SBSFU not detecting Active Slot Image

jmcoreymv · ‎2024-11-12

I'm working on integrating the latest SBSFU (v2.6.2) onto an STM32L4A6 platform. I've reviewed both the user manual and application note for the SBSFU, as well as the examples provided.

In my use case:

I have an external attached MMC flash
I'm not planning to use the internal MCU flash dual-bank capability (so I can have an image larger than half the 1MB flash size)
I don't need rollback/swap capability
For OTA updates, my user application will download the encrypted image to a location in the external MMC flash. The SBSFU on boot will check for a valid image in that location, and if so, it will copy it to the MCU flash active slot.

I was able to get the B-L475E-IOT01A 2_Images_ExtFlash example to boot and run on my board, and it executes the UserApp.

For porting the SBSFU to integrate with my custom UserApp I have:

Started from the B-L475E-IOT01A 2_Images_ExtFlash example because it seemed like the closest for what I needed.
Replaced the example QSPI driver with an MMC flash driver
Modified the various linker files how I think they should be modified based on the user manual/app note.
Temporarily disabled all security protections in the SBSFU and enabled verbose debugging
The example I started from with external flash was putting the FIREWALL NVDATA section in the middle of the MCU flash (0x8080000) as if we were using dual-bank internal flash, so I changed that by referencing the NUCLEO-L432KC 1_Image example which uses the Firewall but places the NVDATA section at the start of the first active slot (0x8020000).
I'm able to build the SECoreBin, SBSFU, and custom UserApp successfuly.
When I try to use STMCubeProgrammer to flash the resulting combined binary in to the MCU, it loads but it fails to detect a valid image in Active Slot 1 (the master slot), and then it erases that slot because no valid image was found.
I'm having trouble figuring out why it's not seeing a valid image in that location, since it should be part of the combined binary produced by the SBSFU scripts.
- I've added some trace statements to the when SFU_IMG_DetectFW() is called and more specifically for the SFU_LL_FLASH_INT_Read() function.
- I can see that when it's searching inside the header region, the se_status returns SE_KO, and the se_ret_status returns SE_ERROR, but I'm not sure how to troubleshoot this further.
- Here's a console output from some trace logging I've added in this region:

SFU_IMG_DetectFW -> slot 1
SFU_LL_FLASH_Read internal
Looking in header
pSource: 0x0x8020000, Length: 320 -> pdest: 0x0x20017e78
DoubleECC_Error_Counter: 0
se_status: 1245757
se_ret_status: 100249
SFU_IMG_DetectFW -> slot 1
SFU_LL_FLASH_Read internal
Looking in header
pSource: 0x0x8020000, Length: 320 -> pdest: 0x0x20017e78
DoubleECC_Error_Counter: 0
se_status: 1245757
se_ret_status: 100249
Slot SLOT_ACTIVE_1 not empty : erasing ...

Trying to figure out what my next steps should be to determine why the SBSFU is not finding a valid image in active slot 1.

Thanks!

Jocelyn RICARD · ‎2024-11-22

Hello @jmcoreymv ,

I tried changing the L475 configuration to align to your requierements.

I faced an issue, maybe the same as yours.

The crypto used is mbedTLS on this example. It is consuming lots of memory.

The SE_SP_SMUGGLE is the entry leads to se_callgate. You should have entered inside.

By debugging, I could see that signature verification returned -16 meaning lack of memory.

So, I increased the heap size of the secure engine, adapted the mapping_sbsfu.ld to provide more memory to secure engine. And it passed.

Now, I disabled firewall for now just to check things are working.

Here are the changes I made:

In mapping_fwimg.ld:

__ICFEDIT_SLOT_Active_1_header__ = 0x08014000;
__ICFEDIT_SLOT_Active_1_start__  = 0x08015000;
__ICFEDIT_SLOT_Active_1_end__    = 0x080FFFFF;

/* Dwl slot #1 (472 kbytes) */
__ICFEDIT_SLOT_Dwl_1_start__     = 0x90000000;
__ICFEDIT_SLOT_Dwl_1_end__       = 0x900EAFFF;

Header is just after the SBSFU

in sfu_low_level_security.h

#define SFU_PROTECT_FWALL_NVDATA_ADDR_START ((uint32_t)(SB_REGION_ROM_END + 1))/*!< Firewall protection NVDATA
                                                                                           area START address*/
#define SFU_PROTECT_FWALL_NVDATA_SIZE       (SLOT_ACTIVE_1_HEADER)/*!< Firewall protection NVDATA area

Add more side for SE Heap

_Min_Heap_Size = 0x1800;

And in mapping_sbsfu.ld

__ICFEDIT_SE_region_RAM_end__       = 0x20003DFF;

I could make an update from external flash.

Now, I will need to reactivate firewall protection. May need to change some mappings.

Best regards

Jocelyn

jmcoreymv · ‎2024-11-22

Hi @Jocelyn RICARD

Thank you for looking into this further.

