2024-07-30 05:36 AM
Hello,
I'm willing to use the SBSFU in order to securely update the firmware on a custom board using an STM32G0 MCU.
The example used in the MOOC with the simpleAPP is confusing, using the script to patch SBSFU with user code was straightforward and without details, i couldn't adapt it to my application.
What is the best way to integrate my own code on the SBSFU ?
Shall i edit the code in the UserAPP and add the code that i want to be executed on the board in the main function of the UserApp ?
Shall i edit the script to merge the SBSFU with my code ? How ? what should be changed in the script ?
Thanks,
2024-08-16 08:21 AM
Hi @SAAD_ELF
you need to download X-CUBE-SBSFU expansion package is available in the following link. It gives an example of implementation for nucleo boards based on STM32G031 and STM32G071.
To integrate your own code with the SBSFU on a custom board using an STM32G0 MCU, you can follow these steps:
Yes, you should edit the code in the UserApp and add the code that you want to be executed on the board in the main function of the UserApp. Here’s a step-by-step guide:
Locate the UserApp Folder: The UserApp should be integrated into the SBSFU/SBSFU_Appli/NonSecure
folder. This folder contains a simple user application example[ref 1, page 10].
Modify the Main Function: Open the main function of the UserApp and add your custom code. This is where you can place the logic that you want to be executed on the board.
If you need to edit the script to merge the SBSFU with your code, follow these steps:
Modify the IDE Configuration: Ensure that the IDE configuration includes the necessary symbols and settings for your custom board.
Update the Script: The script used to patch SBSFU with user code should be updated to reflect the changes in your application. Here are some key points to consider:
postbuild.bat
script[ ref 3].ENABLE_IMAGE_STATE_HANDLING
compilation switch in SECoreBin
, SBSFU
, and UserApp
IDE configuration. Ensure that the user application calls the running service SE_APP_Validate(slot_id)
to validate the firmware image[Ref3, page 45].Here is an example of what you might need to change in the script:
# Example of postbuild.bat script modifications (bash script)
# Set the firmware version
set FW_VERSION=5
# Merge SBSFU with UserApp
merge_tool --sbsfu SBSFU.bin --userapp UserApp.bin --output MergedFirmware.bin
# Validate the firmware image
validate_tool --input MergedFirmware.bin --output ValidatedFirmware.bin
By following these steps, you should be able to integrate your own code with the SBSFU on your custom board using an STM32G0 MCU. For more details, refer to:
[ref 1] AN5447 page 10 " Overview of Secure Boot and Secure Firmware Update solution on Arm® TrustZone® STM32 microcontrollers"
[ ref 2] UM2262 "Getting started with SBSFU - software expansion for STM32Cube" available from the
STMicroelectronics microcontroller website www.st.com.
[ref 3] AN5056, page 9, Integration guide for the X-CUBE-SBSFU STM32Cube Expansion Package
Best Regards,
Younes