How to prevent TLS certificates in KMS of SBSFU to be deleted upon flashing new user firmware?

Hello @Jocelyn RICARD​ 

My application uses OTA for firmware updates. It does not implement firmware updates over serial port with Ymodem.

The OTA function works correctly, but this is only used for updating devices in the field. For development purposes, it is desirable to not use OTA, but rather just flashing the image with an ST-Link.

The image that I flash is the *.bin, in this case the keys inside of the KMS get deleted.

I can't simply flash the *.sfb I believe, as then the installation is rejected by SBSFU as I also need to set the header I guess. I am not sure what is the easiest method here. Installing the bin and re-provisioning every single time, or installing the *.sfb and then figuring out how I should make the header otherwise the *.sfb is rejected. Then making the header would also need to be done every time.

Normally the header is generated by the OTA library I'm using. I'm just looking for a simple method to compile, build and run at the click of a button without overwriting the contents of KMS.

Hi @Community member​,

I agree there is no simple one click solution for such case.

What you could do for such case.

1) Use the local loader of SBSFU if you didn't deactivated it and load sfb file through Ymodem

2) Use/create a tool to extract the application header and binary from the SBSFU_UserApp.bin and flash it at the right address. I have no specific tool to advise to you here. This tool can be easily developed in C but you should be able to do it using unix tools, dd for instance.

Best regards

Jocelyn

@Jocelyn RICARD​ thank you for your explanation.

I think I'll implement the user button for SBSFU to force the YModem transfer upon reset, then I'll write a little program to transfer the *.sfb with a single mouse click.