FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to validate an image with security features enabled?

ac_gd
Associate II

‎2021-07-16 06:14 AM

Hi all,

In our project we have enabled the ENABLE_IMAGE_STATE_HANDLING flag and download an image via YMODEM transfer to our NUCLEO-L476RG. However, when we try to validate the image by calling SE_APP_ValidateFw(), our STM reboots and does a rollback.

All of this only happens when not defining SECBOOT_DISABLE_SECURITY_IPS in NUCLEO-L476RG/Applications/2_Images/2_Images_SBSFU/SBSFU/App/app_sfu.h (see attachment for our app_sfu.h file) So when security features are enabled. However, we found out that the security feature that triggers this reset is SFU_MPU_USERAPP_ACTIVATION: when we disable this one, everything works as expected and no rollback happens (i.e., no reset).

Is this expected behavior of the SFU_MPU_USERAPP_ACTIVATION security feature? Is it incompatible with ENABLE_IMAGE_STATE_HANDLING mode/SE_APP_ValidateFw call?

Kind regards,

ac_gd

Labels:
Preview file
12 KB
0 Kudos
14 REPLIES 14
kaur
Associate III
In response to Jocelyn RICARD

‎2024-01-08 04:06 PM - edited ‎2024-01-08 04:34 PM

Hi @Jocelyn RICARD  ,

Thank you for your reponse. Yes, I am using the latest SBSFU version 2.6.2.

In my configuration, I have commented all security IPs except SFU_IWDG_PROTECT_ENABLE and ENABLE_IMAGE_STATE_HANDLING(app_sfu.h attached for reference).

I have implemented same functionality as userapp to call SE_APP_GetActiveFwState in my app when SFU_MPU_PROTECT_ENABLE is not enabled.

I am using 2_Images project from P-NUCEO-WB55.Nucleo and I have expanded active and download slots to 344K and MPU configuration in sfu_low_level_security.h (file attached).

However, I am still seeing the issue outlined above when SE_APP_GetActiveFwState() is called. Here is how I have split the memory in my linker file.

/* swap (8 kbytes) */
__ICFEDIT_SWAP_start__ = 0x08016000;
__ICFEDIT_SWAP_size__ = 0x2000;
__ICFEDIT_SWAP_end__ = 0x8017fff;

/* Active slot #1 (352 kbytes) */
__ICFEDIT_SLOT_Size_1__ = 0x56000;
__ICFEDIT_SLOT_Active_1_start__ = 0x8018000;
__ICFEDIT_SLOT_Active_1_end__ = 0x806dfff;
__ICFEDIT_SLOT_Active_1_header__ = __ICFEDIT_SLOT_Active_1_start__;

 /* Dwl slot #1 (352 kbytes) */
__ICFEDIT_SLOT_Dwl_1_start__ = 0x806e000;
__ICFEDIT_SLOT_Dwl_1_end__ = 0x80c3fff;

 

--

Best

Praneet

Preview file
5 KB
Preview file
12 KB
0 Kudos
Jocelyn RICARD
ST Employee

‎2024-01-10 08:03 AM

Hello,

First, I have double checked the Image state handling feature of the SBSFU 6.2.0 on STM32WB55 and is works fine on the default project.

I also changed the mapping as you did, and adapted MPU configuration accordingly in

Projects\P-NUCLEO-WB55.Nucleo\Applications\2_Images\2_Images_SBSFU\SBSFU\Target\sfu_low_level_security.h

 

#define APP_PROTECT_MPU_AREA_2_ACTIVE_SLOT_START  0x08040000U
#define APP_PROTECT_MPU_AREA_2_ACTIVE_SLOT_SIZE   MPU_REGION_SIZE_256KB
#define APP_PROTECT_MPU_AREA_2_ACTIVE_SLOT_PERM   MPU_REGION_FULL_ACCESS
#define APP_PROTECT_MPU_AREA_2_ACTIVE_SLOT_EXEC   MPU_INSTRUCTION_ACCESS_ENABLE
#define APP_PROTECT_MPU_AREA_2_ACTIVE_SLOT_SREG   0xC0U

 All works fine : Check active firmware version, update and image validation.

Best regards

Jocelyn

0 Kudos
kaur
Associate III
In response to Jocelyn RICARD

‎2024-01-23 04:49 PM

Hi Jocelyn, 

Thanks for trying it out with SBSFU userapp.

I still see this issue with custom app, could it be that some peripherals being used by both userapp and SBSFU are causing the issue?

0 Kudos
Jocelyn RICARD
ST Employee
In response to kaur

‎2024-01-26 10:21 AM

Hello @kaur ,

Well I don't know.

Only way to go further is to use the debugger and see what happens.

Best regards

Jocelyn

0 Kudos
kaur
Associate III

‎2024-01-29 03:53 PM

Hi @gpguy ,

Is there anything different in your scenario which is leading to this issue?

0 Kudos
Top