FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

In SBSFU, bootloader image will be signed?

PYada.1
Associate III

‎2021-08-24 12:03 AM

In SBSFU, bootloader image will be signed? 

I am using stm32l562e-dk. I want to use SBSFU.

1) I Have found the SBSFU example for NUCLEO-L552ZE-Q, but I am not able to find it for stm32l562e-dk. Is it available?

2) IN SBSFU when the bootloader is first time flashed, the bootloader's integrity and authenticity are checked?

3) Can i update bootloader in future if i have kept my RDP level to 1?

Labels:
0 Kudos
5 REPLIES 5
PYada.1
Associate III

‎2021-08-24 11:40 PM

@Frantz LEFRERE​  Can you please help me regarding this?

0 Kudos
alister
Lead

‎2021-08-25 02:06 AM

Its documentation may be found at https://www.st.com/en/embedded-software/x-cube-sbsfu.html#documentation.

It is example software. You should modify or write your own per your requirements.

If your part is not supported, you can only modify or write your own.

In the software, you may encrypt the image payload (your app) or not, and it will sign the image header.

0 Kudos
alister
Lead

‎2021-08-25 02:24 AM

>2) IN SBSFU when the bootloader is first time flashed, the bootloader's integrity and authenticity are checked?

No. You need to build and write it to flash properly (that is your integrity). You need to protect it so it cannot be changed without erasing your secret key used for decryption of apps and also used if you are symmetrically signing or your public key if you are asymmetrically signing. You choose how you will protect those, e.g. RDP, PCROP, etc, etc. (that is your authenticity, root of trust).

>3) Can i update bootloader in future if i have kept my RDP level to 1?

If you mean while it is in the field, you would have to implement that, and fear you may have to or have them sent back to your factory for that is the only reason you would ship product with RDP level 1.

During development, yes you can do RDP level 1 to 0 regression per your RM.

You would generally keep all protections disabled during development as having to clear protections before loading code adds to your development time.

0 Kudos
Frantz LEFRERE
ST Employee

‎2021-08-26 05:03 AM

Please have a look in this MOOC :

https://www.st.com/content/st_com/en/support/learning/stm32-education/stm32-moocs/STM32_security_ecosystem.html

1) in the MOOC chapter : TFM implementation on STM32L5

For the STM32L5, the SBSFU doesn't rely on X-SBSFU package but on TFM.

For the Nucleo we deliver a SBSFU ( based on TFM removing all the secure services).

For the DK, a full TFM implementation.

You can easily port the SBSFU implementation from Nucleo to stm32l562e-dk, you just need to adaption the LP_ART/USART for the traces ( optionally you can active the crypto acceleration).

2) for the first flashing you should be in a secure environment to flash it. We also propose mechanism to flash in an unsecure environment called SFI ( Secure Firmware install) .

https://www.st.com/resource/en/application_note/dm00355688-overview-secure-firmware-install-sfi-stmicroelectronics.pdf

3) by definition SBSFU should be immutable ( so can't be updated). But if you select only the RDP1 level and the debugging link is still activated, you may do a full RDP regression but this will erase the SBSFU.

0 Kudos
PYada.1
Associate III

‎2021-08-26 11:56 PM

Thank you so much @Frantz LEFRERE​ and @alister​ for your informative answer.

I will try to port SBSFU for DK and let you know if I will have any concerns regarding it.

0 Kudos
Top