2021-07-16 06:14 AM
Hi all,
In our project we have enabled the ENABLE_IMAGE_STATE_HANDLING flag and download an image via YMODEM transfer to our NUCLEO-L476RG. However, when we try to validate the image by calling SE_APP_ValidateFw(), our STM reboots and does a rollback.
All of this only happens when not defining SECBOOT_DISABLE_SECURITY_IPS in NUCLEO-L476RG/Applications/2_Images/2_Images_SBSFU/SBSFU/App/app_sfu.h (see attachment for our app_sfu.h file) So when security features are enabled. However, we found out that the security feature that triggers this reset is SFU_MPU_USERAPP_ACTIVATION: when we disable this one, everything works as expected and no rollback happens (i.e., no reset).
Is this expected behavior of the SFU_MPU_USERAPP_ACTIVATION security feature? Is it incompatible with ENABLE_IMAGE_STATE_HANDLING mode/SE_APP_ValidateFw call?
Kind regards,
ac_gd
2024-01-08 04:06 PM - edited 2024-01-08 04:34 PM
Hi @Jocelyn RICARD ,
Thank you for your reponse. Yes, I am using the latest SBSFU version 2.6.2.
In my configuration, I have commented all security IPs except SFU_IWDG_PROTECT_ENABLE and ENABLE_IMAGE_STATE_HANDLING(app_sfu.h attached for reference).
I have implemented same functionality as userapp to call SE_APP_GetActiveFwState in my app when SFU_MPU_PROTECT_ENABLE is not enabled.
I am using 2_Images project from P-NUCEO-WB55.Nucleo and I have expanded active and download slots to 344K and MPU configuration in sfu_low_level_security.h (file attached).
However, I am still seeing the issue outlined above when SE_APP_GetActiveFwState() is called. Here is how I have split the memory in my linker file.
/* swap (8 kbytes) */
__ICFEDIT_SWAP_start__ = 0x08016000;
__ICFEDIT_SWAP_size__ = 0x2000;
__ICFEDIT_SWAP_end__ = 0x8017fff;
/* Active slot #1 (352 kbytes) */
__ICFEDIT_SLOT_Size_1__ = 0x56000;
__ICFEDIT_SLOT_Active_1_start__ = 0x8018000;
__ICFEDIT_SLOT_Active_1_end__ = 0x806dfff;
__ICFEDIT_SLOT_Active_1_header__ = __ICFEDIT_SLOT_Active_1_start__;
/* Dwl slot #1 (352 kbytes) */
__ICFEDIT_SLOT_Dwl_1_start__ = 0x806e000;
__ICFEDIT_SLOT_Dwl_1_end__ = 0x80c3fff;
--
Best
Praneet
2024-01-10 08:03 AM
Hello,
First, I have double checked the Image state handling feature of the SBSFU 6.2.0 on STM32WB55 and is works fine on the default project.
I also changed the mapping as you did, and adapted MPU configuration accordingly in
Projects\P-NUCLEO-WB55.Nucleo\Applications\2_Images\2_Images_SBSFU\SBSFU\Target\sfu_low_level_security.h
#define APP_PROTECT_MPU_AREA_2_ACTIVE_SLOT_START 0x08040000U
#define APP_PROTECT_MPU_AREA_2_ACTIVE_SLOT_SIZE MPU_REGION_SIZE_256KB
#define APP_PROTECT_MPU_AREA_2_ACTIVE_SLOT_PERM MPU_REGION_FULL_ACCESS
#define APP_PROTECT_MPU_AREA_2_ACTIVE_SLOT_EXEC MPU_INSTRUCTION_ACCESS_ENABLE
#define APP_PROTECT_MPU_AREA_2_ACTIVE_SLOT_SREG 0xC0U
All works fine : Check active firmware version, update and image validation.
Best regards
Jocelyn
2024-01-23 04:49 PM
Hi Jocelyn,
Thanks for trying it out with SBSFU userapp.
I still see this issue with custom app, could it be that some peripherals being used by both userapp and SBSFU are causing the issue?
2024-01-26 10:21 AM
Hello @kaur ,
Well I don't know.
Only way to go further is to use the debugger and see what happens.
Best regards
Jocelyn
2024-01-29 03:53 PM
Hi @gpguy ,
Is there anything different in your scenario which is leading to this issue?