How to disable SRAM1 firewall protection?

Brajp.1 · ‎2022-05-11

I am using the SBSFU project for OTA.

I have linked my UserApp successfully with SBSFU projects and firmware up-gradation is working fine when FIREWALL protection is disabled.

I am using the STM32L4 series controller and am aware of L4 series firewall-related issues.

So I want to know how I can use firewall protection only for Flash by disabling firewall protection for SRAM1.

The datasheet mentioned that if we pass length 0 of Volatile data segment (SRAM1) and VDS = 1 then protection is disabled for SRAM1 but I am still getting firewall reset.

How can I bypass SRAM1 firewall protection?

Jocelyn RICARD · ‎2022-05-13

Hi @Brajp.1

OK, this part is impacted by the limitation of the firewall.

SBSFU provides a working setup with L5S5 chip.

Reason why you want to disable firewall on SRAM is because you need SRAM1 for your application I guess.

As far as I remember when investigating this issue, removing SRAM but keeping RO area (which protects header), didn't solve the issue but I can't be 100% sure. At least you can try also removing this RO part. This will reduce the security level again but only from remote attack.

Best regards

Jocelyn

View solution in original post

Bubbles · ‎2022-05-12

Hi @Brajp.1 ,

once the firewall was set up, you cannot disable it. What you can try to do is to modify the initialization code to not involve SRAM in protection.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Brajp.1 · ‎2022-05-12

I have tried that before enabling the firewall, I have passed size 0 of SRAM1 and also configured VDS as 1 (EXECUTABLE) and VDE as 1 (SHARED) but still, I am getting firewall reset.

Can you tell me is there any other parameter I have to set or reset?

Jocelyn RICARD · ‎2022-05-13

Hello @Brajp.1 ,

which L4 part are you using ?

Best regards

Jocelyn

Brajp.1 · ‎2022-05-13

STM32L4S7VIT6

Jocelyn RICARD · ‎2022-05-13

Hi @Brajp.1

OK, this part is impacted by the limitation of the firewall.

SBSFU provides a working setup with L5S5 chip.

Reason why you want to disable firewall on SRAM is because you need SRAM1 for your application I guess.

As far as I remember when investigating this issue, removing SRAM but keeping RO area (which protects header), didn't solve the issue but I can't be 100% sure. At least you can try also removing this RO part. This will reduce the security level again but only from remote attack.

Best regards

Jocelyn

Brajp.1 · ‎2022-05-16

Thanks for the answer.

I have tried what you suggested and removed the RO part too, but I am still getting firewall reset.

Jocelyn RICARD · ‎2022-05-17

Hello @Brajp.1 ,

OK. Did you start from L4S5 example ?

Basically, from what point did you start and what did you change ?

Also, could you locate at which point this reset occurs?

It the SBSFU working when you deactivate firewall?

Best regards

Jocelyn

Brajp.1 · ‎2022-05-17

@Jocelyn RICARD

Yes, I have started from L4S5.

SBSFU is working fine without enabling firewall protection.

So after enabling firewall protection I have tried to disable SRAM1 protection but I am getting firewall reset when SBSFU is trying to check User application status.

I am getting reset from here:

SFU_IMG_CheckPendingInstallation -> CheckTrailerValid -> CheckTrailerMagic

Jocelyn RICARD · ‎2022-05-20

Hello @Benjamin Rainey ,

I made a test with SBSFU\V2.6.0\Projects\B-L475E-IOT01A\Applications\2_Images\

Making only following change:

FWALL_InitStruct.VDataSegmentStartAddress = 0; // SFU_PROTECT_FWALL_VDATA_ADDR_START;

FWALL_InitStruct.VDataSegmentLength = 0; // SFU_PROTECT_FWALL_VDATA_SIZE;

(and removing the following check just to make test easier).

I don't get any reset. I made a firmware update without issue.

Best regards

Jocelyn