FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SBSFU: image validation error

Go to solution
mr_divakar
Associate II

‎2025-02-15 8:04 PM

Hi,

I am evaluating/learning the SBSFU application example on STM32WBA55CG. I have disabled the MCUBOOT_HW_ROLLBACK_PROT and generated the signed confirmed image sbsfu_app_init.bin using the imgtool.exe  without the security counter TLV using the below command. 

imgtool.exe  sign -k root-rsa-2048.pem  -S 229376  -e little -H 0x400 --pad-header --align 8 --overwrite-only -v 1.0.0 --confirm --pad sbsfu_app_init.bin

 The only change I made to the above command is to remove the "-s auto" and +0 from the version to ensure TLV for the security counter isn't added. However, when I run the application, the image validation fails within the bootutil_tlv_iter_begin as shown below i.e

	if (info.it_magic == IMAGE_TLV_PROT_INFO_MAGIC) {// fails with info.it_magic = 0x6907

		if (hdr->ih_protect_tlv_size != info.it_tlv_tot) {
			return -1;
		}

		if (LOAD_IMAGE_DATA(hdr, fap, off_ + info.it_tlv_tot, &info,
				sizeof(info))) {
			return -1;
		}
	} else if (hdr->ih_protect_tlv_size != 0) {//fails with hdr->ih_protect_tlv_size = 4
		return -1;
	}

I'd expect hdr->ih_protect_tlv_size to be 0 however it is not. Could someone help/advise to resolve this. Any insights would be appreciated.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
mr_divakar
Associate II

‎2025-03-23 8:39 PM

Ok, I now understand the application well. Quite a complicated one. 

I was able to customize it to just use the mcuboot, ext loader with overwrite based update without all that trustzone and other security features. I noticed even the imgtool is ST customized for this example. Next step is to enable trustzone and decide what security features to pick, there seems to be lot of stuff we don't intend to use in this application. 

Anyway, ST should split this example. Thanks for the support.

View solution in original post

2 REPLIES 2
Go to solution
mr_divakar
Associate II

‎2025-03-23 8:39 PM

Ok, I now understand the application well. Quite a complicated one. 

I was able to customize it to just use the mcuboot, ext loader with overwrite based update without all that trustzone and other security features. I noticed even the imgtool is ST customized for this example. Next step is to enable trustzone and decide what security features to pick, there seems to be lot of stuff we don't intend to use in this application. 

Anyway, ST should split this example. Thanks for the support.

Go to solution
CMYL
ST Employee

‎2025-03-27 3:07 AM

Great Job :)

0 Kudos
Top