2022-03-09 11:05 AM
Hello SBSFU users !
The latest release of STM32CubeIDE 1.9.0 is introducing GNU Tools version 10.3 as toolchain. This new toolchain creates an issue in the SBSFU final build.
A new release of X-CUBE-SBSFU is coming in around one month to fix this but, in the meanwhile, I would like to share with you the changes needed to be able to use this version of STM32CubeIDE.
First, the issue is related the the ability to call services in the secure engine. So, if you do not need this feature, just remove it.
Here is how to do this.
1- Open Properties of your user application
2- in C/C++ Build/Settings/MCU GCC Linker/Miscellaneous, remove the content of Additional objects. Something like "./../../2_Images_SBSFU/STM32CubeIDE/Debug/se_interface_app.o"
3- Also remove in your code any call to SE_*. The common service implemented is usually SE_APP_GetActiveFwInfo
That's it.
Now, if you use the SE service, here is what you need to do. The following is the description of the changes done in the SBSFU provided in the STM32WL firmware package. So, you can also get this package for reference.
Principle is to generate a specific .ld file containing the service name and associated address.
1) In SBSFU project, you need to create a postbuild.sh ...SBSSU/STM32CubeIDE/postbuild.sh containing the following
#!/bin/bash -
echo "Extract SE interface symbols"
arm-none-eabi-nm $1 > nm.txt
case "$(uname -s)" in
Linux*|Darwin*)
tr -d '\015' <../se_interface.txt >../se_interface_unix.txt
grep -F -f ../se_interface_unix.txt nm.txt > symbol.list
rm ../se_interface_unix.txt
;;
*)
grep -F -f ../se_interface.txt nm.txt > symbol.list
;;
esac
wc -l symbol.list
cat symbol.list | awk '{split($0,a,/[ \r]/); print a[3]" = 0x"a[1]";"}' > se_interface_app.ld
rm nm.txt
rm symbol.list
2) Add the call to this postbuild.
in Properties/C/C++ build/Settings/Build Steps/Post-built steps
Replace the old command by this new one:
"../postbuild.sh" "${BuildArtifactFileName}"
This will create the se_interface_app.ld in the debug directory
When building SBSFU you should see something like this in the build console. The 1 means only 1 symbol created. This is the number of services of Secure Engine you use.
Extract SE interface symbols
1 symbol.list
3) Edit the .ld file of your application and just before the INCLUDE mapping_fwimg.ld add following line
INCLUDE se_interface_app.ld
4) Last point. You need to give to linker the directory where to find this ld file
in Properties/C build/Settings/MCU GCC Linker/Library/Library search path, add following line
../../../2_Images_SBSFU/STM32CubeIDE/Debug
You may need to adapt the path to your own project to find the path to SBSFU
Then your application should link.
I hope this will help
Best regards
Jocelyn
2022-04-06 12:00 PM
Jocelyn
To narrow things down further, the target platform is STEVAL-STWINKT1B with STEVAL-STWINFV1. We also have STEVAL-STMODLTE.
Thanks for your help,
Geoff
2022-04-06 03:08 PM
I have successfully re-built fp-cld-aws1 using STM32CubeIDE 1.8.0.
I have run STEVAL-STWINKT1/Applications/BootLoader_STSAFE/STSAFE_Provisioning/Binary/Provisioning.bin, but I have not seen the following:
-------------------------------------------------------------------------------
Start provisionning of STSAFE
Force STSAFE-A110 Perso
Launching STSAFE-A110 Perso
Check if Pairing Host keys available
Perso OK
Erase Data : OK
Now Store Certificate STM_POC_SBSFU_ROOT_TEST_CA_00 inside STSAFE
Certificate STM_POC_SBSFU_ROOT_TEST_CA_00 successfully written inside STSAFE
Now Store Data using HAL_Store_Data
Now Store Certificate STM_POC_SBSFU_OEM_TEST_CA_00 inside STSAFE
Certificate STM_POC_SBSFU_OEM_TEST_CA_00 successfully written inside STSAFE
End provisionning of STSAFE
I only see the first two lines.
When I run the cloud application I get the following:
= [SBOOT] System Security Check successfully passed. Starting...
