FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to integrate SBSFU on an STM32G0 custom board

SAAD_ELF
Associate

‎2024-07-30 05:36 AM

Hello,

I'm willing to use the SBSFU in order to securely update the firmware on a custom board using an STM32G0 MCU.

The example used in the MOOC with the simpleAPP is confusing, using the script to patch SBSFU with user code was straightforward and without details, i couldn't adapt it to my application.

What is the best way to integrate my own code on the SBSFU ?

Shall i edit the code in the UserAPP and add the code that i want to be executed on the board in the main function of the UserApp ?  

Shall i edit the script to merge the SBSFU with my code ?  How ? what should be changed in the script ?

Thanks,

 

Labels:
0 Kudos
1 REPLY 1
CMYL
ST Employee

‎2024-08-16 08:21 AM

Hi @SAAD_ELF 

you need to download X-CUBE-SBSFU expansion package is available in the following link. It gives an example of implementation for nucleo boards based on STM32G031 and STM32G071. 

X-CUBE-SBSFU - Secure boot & secure firmware update software expansion for STM32Cube - STMicroelectronics

To integrate your own code with the SBSFU on a custom board using an STM32G0 MCU, you can follow these steps:

1. Integrate Your Code into UserApp

Yes, you should edit the code in the UserApp and add the code that you want to be executed on the board in the main function of the UserApp. Here’s a step-by-step guide:

  1. Locate the UserApp Folder: The UserApp should be integrated into the SBSFU/SBSFU_Appli/NonSecure folder. This folder contains a simple user application example[ref 1, page 10].

  2. Modify the Main Function: Open the main function of the UserApp and add your custom code. This is where you can place the logic that you want to be executed on the board.

2. Configure the Script for Merging SBSFU with Your Code

If you need to edit the script to merge the SBSFU with your code, follow these steps:

  1. Modify the IDE Configuration: Ensure that the IDE configuration includes the necessary symbols and settings for your custom board. 

  2. Update the Script: The script used to patch SBSFU with user code should be updated to reflect the changes in your application. Here are some key points to consider:

    • Firmware Version: Ensure that the firmware version is correctly set in the firmware header generated with the postbuild.bat script[ ref 3].
    • Validation: Define the ENABLE_IMAGE_STATE_HANDLING compilation switch in SECoreBin, SBSFU, and UserApp IDE configuration. Ensure that the user application calls the running service SE_APP_Validate(slot_id) to validate the firmware image[Ref3, page 45].

Example of Script Changes

Here is an example of what you might need to change in the script:


# Example of postbuild.bat script modifications (bash script)

# Set the firmware version
set FW_VERSION=5

# Merge SBSFU with UserApp
merge_tool --sbsfu SBSFU.bin --userapp UserApp.bin --output MergedFirmware.bin

# Validate the firmware image
validate_tool --input MergedFirmware.bin --output ValidatedFirmware.bin

 

By following these steps, you should be able to integrate your own code with the SBSFU on your custom board using an STM32G0 MCU. For more details, refer to:

[ref 1] AN5447 page 10 " Overview of Secure Boot and Secure Firmware Update solution on Arm® TrustZone® STM32 microcontrollers"

[ ref 2] UM2262 "Getting started with SBSFU - software expansion for STM32Cube" available from the
STMicroelectronics microcontroller website www.st.com.

[ref 3] AN5056, page 9, Integration guide for the X-CUBE-SBSFU STM32Cube Expansion Package

 

Best Regards,

Younes

0 Kudos
Top