2023-05-08 11:31 AM
Flash writing procedure has just finished. The next step, anyone can assume, is verification, that code has been written correctly, which involves reading the flashed memory. At this stage, if I trace the API calls, which Cube tool does to perform flash reading. Does this mean I can copy the firmware without having vendor keys? Please point me at which step I'm wrong.
2023-05-11 08:11 AM
Thank you @Pavel A. and @Jocelyn RICARD for your answers. They make more clear picture now, that code is verified on the chip, without initiating read operation from Cube tool on PC (Please correct me, if I'm wrong). But @Pavel A. concern seems to be actual: what will happen, if SFI is delayed or interrupted because of other reason, than reset? In this case decrypted flash remains open.
And if at untrusted site, we want to upgrade the firmware again, as soon as we boot from RSS with RDP set to 0.5 or above the flash gets erased?
2023-05-11 09:24 AM
Hi @VTver.1,
The SFI is made to be robust. So, you will not be able to extract anything.
If you interrupt by any way the SFI process, you end up with a device that is erased.
Best regards
Jocelyn
2023-05-11 09:32 AM
Thank you @Jocelyn RICARD, The erase will occur in case and after next reset? The device itself will be erased, that is clear, but before the reset, the firmware remains open and could be read from PC side? And please confirm my 2nd question about the next version software update:
And if at untrusted site, we want to upgrade the firmware again, as soon as we boot from RSS with RDP set to 0.5 or above the flash gets erased?
2023-05-11 09:39 AM
Hello @VTver.1 ,
As I said, the process is secured. You cannot connect to a device that is running SFI. JTAG is disabled.
Once you have finished SFI, the firmware is installed an secure.
If you want to install another version of the firmware, you need to have a secure boot in your firmware that will install this new version of the application. SFI will not be involved anymore.
Best regards,
Jocelyn
2023-05-11 09:50 AM
Thank you @Jocelyn RICARD. The SFI can be performed only once? Any version upgrade on external site can't be performed with it?
Then what I need to do, to get firmware protected/erased during following version update? Will it be erased automatically, if I boot from RSS?
2023-05-11 01:01 PM
Hello @VTver.1 ,
Yes SFI can be performed only once when used for production.
SFI means Secure Firmware Install. Its purpose to secure the installation of the first version of your firmware in factory.
When you use such tool, this means that you want to make sure the content of your firmware will not leak. This means you will enable security features of the STM32 so that firmware content cannot be extracted on the field.
If you want to have update capability you need a secure boot and secure firmware update application running after reset that will take care of it.
You have lot of material available on this subject. Please check STM32Trust page on st.com.
Best regards
Jocelyn