How to integrate SBSFU on an STM32G0 custom board
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2024-07-30 5:36 AM
Hello,
I'm willing to use the SBSFU in order to securely update the firmware on a custom board using an STM32G0 MCU.
The example used in the MOOC with the simpleAPP is confusing, using the script to patch SBSFU with user code was straightforward and without details, i couldn't adapt it to my application.
What is the best way to integrate my own code on the SBSFU ?
Shall i edit the code in the UserAPP and add the code that i want to be executed on the board in the main function of the UserApp ?
Shall i edit the script to merge the SBSFU with my code ? How ? what should be changed in the script ?
Thanks,
- Labels:
-
SBSFU
-
STM32 Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2024-08-16 8:21 AM
Hi @SAAD_ELF
you need to download X-CUBE-SBSFU expansion package is available in the following link. It gives an example of implementation for nucleo boards based on STM32G031 and STM32G071.
To integrate your own code with the SBSFU on a custom board using an STM32G0 MCU, you can follow these steps:
1. Integrate Your Code into UserApp
Yes, you should edit the code in the UserApp and add the code that you want to be executed on the board in the main function of the UserApp. Here’s a step-by-step guide:
-
Locate the UserApp Folder: The UserApp should be integrated into the
SBSFU/SBSFU_Appli/NonSecurefolder. This folder contains a simple user application example[ref 1, page 10]. -
Modify the Main Function: Open the main function of the UserApp and add your custom code. This is where you can place the logic that you want to be executed on the board.
2. Configure the Script for Merging SBSFU with Your Code
If you need to edit the script to merge the SBSFU with your code, follow these steps:
-
Modify the IDE Configuration: Ensure that the IDE configuration includes the necessary symbols and settings for your custom board.
-
Update the Script: The script used to patch SBSFU with user code should be updated to reflect the changes in your application. Here are some key points to consider:
- Firmware Version: Ensure that the firmware version is correctly set in the firmware header generated with the
postbuild.batscript[ ref 3]. - Validation: Define the
ENABLE_IMAGE_STATE_HANDLINGcompilation switch inSECoreBin,SBSFU, andUserAppIDE configuration. Ensure that the user application calls the running serviceSE_APP_Validate(slot_id)to validate the firmware image[Ref3, page 45].
- Firmware Version: Ensure that the firmware version is correctly set in the firmware header generated with the
Example of Script Changes
Here is an example of what you might need to change in the script:
# Example of postbuild.bat script modifications (bash script)
# Set the firmware version
set FW_VERSION=5
# Merge SBSFU with UserApp
merge_tool --sbsfu SBSFU.bin --userapp UserApp.bin --output MergedFirmware.bin
# Validate the firmware image
validate_tool --input MergedFirmware.bin --output ValidatedFirmware.bin
By following these steps, you should be able to integrate your own code with the SBSFU on your custom board using an STM32G0 MCU. For more details, refer to:
[ref 1] AN5447 page 10 " Overview of Secure Boot and Secure Firmware Update solution on Arm® TrustZone® STM32 microcontrollers"
[ ref 2] UM2262 "Getting started with SBSFU - software expansion for STM32Cube" available from the
STMicroelectronics microcontroller website www.st.com.
[ref 3] AN5056, page 9, Integration guide for the X-CUBE-SBSFU STM32Cube Expansion Package
Best Regards,
Younes
