Hello,
I'm currently integrating the SBSFU 2.8 for one of our board, that use a STM32H753, with a dual-slot configuration.
I'm adapting the example for the STM32H753ZI. For now, this mostly involves modifying the USART (use the 6 instead of the 3).
I am currently trying to set up the system to resume operation after a power outage. I defined ENABLE_IMAGE_STATE_HANDLING in the projects SeCoreBin and SBSFU.
This is my scenario:
- Download of a UserApp
- Validation of the downloaded UserApp
- Decryption of the UserApp
- Start of the swap between the DownloadSlot and the ActiveSlot
- /!\ Power outage!
- Power return
- Resume of the installation process
Currently, the resume always fails when checking the trailer (in CheckTrailerMagic).
I checked what he wrote as trailer (in WriteTrailerHeader), and what is written is indeed what is read after the reset.
What's strange is how he slices up what he's checking.
If we look at the names of the arrays in the CheckTrailerMagic function, we have:
| Field | Value read |
magic | 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF |
clean | 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF |
signature_valid | 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF |
signature_test | 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF |
So, everything is equal to erased_flash_pattern! So the function CheckTrailerMagic always return SFU_ERROR (no installation to resume).
It also doesn't initiate a rollback (which would be OK in our case), but instead clears the contents of the ActiveSlot. In the end, we're just left without UserApp.
The documentation (AN5056) seems to suggest that all you need to do is to define ENABLE_IMAGE_STATE_HANDLING, but is that really enough? What could I have missed to enable this feature? Is this a bug?
Thanks for the support.
