2023-07-29 06:13 AM
Hello,
I'm using SBSFU to secure firmware runs and firmware upgrades. My target board is a custom board with F429ZI and external SPI Flash, but for the beginning, I've started testing with NUCLEO-F429ZI.
I have successfully ported "2-Images" example from F417-Discovery to my Nucleo board and everything looks to work fine, however, when I try to expand the size of active and download slots, I face a memory fault.
The F429ZI has a 2MB Flash arranged in 2 banks of 1MB, but I found that I can use the entire Flash without utilizing dual-bank architecture, I just use it as a single 2MB flash.
If I arrange the slots layout as below everything works fine:
/* swap (128 kbytes) */
__ICFEDIT_SWAP_start__ = 0x08100000;
__ICFEDIT_SWAP_end__ = 0x0811FFFF;
/* Active slot #1 (768 kbytes) */
__ICFEDIT_SLOT_Active_1_start__ = 0x08040000;
__ICFEDIT_SLOT_Active_1_end__ = 0x080FFFFF;
__ICFEDIT_SLOT_Active_1_header__ = __ICFEDIT_SLOT_Active_1_start__;
/* Dwl slot #1 (768 kbytes) */
__ICFEDIT_SLOT_Dwl_1_start__ = 0x08140000;
__ICFEDIT_SLOT_Dwl_1_end__ = 0x081FFFFF;
But when I try to use the extra unused flash sector to expand active and main slots, I can run the bootloader (SBSFU) without user application but after providing firmware image to SBSFU, it downloads, decrypts and install successfully and also startup checks get passed, but a "memory fault" is the only outcome of the running of user application.
/* swap (128 kbytes) */
__ICFEDIT_SWAP_start__ = 0x08100000;
__ICFEDIT_SWAP_end__ = 0x0811FFFF;
/* Active slot #1 (896 kbytes) */
__ICFEDIT_SLOT_Active_1_start__ = 0x08020000;
__ICFEDIT_SLOT_Active_1_end__ = 0x080FFFFF; /*0x080DFFFF;*/
__ICFEDIT_SLOT_Active_1_header__ = __ICFEDIT_SLOT_Active_1_start__;
/* Dwl slot #1 (896 kbytes) */
__ICFEDIT_SLOT_Dwl_1_start__ = 0x08120000; /*0x080E0000;*/
__ICFEDIT_SLOT_Dwl_1_end__ = 0x081FFFFF; /*0x0817FFFF;*/
Question1: Is this because I have left no space for something like stack or heap? Or maybe it is because of something completely different?
Question2: I think F429 does not have a OTFDEC, so, If I have external flash memory is there any way to configure active slot on the internal flash and download slot on the external one? Does this method support encryption for the firmware on the external flash? Or I should use SFU_NO_SWAP to avoid putting decrypted firmware on the external flash?
@Jocelyn RICARD
2023-08-22 11:04 AM
Hello @AliT ,
Your memory fault issue is probably related to MPU configuration.
Try disabling MPU in the settings and see if helps.
Otherwise, use your debugger in hotplug mode, put a breakpoint in the reset handler and find where issue occurs.
Regarding external flash, yes, NO_SWAP is the only secure solution. SBSFU does not implement re-encryption of download slot. You can see example:Projects\B-L475E-IOT01A\Applications\2_Images_ExtFlash\
Best regards
Jocelyn