cancel
Showing results for 
Search instead for 
Did you mean: 

is ACTIVE SLOT Header protected ??

SPati.7
Associate III

From SBSFU examples, with default SECUSER memory setting except reading from OB registers, it is only protecting SBSFU area alone.

Are we need to protect SBSFU + ACT_SLOT HEADER (1024 Bytes for H7) area as well right ??

So what is your recommendation on protection of HEADER ??

17 REPLIES 17

@Fred​ Are we replacing ACT SLOT Header with DNLD_SLOT HEADER on swapping of ACT and DNLD Slots ??

If we are swapping headers as well, we are loosing last IMAGE STATE right ??

Also, i need your one suggestion on storing of persistent information on FLASH. is it possible to PUSH ACT SLOT HEADER for 1KB down and use this for persistent storage and protected with SECURE USER MEMORY ??

Yes, if you update the software, then you update the header, that's true.

And it makes sense to loose the image state because it is a new software you need to validate again.

There are several ways to store persistent information, so it depends on what you need:

  • backup registers can be convenient as they persist over power down if you have Vbat and they can be erased when a tamper is detected
  • FLASH is of course nice but you must be out of the WRP area.

Again, you must assess your constraints and requirements but it may be an option to have a new FLASH area protected by Secure User Memory.

This means you need to update the memory mapping accordingly and beware of not breaking some protections.

Thanks @Fred​ for reply.

Yes i agree the risk of WRP protection won't be there, but at least i felt, we can avoid illegal application access.

@Fred​  I cam to know that is the Metadata Header also signed ??

Step 1: Compute HASH of Firmware application and Sign with ECC.

Step 2: Store this Signature in Metadata Header.

Step 3: Then fill remaining Header fill with '0's.

Step 4: Then Sign Metadata Header as well ?? If it is, can we verify with same Public Key ??

Can you please clarify on stages of signing involved in SBSFU, without Firmware encryption ??

@Fred​  Can you reply for the above ??

Fred
ST Employee

Hi,

sorry for the late reply, I was on holidays.

The crypto scheme is like this:

0693W00000QMal1QAD.png

@Fred​  Thank you very much for reply.

By default is this is the signing mechanism we follow or Do we configure to SIGN alone metadata header with SHA256 of Metadata Header.??

Looks to me, we compute SHA256 of Firmware, add this TAG in metadata header and sign Metadata header from example. is this correct ??

Rejane Durand
Associate II

Hello,

This is correct. This is the signing mechanism followed by the software.

Both tags are checked during the update:

0693W00000SuJmrQAF.jpg