cancel
Showing results for 
Search instead for 
Did you mean: 

How to enable debugging of SECoreBin application

Ikbal
Associate II

Hi,

I tried to execute my custom SBSFU_UserApp.bin on the STM32H7B3I-DK board and I get error for Header signature verification failure in slot SLOT_ACTIVE_1.

I have made changes in se_crypto_bootloader.c file for adding RSA signing verification in place of ECDSA.

I want to debug the changes inside of se_crypto_bootloader.c file of SECoreBin project.

I am using STM32Cube IDE and compiling the applications as per the order mention in the readme file of the STM32H7B3I-DK 1_Image demo project.

Please let me know, what is the debug mechanism for SECoreBin application? How can I enable debug mode of SBSFU Secure Engine application?

Thanks,

Ikbal

1 ACCEPTED SOLUTION

Accepted Solutions
Jocelyn RICARD
ST Employee

Hello @Ikbal​,

Apparently, you are not able to debug properly.

This needs to be fixed first.

As I said:

you need to configure debugger with

Click Add button, select elf file, deselect Perform build and deselect download.

Leave Load symbols and use address 0.

Then when reaching the last call to SE, you will need to step into in assembly mode.

Debugger is not able to step into in C mode.

All code in SE should be displayed

Best regards

Jocelyn

View solution in original post

15 REPLIES 15
Fred
ST Employee

Hi @Ikbal​ ,

SECoreBin does not allow any logging mechanism like PRINTF as this woud increase the attack surface.

Therefore, to debug, you need to go directly with the debugger.

To do so, you need to make sure you did not activate the protections preventing debugger access (like DAP deactivation).

Once this is done, to debug in SECoreBin, you need to be able to move from a first binary (SBSFU) into another binary (SECoreBin).

So, you must load the symbols of this second binary.

If you want to follow the execution flow with the debugger you need to provide the appropriate elf file when needed (in the debug console)

For instance to load the SE_CoreBin symbols in the gdb console:

file C:/Labs/SBSFU/Projects/NUCLEO-L476RG/Applications/2_Images/2_Images_SECoreBin/SW4STM32/STM32L476RG_NUCLEO_2_Images_SECoreBin/Debug/STM32L476RG_NUCLEO_2_Images_SECoreBin.elf
 

Ikbal
Associate II

Hi Fread,

Thanks for the support.

I tried to debug the application as per your suggestions and I am able to debug the application. Here I am attaching the SBSFU and SECoreBin debug configuration in STM32Cube IDE.

0693W00000Uo3goQAB.png 

Now I want to check my custom application. I have made changes in the se_crypto_bootloader.c to add RSA sign verification. I have also change the length of sign in the se_def_metada.h structure.

When I enable the debug and run the application the SBSFU application work fine and asking for loading sfb using YMODEM. I followed the steps and load the UserApp.sfb file but I am getting an error called Fw header authentication error. I have attached the complete tera term log.

= [SBOOT] RuntimeProtections: 0
= [SBOOT] System Security Check successfully passed. Starting...
 
======================================================================
=              (C) COPYRIGHT 2017 STMicroelectronics                 =
=                                                                    =
=              Secure Boot and Secure Firmware Update                =
======================================================================
 
= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
          INFO: A Reboot has been triggered by a Hardware reset!
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: CHECK USER FW STATUS
          No valid FW found in the active slots nor new FW to be installed
          Waiting for the local download to start...
= [SBOOT] STATE: DOWNLOAD NEW USER FIRMWARE
        Fw header authentication error
= [SBOOT] STATE: HANDLE CRITICAL FAILURE
= [SBOOT] STATE: REBOOT STATE MACHINE
========= End of Execution ==========
 
 
= [SBOOT] RuntimeProtections: 0
= [SBOOT] System Security Check successfully passed. Starting...
 
======================================================================
=              (C) COPYRIGHT 2017 STMicroelectronics                 =
=                                                                    =
=              Secure Boot and Secure Firmware Update                =
======================================================================
 
= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
          INFO: A Reboot has been triggered by a Software reset!
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: CHECK USER FW STATUS
          No valid FW found in the active slots nor new FW to be installed
          Waiting for the local download to start...
= [SBOOT] STATE: DOWNLOAD NEW USER FIRMWARE
          File> Transfer> YMODEM> Send

I have tried to debug the error and find that my application is returning SFU_ERROR from SE_ErrorStatus SE_VerifyHeaderSignature(SE_StatusTypeDef *peSE_Status, SE_FwRawHeaderTypeDef *pxFwRawHeader) function of se_interface_bootloader.c file.

After uploading the UserApp.sfb file the debugger stop at the same function and execute the if part and return SFU_ERROR from there. Please correct me if I am doing something incorrect. I am attaching the photo of this section.0693W00000Uo3leQAB.png 

I am unable to understand the reason for this error. Please help to fixed this error.

Thanks & Best Regards,

Ikbal

Jocelyn RICARD
ST Employee

Hello @Ikbal​,

On top of Fred's answer, I could add that you can add this elf file directly in the debugger configuration in the startup tab.

Click Add ... buttong, select elf file, deselect Perform build and deselect download.

Leave Load symbols and use address 0.

You should get things working.

Also, as Fred said, you should disable security protections. You can leave MPU enabled: this allows debugging MPU configuration related issues :)

Best regards

Jocelyn

Ikbal
Associate II

Dear @Jocelyn RICARD​ ,

Thanks for your response.

I would like to restate my problem. I tried to add RSA signing in the STM32H7B3I-DK 1_Image with reference of same original ECC application. I have made changes in se_crypto_bootloader.c for RSA verification using ST crypto lib, change signature length in the structure of se_def_metadat.h and prebuild and postbuild seripts.