= [FWIMG] Slot #0 @: 8105000 / Slot #1 @: 8036000 / Swap @: 81d5000
======================================================================
= (C) COPYRIGHT 2017 STMicroelectronics =
= =
= Secure Boot and Secure Firmware Update =
======================================================================
= [SBOOT] STATE: WARNING: SECURE ENGINE INITIALIZATION WITH FACTORY DEFAULT VALUES!
= [SBOOT] STATE: CHECK STATUS ON RESET
INFO: A Reboot has been triggered by a Software reset!
Consecutive Boot on error counter = 0
INFO: Last execution detected error was:No error. Success.
= [SBOOT] STATE: CHECK KMS BLOB TO INSTALL
= [SBOOT] STATE: CHECK USER FW STATUS
= [SBOOT] LOADING CERTS FROM SECURE ENGINE
and nothing more.
Is there a way to detect if provisioning has ever been successful? Am I supposed to execute STSAFE_PAIRING_keys.bin at some point?
The ST-LINKV3mini has been loaded with Firmware V3J9M3.
I'm following instructions from UM2186, but I find them confusing and ambiguous.
Regards,
Geoff
2022-04-19 08:48 AM
I added postbuild.sh to SBSFU,
Extract SE interface symbols
1 symbol.list
But for user app, after I added INCLUDE se_interface_app.ld to STM32L476RGTx.ld
...
INCLUDE se_interface_app.ld
INCLUDE mapping_fwimg.ld
INCLUDE mapping_sbsfu.ld
...
and changes in Properties/C build/Settings/MCU GCC Linker/Library/Library search path, add following line
I still got the same issue
... bin\ld.exe: cannot use executable file '../../../2_Images_SBSFU/STM32CubeIDE/Debug/se_interface_app.o' as input to a link
collect2.exe: error: ld returned 1 exit status
2022-04-19 09:11 AM
sorry, my mistake. It works fine after I deletes the old setting in Properties/C build/Settings/MCU GCC Linker/Miscellaneous\Additional object files,
2022-04-20 11:02 AM
Hello,
I used this solution and compiling the projects are all successful. But after I downloaded SBSFU.bin to Nucleo L496ZG , and unplug/plug in USB 2 times, there are nothing shown on Tera Term.
Could it be because Sample is for L476 and Dev board is Nucleo L496? Is there anything needs to be modified so as to run on L496?
Thanks,
Kevin
2022-04-20 11:37 AM
Hello Kevin,
yes you need to adapt to different board.
Please check AN5056 (integration guide chapter 3): Porting X-CUBE-SBSFU onto another board
Best regards
Jocelyn
2022-04-20 04:10 PM
Thank you Jocelyn!
Now the SBSFU is running, Basically the main change is to configure the correct UART and connect UART to ST-LINK UART
One more question, when I try to send UserApp, it requires the file extension *.sfb, How can I generate .sfb?
Thanks,
Kevin
2022-04-20 04:15 PM
userApp.sfb is automatically generated by the post build script. Look in the Binary folder in your UserApp project. It doesn’t show up in STM32CubeIDE. Use your file manager to find it.
2022-04-20 04:22 PM
Thanks, I found it.
After updated application, but seems like app is not running, still in Bootloader screen
======================================================================
= (C) COPYRIGHT 2017 STMicroelectronics =
= =
= Secure Boot and Secure Firmware Update =
======================================================================
= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
INFO: A Reboot has been triggered by a Hardware reset!
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: DOWNLOAD NEW USER FIRMWARE
File> Transfer> YMODEM> Send
= [SBOOT] STATE: REBOOT STATE MACHINE
========= End of Execution ==========
= [SBOOT] System Security Check successfully passed. Starting...
======================================================================
= (C) COPYRIGHT 2017 STMicroelectronics =
= =
= Secure Boot and Secure Firmware Update =
======================================================================
= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
INFO: A Reboot has been triggered by a Software reset!
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: DOWNLOAD NEW USER FIRMWARE
File> Transfer> YMODEM> Send .............
2022-04-21 07:39 AM
Firmware was downloaded but didn't install, what could be the problem?