FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SBSFU on STM32H743 Enabling SFU_MPU_PROTECT_ENABLE is stopping USB working

starmour
Associate II

‎2025-01-16 07:56 AM

I have the NUCLEO-H753ZI example running on my board. All works fine without the security features. When I enable both the SFU_MPU_PROTECT_ENABLE and SFU_IWDG_PROTECT_ENABLE. I keep having a watchdog when it tries to execute the firmware. I commented the #define SFU_IWDG_PROTECT_ENABLE and enable the SFU_VERBOSE_DEBUG_MODE. It gets stuck  at verifying the user FW as shown below.

= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
INFO: A Reboot has been triggered by a Hardware reset!
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: CHECK USER FW STATUS
A FW is detected in the slot SLOT_ACTIVE_1
= [SBOOT] STATE: VERIFY USER FW SIGNATURE

When I breakpoint I can see that it is stuck at this as USB stops running after the first SFU_LL_SECU_SetProtectionMPU call which is the SFU_INITIAL_CONFIGURATION.

TRACE(" @%d:%x size:%x sub:%x perm:%x exec:%x\r\n",

MPU_InitStruct.Number, MPU_InitStruct.BaseAddress, MPU_InitStruct.Size, MPU_InitStruct.SubRegionDisable,

MPU_InitStruct.AccessPermission, MPU_InitStruct.DisableExec);

I added an if to only call that TRACE when uStep == SFU_INITIAL_CONFIGURATION. However although it carries on, it just confirms that it s causing the firmware to get stuck as well. Everything is fine when I make sure my usb is not connected when I boot the board.

Any ideas how to resolve this please?

 

Labels:
0 Kudos
3 REPLIES 3
STea
ST Employee

‎2025-01-22 05:57 AM

Hello @starmour ,

I'm enabling both MPU and IWDG protections but don't get stuck in reset loop.

STea_1-1737554026892.png

Could you please give more details about the steps that you have followed to try and reproduce this from my side.

Are you downloading firmware using CubeProgrammer or with the debugger throw CubeIDE .

Have you done other changes to the project?

can you try with a new clean project and tell me if that makes a difference?

Regards

 

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
0 Kudos
starmour
Associate II
In response to STea

‎2025-01-24 12:37 AM - edited ‎2025-01-24 12:38 AM

Your example works fine as you are using UART. I am using instead of UART the USB DEVICE -> USB OTG HS. I put a macro everywhere you call the UART in your example to use the USB. Eg

1.

#ifdef USB_OTG_HS_ENABLE

return MX_USB_DEVICE_Init();

#else

return SFU_LL_UART_Init();

#endif /* USE_USB_COMM */

2. I did similar for SFU_LL_UART_Transmit and for the ymodem receive

3. In SFU_LL_SECU_SetProtectionDMA I skipped __HAL_RCC_USB1_OTG_HS_CLK_DISABLE when USB_OTG_HS_ENABLE is defined

4. In SFU_LL_SECU_ActivateSecUser, I am not sure if it is important to do but I did add then when USB_OTG_HS_ENABLE is defined, __HAL_RCC_USB1_OTG_HS_CLK_DISABLE() where you have SFU_UART_CLK_DISABLE().

The User App was changed the same way. 

To currently make it work I stopped calling SFU_LL_SECU_SetProtectionMPU when I am in debug mode

SFU_ErrorStatus SFU_LL_SECU_SetProtectionMPU(uint8_t uStep)

{

#if defined(SFU_DEBUG_MODE)

if (USB_CONNECTED) {

/* Execution stopped if flow control failed */

FLOW_CONTROL_STEP(uFlowProtectValue, FLOW_STEP_MPU, FLOW_CTRL_MPU);

return SFU_SUCCESS;

}

#endif /* SFU_DEBUG_MODE */

USB_CONNECTED is the input USB VBUS showing that USB is connected.

 

 

 

 

 

 

0 Kudos
Jocelyn RICARD
ST Employee

‎2025-01-28 01:39 AM

Hello @starmour ,

one possible issue could be that MPU configuration does not give access to system flash where some factory data is written.

So, I would suggest adding a MPU region that gives read access over system flash.

Best regards

Jocelyn

0 Kudos
Top