I am getting following error when I flash the SBSFU_UserApp.bin to the board. The error log is:

...
= [SBOOT] RuntimeProtections: 0
= [SBOOT] System Security Check successfully passed. Starting...
 
======================================================================
=              (C) COPYRIGHT 2017 STMicroelectronics                 =
=                                                                    =
=              Secure Boot and Secure Firmware Update                =
======================================================================
 
= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
          INFO: A Reboot has been triggered by a Hardware reset!
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: CHECK USER FW STATUS
          A FW is detected in the slot SLOT_ACTIVE_1
= [SBOOT] STATE: VERIFY USER FW SIGNATURE
= [SBOOT] RuntimeProtections: 0
          Header signature verification failure in slot SLOT_ACTIVE_1
          Erasing slot SLOT_ACTIVE_1
= [SBOOT] STATE: HANDLE CRITICAL FAILURE
= [SBOOT] STATE: REBOOT STATE MACHINE
========= End of Execution ==========
 
 
= [SBOOT] RuntimeProtections: 0
= [SBOOT] System Security Check successfully passed. Starting...
 
======================================================================
=              (C) COPYRIGHT 2017 STMicroelectronics                 =
=                                                                    =
=              Secure Boot and Secure Firmware Update                =
======================================================================
 
 
= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
          INFO: A Reboot has been triggered by a Software reset!
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: CHECK USER FW STATUS
          No valid FW found in the active slots nor new FW to be installed
          Waiting for the local download to start...
= [SBOOT] STATE: DOWNLOAD NEW USER FIRMWARE
          File> Transfer> YMODEM> Send ...

As per my understanding, the reason of above error is failed in verification of image header. Please correct me if my understanding is wrong.

To add RSA signing and verification in place of ECDSA. I followed the AN5056 section 7.1 for adding new crypto scheme but with following modifications:.

  1. I have not add a new scheme in the se_crypto_config.h file. I used the same SECBOOT_ECCDSA_WITHOUT_ENCRYPT_SHA256 scheme name and I have made changes in the se_crypto_bootloader.c with RSA API's and other required variables in place of ECDSA API's. As per my understanding the crypto scheme name is checking in many source and header files. If I add a new scheme name I need to add in all those places. This is the reason I am using this method.
  2. I used the same harder structure that SECBOOT_ECCDSA_WITHOUT_ENCRYPT_SHA256 is used. The changes I have done in SE_HEADER_SIGN_LEN with 256 for RSA sign length.

Please let me know if I can live without scheme name as detailed above as it would lots of changes. If name change is a must, please let me know the reason for such change,

Further, in app_sfu.h, I have disables all the protection by enabling SECBOOT_DISABLE_SECURITY_IPS.

Now I want to debug the application to fixed the problem. What is the proper method to debug this. Please support me to fix this error.

Thanks & Best Regards,

Ikbal

Fred
ST Employee

Hi @Ikbal​,

you described clearly what you did on embedded software side, the principle looks fine.

But, did you also update the .sfb preparation scripts ?

By default, our python scripts do not support RSA signing.

So, you may also need to update:

STM32CubeExpansion_SBSFU_V2.6.1\Middlewares\ST\STM32_Secure_Engine\Utilities\KeysAndImages\prepareimage.py

The code is quite generic for the do_sign() but we never tested it with RSA keys.

Ikbal
Associate II

Dear @Fred​ 

I have previously updated the .sfb preparation scripts & STM32CubeExpansion_SBSFU_V2.6.1\Middlewares\ST\STM32_Secure_Engine\Utilities\KeysAndImages\prepareimage.py. The previous posts are with all the above updates done.

As mentioned in previous posts, I am not able to debug the SECoreBin application in which I have made many changes. I need your support to enable me to debug the SECoreBin application.

The debug configuration is detailed below where I tried to enable debugging of SBSFU and SECoreBin application:

.

0693W00000UoARCQA3.png 

Thereafter, I tried to debug the SECoreBin application by in inserting a breakpoint in SE_ErrorStatus SE_CRYPTO_Authenticate_Metadata(SE_FwRawHeaderTypeDef *pxSE_Metadata) function of se_crypto_bootloader.c. I am getting errors detailed below when I load the UserApp.sfb file and resume the debugging.

0693W00000UoAYSQA3.png 

Please let me know:

1) If the configuration is correct

2) If the approach for debugging through breakpoints which are inside SECoreBin as above is correct

3) Any other aspect which I may have missed when debugging SECoreBin

4) Is changing crypto scheme name a must ? :  AN5056 section 7.1 asks for adding new crypto scheme name. However I have not changed name from ECDSA to new crypto scheme as it would be too many changes. I have changed all APIs etc to new crypto scheme.

Thanks & Best Regards,

Ikbal

Jocelyn RICARD
ST Employee

Hello @Ikbal​,

Apparently, you are not able to debug properly.

This needs to be fixed first.

As I said:

you need to configure debugger with

Click Add button, select elf file, deselect Perform build and deselect download.

Leave Load symbols and use address 0.

Then when reaching the last call to SE, you will need to step into in assembly mode.

Debugger is not able to step into in C mode.

All code in SE should be displayed

Best regards

Jocelyn

Hello,

Similarly, I am trying to debug the SECoreBin but am unable to step through it even after setting the 'Startup' tab similarly in the debug configuration. Stepping through in instruction mode does not help the issue. Are there any other configurations that need to be made to get this to work?

Specifically, I'm trying to debug within the callgate, is this even possible?