FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Running TF-M example application to download tfm_s_enc_sign.bin through ymodem and then decrypt error when secure boot at STM32L562

Pxu.1
Associate

‎2020-10-08 05:48 PM

Dear st team,

  I have a development issue when running TFM example application at STM32L562.After download the tfm_s_enc_sign.bin through ymodem,print error log"[ERR] Image in the secondary slot is not valid!" when secure boot .ALL other 3 bin(tfm_s_sign.bin,tfm_ns_sign.bin,tfm_ns_enc_sign.bin) download success.

    I follow the document UM2671 chapter 11.4 Download a new firmware image.

    The project is en.stm32cubel5_v1-3-0.zip,file:Projects\STM32L562E-DK\Applications\TFM

Steps to reproduce:

  • 1.run Projects\STM32L562E-DK\Applications\TFM\TFM_SBSFU_Boot\MDK-ARM\regression.bat to init device
  • 2.build TFM_SBSFU_Boot application,TFM_Appli secure application,TFM_Appli non-secure application,Build TFM_Loader application
  • 3.run Projects\STM32L562E-DK\Applications\TFM\TFM_SBSFU_Boot\MDK-ARM\TFM_UPDATE.bat to programing into STM32L5 internal and external Flash memory
  • 4.success to run into app
  • 5.press user button (blue) during board reset, the user enters local loader menu.
  • 6.use ymodem to download tfm_s_enc_sign.bin to secure image
  • 7.reset and then print error log "[ERR] Image in the secondary slot is not valid!"

Reason:

 1.hash verify not pass because after decrypt, the image not same with origin image.log as below: 

 =====================================================

[INF] verify counter 0 1000000 1000000

[INF] counter 0 : ok

[INF] hash256 : 54, cc, 2c, 4c, 97, b5, 55, 68,

[INF] hash256 buf : cd, 76, a3, a1, cb, 1, 4d, bc,

[ERR] Image in the secondary slot is not valid!

 ======================================================

Does anyone know what I'm doing wrong?

Thanks in advance!

Labels:
0 Kudos
3 REPLIES 3
Jocelyn RICARD
ST Employee

‎2020-10-14 10:00 AM

Hello,

So, apparently you didn't change anything and just compiled and run the example ?

What IDE/compiler did you use?

Did you notice any warning during compilation ?

Best regards

Jocelyn

0 Kudos
Pxu.1
Associate
In response to Jocelyn RICARD

‎2020-10-20 02:34 AM

Thanks for your answer.yes,i didn‘t change anything at all.

I found the reason after debug:decrypt error when call function mbedtls_aes_crypt_ecb(). Because define MBEDTLS_AES_ALT, it use hardware to decrypt the image.After undefine MBEDTLS_AES_ALT, it use mbed-crypt lib to decrypt the image and then decrypt right.

I think there's something wrong with the decrypt api in aes_alt.c, but i didnt have enough time for more deep debug.hope you can give some comments about it

Thanks in advance!

0 Kudos
Jocelyn RICARD
ST Employee
In response to Pxu.1

‎2020-11-17 05:25 AM

Hello,

I'm sorry I missed your answer.

So, you mean you have a STM32L562 and not able to hardware for decryption ?

Only explanation I could have is that your chip is not a L562 but rather a L552.

Best regards

Jocelyn

0 Kudos
Top