2022-05-11 02:25 AM
I am using the SBSFU project for OTA.
I have linked my UserApp successfully with SBSFU projects and firmware up-gradation is working fine when FIREWALL protection is disabled.
I am using the STM32L4 series controller and am aware of L4 series firewall-related issues.
So I want to know how I can use firewall protection only for Flash by disabling firewall protection for SRAM1.
The datasheet mentioned that if we pass length 0 of Volatile data segment (SRAM1) and VDS = 1 then protection is disabled for SRAM1 but I am still getting firewall reset.
How can I bypass SRAM1 firewall protection?
Solved! Go to Solution.
2022-05-13 04:31 AM
Hi @Brajp.1
OK, this part is impacted by the limitation of the firewall.
SBSFU provides a working setup with L5S5 chip.
Reason why you want to disable firewall on SRAM is because you need SRAM1 for your application I guess.
As far as I remember when investigating this issue, removing SRAM but keeping RO area (which protects header), didn't solve the issue but I can't be 100% sure. At least you can try also removing this RO part. This will reduce the security level again but only from remote attack.
Best regards
Jocelyn
2022-05-12 08:07 AM
Hi @Brajp.1 ,
once the firewall was set up, you cannot disable it. What you can try to do is to modify the initialization code to not involve SRAM in protection.
BR,
J
To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
2022-05-12 09:53 PM
I have tried that before enabling the firewall, I have passed size 0 of SRAM1 and also configured VDS as 1 (EXECUTABLE) and VDE as 1 (SHARED) but still, I am getting firewall reset.
Can you tell me is there any other parameter I have to set or reset?
2022-05-13 02:58 AM
Hello @Brajp.1 ,
which L4 part are you using ?
Best regards
Jocelyn
2022-05-13 03:18 AM
2022-05-13 04:31 AM
Hi @Brajp.1
OK, this part is impacted by the limitation of the firewall.
SBSFU provides a working setup with L5S5 chip.
Reason why you want to disable firewall on SRAM is because you need SRAM1 for your application I guess.
As far as I remember when investigating this issue, removing SRAM but keeping RO area (which protects header), didn't solve the issue but I can't be 100% sure. At least you can try also removing this RO part. This will reduce the security level again but only from remote attack.
Best regards
Jocelyn
2022-05-16 01:16 AM
Thanks for the answer.
I have tried what you suggested and removed the RO part too, but I am still getting firewall reset.
2022-05-17 06:40 AM
Hello @Brajp.1 ,
OK. Did you start from L4S5 example ?
Basically, from what point did you start and what did you change ?
Also, could you locate at which point this reset occurs?
It the SBSFU working when you deactivate firewall?
Best regards
Jocelyn
2022-05-17 11:27 PM
@Jocelyn RICARD
Yes, I have started from L4S5.
SBSFU is working fine without enabling firewall protection.
So after enabling firewall protection I have tried to disable SRAM1 protection but I am getting firewall reset when SBSFU is trying to check User application status.
I am getting reset from here:
SFU_IMG_CheckPendingInstallation -> CheckTrailerValid -> CheckTrailerMagic
2022-05-20 10:41 AM
Hello @Benjamin Rainey ,
I made a test with SBSFU\V2.6.0\Projects\B-L475E-IOT01A\Applications\2_Images\
Making only following change:
FWALL_InitStruct.VDataSegmentStartAddress = 0; // SFU_PROTECT_FWALL_VDATA_ADDR_START;
FWALL_InitStruct.VDataSegmentLength = 0; // SFU_PROTECT_FWALL_VDATA_SIZE;
(and removing the following check just to make test easier).
I don't get any reset. I made a firmware update without issue.
Best regards
Jocelyn