FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Sample project 1_Image postbuild.sh arguments

chuan_lee
Associate II

‎2019-10-07 03:13 PM

I am trying to build and flash sample project from:

STM32CubeExpansion_SBSFU_V2.2.0\Projects\NUCLEO-H753ZI\Applications\1_Image

I have been able to build the modules -- SBSFU, SECoreBin and UserApp -- from Makefiles using GNU ARM toolchain.

  • SECoreBin/GNUWARM/prebuild.sh .
  • SECoreBin/make
  • SBSFU/make
  • UserApp/make
  • SECoreBin/GNUWARM/postbuild.sh UserApp/build_debug/UserApp.elf UserApp/build_debug/UserApp.bin 0

The last step, postbuild.sh, generated:

  • SECoreBin/Binary/iv.bin
  • SECoreBin/Binary/UserApp.sfb
  • SECoreBin/Binary/SBSFU_UserApp.bin

It also showed "No FW signing leaf cert" and "No leaf cert" in the output log.

To flash:

  • STM32_Programmer_CLI.exe -c port=SWD index=0 reset=HWrst -e all -d SBSFU_UserApp.bin 0x08000000 -HardRst

The app doesn't startup.

My question is about the postbuild.sh script that whether the arguments I used were correct. Ultimately I want to bring up the Test Menu from the UserApp.

Labels:
0 Kudos
4 REPLIES 4
Jocelyn RICARD
ST Employee

‎2019-10-09 02:46 AM

Hello Chuan Lee,

First the "No FW signing leaf cert" message is normal as long as you don't use STSafe.

No issue here.

Regarding your startup issue, I would suggest the following:

  • First deactivate all protections in app_sfu.h . Just uncomment #define SECBOOT_DISABLE_SECURITY_IPS
  • Build the secure engine core and SBSFU
  • Launch SBSFU with a debugger and see what happens.

The SBSFU is provided as an example. You must understand it, adapt it to your needs.

Regarding arguments provided to postbuild, I guess the current directory is missing. Here are the first lines of postbuilt.sh:

#Post build for SECBOOT_ECCDSA_WITH_AES128_CBC_SHA256

# arg1 is the build directory

# arg2 is the elf file path+name

# arg3 is the bin file path+name

# arg4 is the version

# arg5 when present forces "bigelf" generation

Best regards

Jocelyn

0 Kudos
chuan_lee
Associate II
In response to Jocelyn RICARD

‎2019-10-10 11:03 AM

Sorry, my typo in the message. I did have all arguments in the postbuild.sh script:

postbuild.sh . '../../UserApp/build_debug/UserApp.elf' '../../UserApp/build_debug/UserApp.bin' 1

The postbuild script generated SBSFU_UserApp.bin (Wtih #define SECBOOT_DISABLE_SECURITY_IPS)

When STM32CubeProgrammer opens SBSFU_UserApp.bin, the log window shows:

10:43:38 : STM32CubeProgrammer API v2.1.0

10:44:33 : Read File: 1_Image\SECoreBin\Binary\SBSFU_UserApp.bin

10:44:33 : Number of segments: 1

10:44:33 : segment[0]: address= 0x0, size= 0x25940

Linker_Common/mapping_sbsfu.ld sets __ICFEDIT_bank1_secure_start__  = 0x08000000,

and mapping_fwimg.ld sets __ICFEDIT_region_SLOT_0_start__ = 0x08020000.

If I change the address to 0x08000000, the app prompts "Address out of range".

I don't know what's happening.

0 Kudos
alister
Lead

‎2019-10-10 05:15 PM

A more incremental dev/test method:

  1. Build the SBSFU without protection, or especially with RDP level 0, write the SBSFU with SE into flash, develop enough of your app that it'll execute and demonstrate some functionality. Test it via JTAG/SWD.
  2. When the app is sufficiently complete that it'll demonstrate some functionality, Build an image and load it into SLOT#1. Trigger its install by writing its header to SWAP. Use the debugger to test/step the SFSFU's install. Note if the SBSFU executes from reset before you've loaded and halted it in the debugger, it might complete the install before you debug it or throw an error and delete your SWAP.

Use different keys for debug because you wouldn't want boards loaded with your final keys accidentally going out a door without RDP and other protections.

To load SBSFU_UserApp.bin using STM32CubeProgrammer, click the "Erase & Programming" button, browse and select your binary, enter start address = 0x8000000, uncheck "Skip flash erase before programming" and click the "Start Programming" button. It determines the size and erases sectors automatically. My STM32CubeProgrammer is v1.3.0.

BTW there's a quirk in the X-CUBE-SBSFU download and install examples. The image has the encrypted app immediately following the header. But the example app's download writes the image's header to the start of SLOT#1 and has extra lines of code to position the image's encrypted part (for full image) starting at SLOT#1 + 0x400, and the example SBSFU is coded to find the encrypt start there too.

0 Kudos
chuan_lee
Associate II

‎2019-10-18 04:13 PM

Thanks Jocelyn and Alister. I don't have issue with postbuild.sh anymore.

0 Kudos
Top