FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to create signed firmware for STM32U5 MCU?

Go to solution
vijay_03
Associate II

‎2023-05-29 10:24 PM

Hi ST Team,

I am using STM32U575 MCU. I want to create signed binary.

I want to upload signed firmware in MCU and also update only new signed firmware via Native bootloader and want to restrict unknown firmware updates.

  1. How can I create signed firmware for STM32U5 MCU?
  2. Does ST's native bootloader verify signature firmware before updating new firmware or I need to add custom bootloader to restrict unknown firmware updates by verifying signature?
  3. If ST's native bootloader verify signature then when should I need to do configuration for that?

Can you please guide me.

Thanks in advance,

VIJAY.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Jocelyn RICARD
ST Employee

‎2023-06-06 10:36 AM

Hello Vijay,

You will find an example of a secure boot implementing secure firmware update in the STM32CubeFW U5 here:

STM32Cube_FW_U5_V1.2.0\Projects\B-U585I-IOT02A\Applications\SBSFU\

This secureboot is based on open source MCUboot.

ST made an adaptation to STM32U5 to enable hardware secure protections of the device.

It is provided with an example of a secure and non secure applications that will be possibly encrypted and signed. Upon installation, secure boot will check authenticity of the firmware and install it.

What you call native bootloader is probably the bootloader located in system flash allowing download of flashing of firmware in production. This bootloader has no security features implemented, so cannot be used for such purpose.

For your information one of the latest STM32 that is STM32H573 embeds a secureboot in system flash. It is called STiROT for ST immutable Root of Trust.

Best regards

Jocelyn

View solution in original post

0 Kudos
2 REPLIES 2
Go to solution
Jocelyn RICARD
ST Employee

‎2023-06-06 10:36 AM

Hello Vijay,

You will find an example of a secure boot implementing secure firmware update in the STM32CubeFW U5 here:

STM32Cube_FW_U5_V1.2.0\Projects\B-U585I-IOT02A\Applications\SBSFU\

This secureboot is based on open source MCUboot.

ST made an adaptation to STM32U5 to enable hardware secure protections of the device.

It is provided with an example of a secure and non secure applications that will be possibly encrypted and signed. Upon installation, secure boot will check authenticity of the firmware and install it.

What you call native bootloader is probably the bootloader located in system flash allowing download of flashing of firmware in production. This bootloader has no security features implemented, so cannot be used for such purpose.

For your information one of the latest STM32 that is STM32H573 embeds a secureboot in system flash. It is called STiROT for ST immutable Root of Trust.

Best regards

Jocelyn

0 Kudos
Go to solution
Rajan Soma
Associate II
In response to Jocelyn RICARD

‎2023-07-06 03:00 AM

Do we have any document which tells how sTirort works , using its STRSS andOB keys.After that how it hand over to OEMirot

0 Kudos
Top