cancel
Showing results for 
Search instead for 
Did you mean: 

SBSFU jump into userAPP but userAPP main() not execute and hang

asala.19
Associate III

Hi,

I am working on stm32wb55 NUCLEO Board.

I run sbsfu default code and userapp run correctly.

Now i replace userapp with my customize app with few feature enable and it's working fine.

If i add further features(additional code) it hang after printing below messages

= [SBOOT] System Security Check successfully passed. Starting...
= [FWIMG] Slot #0 @: 8010000 / Slot #1 @: 804f000 / Swap @: 808d000
 
 
======================================================================
=              (C) COPYRIGHT 2017 STMicroelectronics                 =
=                                                                    =
=              Secure Boot and Secure Firmware Update                =
======================================================================
 
 
= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
          INFO: A Reboot has been triggered by a Hardware reset!
          Consecutive Boot on error counter = 0 
          INFO: Last execution detected error was:No error. Success.
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: CHECK USER FW STATUS
          A valid FW is installed in the active slot - version: 1
= [SBOOT] STATE: VERIFY USER FW SIGNATURE
= [SBOOT] STATE: EXECUTE USER FIRMWARE
          A valid FW is installed in the active slot - version: 1
= [SBOOT] STATE: VERIFY USER FW SIGNATURE
= [SBOOT] STATE: EXECUTE USER FIRMWARE

to resolve this i change optimize level Optimize for debug(-Og) to Optimize for size(-Os) and it's working fine. below is my working userapp memory detail.

 arm-none-eabi-objcopy  -O ihex  aws_demos.elf  "aws_demos.hex"
   text	   data	    bss	    dec	    hex	filename
 201152	   3024	 150212	 354388	  56854	aws_demos.elf

now if i further implement in my code it again hang at same place and this time it's not resolve by Optimize flag.below is my non working userapp memory detail.

arm-none-eabi-objcopy  -O binary  aws_demos.elf  "aws_demos.bin"
   text	   data	    bss	    dec	    hex	filename
 223012	   4536	 155692	 383240	  5d908	aws_demos.elf

Please help me what was the issue here?

how i can resolve this? i doubt on memory mapping.

Please find attached my modified mapping_fwimg.ld and mapping_sbsfu.ld in Linker_Common.zip

Regards,

Arjun

6 REPLIES 6
Jocelyn RICARD
ST Employee

Hello Asala,

Looking at your linker files it seems you made some important changes like moving the header file.

I mean the addition of the region_descriptor added in mapping_fwimg.ld.

Now the behaviour you have does not look like a problem related to the mapping, otherwise it would happen all the time.

If your behaviour is not stable depending on the compilation flags, I would look for variables used before initialization that take their value from non initialized RAM.

When mapping changes due to compilation flag, then value read from different RAM address is different and resulting behaviour can change.

In any case, the debugger is your friend to solve such issue :)

Best regards

Jocelyn

Hi @Jocelyn RICARD​ ,

yes you are correct i made changes in mapping_fwimg.ld when my code overflow the ROM.

i can't run bootloader and userapp in debug mode. so i simply flash using programmer.

Can you please help me what changes required to run userapp in debug mode.

I tried to debug standalone user app in debug mode but not get any success.

Regards,

Arjun

Hi Asala,

to debug you first need to disable all security protection.

Then you need to take into account that SBSFU is authenticating the image, so changing the image will fail the authentication.

One easy way is; Flash your full application and then attach with your debugger without downloading.

Put a breakpoint in your application and run. You may need to press reset button or to use the reset of your debugger to restart from beginning.

You can also have debugger configuration including both SBSFU and user application symbols, so that you can put breakpoint in both sides.

Other way can be to patch the SBSFU to bypass the authentication phase. In that case SBSFU will launch application without check.

This bypass is not implemented in SBSFU though activation of a flag for instance, so you need to understand how it works to make modifications.

Best regards

Jocelyn

Hi @Jocelyn RICARD​ ,

Thanks for sharing the debug steps. Now we found that, it stuck at bl __libc_init_array call.

0693W000002lhuEQAQ.png

From startup_stm32wb55xx_cm4.s Stuck at infinite loop,

*bl __libc_init_array* 
 
Default_Handler: 
Infinite_Loop: 
   b   Infinite_Loop 

[Function trace, is pointing to WWDG_IRQHandler ]

Thanks,

Hello Ali,

the answer is in your screen capture; WWDG_IRQHandler that has no implementation. This resulted in calling the default IRQhandler.

Do you activate the window watchdog in your code?

Best regards

Jocelyn

Be carefull , debuger and compiler use one code infinite loop for all error while 1 and mark it as WWDG_IRQHandler (first IRQ). But this isnt realy WWDG handler...