I didn't have a preference for mbedtls vs the ST_Crypto library, so I swapped over to the ST_Crypto library instead. That seems to have actually resolved the inconsistent failure issue I was having with SE_SP_SMUGGLE mentioned in this thread: https://community.st.com/t5/stm32-mcus-security/inconsistent-sbsfu-error-for-header-fw-signature-verification/m-p/746094#M7800

However, I did also make the changes you mentioned above to increase the amount of available UserApp space. I'm still seeing SE_SP_SMUGGLE error out when I make those changes:

Increase heap size: I tried 0x1800 first, then 0x4000, and updated the __ICFEDIT_SE_region_RAM_end__ accordingly.
Moved the active slot header and start to 0x08014000 and 0x08015000, respectively.
Updated SFU_PROTECT_FWALL_NVDATA_ADDR_START
Updated SFU_PROTECT_FWALL_NVDATA_SIZE: I tried setting it to SLOT_ACTIVE_1_HEADER as shown above, but this seems incorrect to me, so I changed it to be (SLOT_ACTIVE_1_START - SLOT_ACTIVE_1_HEADER).

After all these changes, it still fails to detect the FW in the new location:

= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
WARNING: A Reboot has been triggered by an Unknown reset source!
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: CHECK USER FW STATUS
No resume required : TRAILER_HDR_TEST not valid!
Slot SLOT_ACTIVE_1 not empty : erasing ...
No valid FW found in the active slots nor new FW to be installed
Waiting for the local download to start...
= [SBOOT] STATE: DOWNLOAD NEW USER FIRMWARE
File> Transfer> YMODEM> Send

Jocelyn RICARD · ‎2024-11-25

Hello @jmcoreymv ,

I join a zip file of the the L475 project from SBSFU package version 2.6.2

Projects\B-L475E-IOT01A\Applications\2_Images_ExtFlash\

It may help you finding where your issue is located

Best regards

Jocelyn

jmcoreymv · ‎2024-12-02

Hi @Jocelyn RICARD

Thanks for providing the modified example. I went through each of the modified files and compared/pulled-in the changes to my example project set targeting the STM32L4A6. When I rebuilt with those changes, it looks like the example is working now. I'm going to try and modify to support my actual project.

jmcoreymv · ‎2024-12-03

Hi @Jocelyn RICARD

I've been able to modify my actual project with the larger UserApp space available, and enabled the firewall protection mechanism. I'm running into a couple questions/issues:

1. I modified the SFU_PROTECT_FWALL_NVDATA_SIZE to be 0x1000 (SLOT_ACTIVE_1_START - SLOT_ACTIVE_1_HEADER), instead of just SLOT_ACTIVE_1_HEADER which was 0x8014000. Let me know if this seems correct to you or I am misunderstanding?

2. There's an overlap check in sfu_fwimg_common.c that I'm failing. I'm thinking it's because I'm no longer placing my NVDATA section in the middle of flash:

  if (((SFU_PROTECT_FWALL_NVDATA_ADDR_START - FLASH_BANK_SIZE) > SFU_PROTECT_FWALL_CODE_ADDR_START) ||
      ((SFU_PROTECT_FWALL_NVDATA_ADDR_START + SFU_PROTECT_FWALL_NVDATA_SIZE - FLASH_BANK_SIZE) <
       (SFU_PROTECT_FWALL_CODE_ADDR_START + SFU_PROTECT_FWALL_CODE_SIZE)))
  {
    TRACE("\r\n= [FWIMG] Firewall NVdata segment doesn't overlap firewall code segment\r\n");
    e_ret_status = SFU_IMG_INIT_FLASH_CONSTRAINTS_ERROR;
  }

In my case, it's the 2nd part that's failing as here is my configuration:

FLASH_BANK_SIZE: 0x80000
SFU_PROTECT_FWALL_CODE_ADDR_START: 0x8000200
SFU_PROTECT_FWALL_CODE_SIZE: 0x9400
SFU_PROTECT_FWALL_NVDATA_ADDR_START: 0x8014000
SFU_PROTECT_FWALL_NVDATA_SIZE: 0x1000

How should this check be modified to pass (vs just commenting it out entirely)?

3. I tried to move the SLOT_ACTIVE_1_START/HEADER locations to another location besides 0x08014000/0x08015000, and update the __ICFEDIT_SB_region_ROM_end__ accordingly, but when I try other locations, then the SBSFU fails to detect the FW image in Active slot 1, and ends up erasing it because it sees data in there. For example, I moved the header/start locations to 0x0801E000/0x08020000 and the SB_region_ROM_end to 0x0801DFFF without luck. I also just tried increasing those 3 values by 0x1000 without luck. I'm not sure if there's another parameter I need to modify as well?

In any case, this has been great progress!

Jocelyn RICARD · ‎2024-12-05

Hello @jmcoreymv ,

I'm sorry for late answer.

Your first point look very strange. I need to understand why it works when not changing.

At least your change looks good.

The second check that is not passing is normal.

It is supposed to make sure that NVData on second bank covers at least the same equivalent addresses on first bank so that if a bank swap is performed, no secrets can leak. In your case, you don't use this protection, so test should be removed.

When you move your slot 1 location, you need to make sure to rebuild everything (I guess you did but just in case). Also, you need to have same size for active slot and download slot. So, also modify external slot. I'm not sure this is the reason for your issue but worth checking. Usually when changing the mapping, issues come from MPU configuration. So, you need to have it disabled to start testing.

Best regards

Jocelyn