SBSFU on STM32G0 not able to resume update after interruption

Markus Schwarzl · ‎2024-12-20

Hi!

I'm succesfully using SBSFU 2.6.2 on a STM32G474 with SECBOOT_ECCDSA_WITHOUT_ENCRYPT_SHA256.

Now in another project I wanted to use the same SBSFU configuration on a STM32G0B0 but as this MCU is much less performant I switched to SECBOOT_AES128_GCM_AES128_GCM_AES128_GCM to get faster startup and installation times. But during testing now we happily found out before releasing that with this configuration the installation process does not resume if it is interrupted e.g. by a power-loss. I tried with and without swap-area and also with and without user-validation. Using SECBOOT_ECCDSA_WITHOUT_ENCRYPT_SHA256 works as expected. It fails during startup and does not resume the update. As the application is already partially updated it then fails to verify and deletes the image, which is the worst case as any update is then impossible (except loader in SBSFU, which requires wired connection).
I figured out that somehow during CheckTrailerMagic() the "magic" is all 0xFF which is not allowed. This "magic" value is written in WriteTrailerHeader() already with all 0xFF as it is build from the FW-states (?) which are not used if user-validation is disabled...? Not sure if I have a misunderstanding somewhere or where the issue has its root cause as I do not see any link to the cryptp-scheme at those code locations...

Best regards,

Markus Schwarzl

Jocelyn RICARD · ‎2024-12-20

Hello @Markus Schwarzl ,

this is strange that recovery process depends on the crypto scheme. Need to check that.

One workaround could be to come back to ECDSA which is much more robust solution, and make sure that signature verification is done only once.

For security reason this check is done at least twice but may be more. You can add a trace in the code to check this and the remove the multiple calls.

Not sure you will reach same performance as with AES GCM but will definitely improve performance

Best regards

Jocelyn