ for your answers. They make more clear picture now, that code is verified on the chip, without initiating read operation from Cube tool on PC (Please correct me, if I'm wrong). But @Pavel A.​ concern seems to be actual: what will happen, if SFI is delayed or interrupted because of other reason, than reset? In this case decrypted flash remains open.

And if at untrusted site, we want to upgrade the firmware again, as soon as we boot from RSS with RDP set to 0.5 or above the flash gets erased?

0 Kudos
Jocelyn RICARD
ST Employee
In response to Pavel A.

‎2023-05-11 09:24 AM

Hi @VTver.1​,

The SFI is made to be robust. So, you will not be able to extract anything.

If you interrupt by any way the SFI process, you end up with a device that is erased.

Best regards

Jocelyn

0 Kudos
VTver.1
Associate III

‎2023-05-11 09:32 AM

Thank you @Jocelyn RICARD​, The erase will occur in case and after next reset? The device itself will be erased, that is clear, but before the reset, the firmware remains open and could be read from PC side? And please confirm my 2nd question about the next version software update:

And if at untrusted site, we want to upgrade the firmware again, as soon as we boot from RSS with RDP set to 0.5 or above the flash gets erased?

0 Kudos
Jocelyn RICARD
ST Employee

‎2023-05-11 09:39 AM

Hello @VTver.1​ ,

As I said, the process is secured. You cannot connect to a device that is running SFI. JTAG is disabled.

Once you have finished SFI, the firmware is installed an secure.

If you want to install another version of the firmware, you need to have a secure boot in your firmware that will install this new version of the application. SFI will not be involved anymore.

Best regards,

Jocelyn

0 Kudos
VTver.1
Associate III

‎2023-05-11 09:50 AM

Thank you @Jocelyn RICARD​. The SFI can be performed only once? Any version upgrade on external site can't be performed with it?

Then what I need to do, to get firmware protected/erased during following version update? Will it be erased automatically, if I boot from RSS?

0 Kudos
Jocelyn RICARD
ST Employee

‎2023-05-11 01:01 PM

Hello @VTver.1​ ,

Yes SFI can be performed only once when used for production.

SFI means Secure Firmware Install. Its purpose to secure the installation of the first version of your firmware in factory.

When you use such tool, this means that you want to make sure the content of your firmware will not leak. This means you will enable security features of the STM32 so that firmware content cannot be extracted on the field.

If you want to have update capability you need a secure boot and secure firmware update application running after reset that will take care of it.

You have lot of material available on this subject. Please check STM32Trust page on st.com.

Best regards

Jocelyn

0 Kudos
Top