FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SBSFU on STM32H743 SWAP_BANK

Go to solution
starmour
Associate II

‎2025-01-15 12:18 AM

I am new to SBSFU. I picked the NUCLEO-H753ZI project to try on a board with STM32H743. Everything seems to be running fine but ONLY when the SWAP_BANK is unchecked at startup. When it is checked before flashing, the board doesn't run as it was programmed at BANK2. We unchecked the SWAP_BANK as part of the boot sequence of the SBSFU which means it expects code to be at BANK1. I also noticed that the PCROP and WRP is unchecked for bank2. Please any idea if this is mainly an issue with STM32H743? If yes any idea how to resolve it?

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
STea
ST Employee
In response to starmour

‎2025-01-22 08:26 AM

Hello @starmour ,

The default optionbyte configuration is the same across new parts so the swap bank option byte will be disabled by default if that's your concern so you will be by default on bank 1.
Regards

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

View solution in original post

0 Kudos
8 REPLIES 8
Go to solution
STea
ST Employee

‎2025-01-21 07:07 AM

Hello @starmour ,

Are you trying the single image, 2 images or 2 images OSC project?

just note that H7 implementation of SBSFU uses the secure user memory. When only one user secure memory is set, boot is automatically set to this area, whatever the swap bank bit value.
here is the sate machine for H7 series boot: using SBSFU :

STea_0-1737468704462.png

check UM2262 section 5.3 for more details.

Regards

 

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
0 Kudos
Go to solution
starmour
Associate II
In response to STea

‎2025-01-21 07:42 AM - edited ‎2025-01-21 11:50 PM

I am trying the single image and 2 images. I ordered and received the evaluation board of the NUCLEO-H753ZI and I can see the same issue. It is nothing to do with the security feature as issue is from this call SFU_LL_SECU_SetFlashConfiguration which does the SWAP BANK. I can replicate the issue with the evaluation board too. All I have to do is:

1- go to STM32CubeProgrammer and enable the SWAP BANK bit.

2- Flash the SBSFU image which disable the SWAP_BANK as expected. However as we started with SWAP BANK enable, the image is in BANK2.

When I reboot, nothing runs until I go back to STM32CubeProgrammer and enable back the SWAP BANK bit.

I can also see that nWRP8 was unchecked and not nWRP0. Same with the PCROP which is enabled on AREA2.

All works fine when I flash the SBSFU image with SWAP_BANK disable which is not really something we expect to be done in production.

NB: As I am still debugging, I am NOT running it with SFU_FINAL_SECURE_LOCK_ENABLE. Hence unsure about the secure user memory as it seems to be available only when I have SFU_FINAL_SECURE_LOCK_ENABLE uncommented. I don't have that facility with STM32H743 anyway so I wonder if that will be an issue when I come to it. Thanks. 

Preview file
61 KB
Preview file
73 KB
0 Kudos
Go to solution
STea
ST Employee
In response to starmour

‎2025-01-22 05:57 AM

Hello @starmour ,

When enabled SWAP bank before downloading the firmware the app is running as expected and after terminating the debug session I 'have checked that the swap bank OB is still enabled.

I have tested this with a NUCLEO-H743ZI.

the steps where the following:

1-enable swap bank bit in cube programmer

2-opning a debug session which will trigger programming of the combined image of the 3 projects (i'm disabling protections in app_sfu.h file)

STea_0-1737553781203.png

3-run the app 

4-detache the debugger and recheck the OB of swap bank with Cube programmer which is still set and not cleared by SBSFU 

Could you confirm that following these steps you still have the same issue?

Regards

 

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
0 Kudos
Go to solution
starmour
Associate II
In response to STea

‎2025-01-22 06:48 AM

I am unsure I understand where we are heading. 

"2-opening a debug session which will trigger programming of the combined image of the 3 projects". How do we do this please as might be handy for future?

My current issue does not need the User app part. I am just concentrating into the SBSFU project which is the bootloader.

I am using:

1. the NUCLEO-H753ZI although I have same issue with my main board which is fitted with STM32H743.

2. STM32CubeExpansion_SBSFU_V2.6.2 Example code of the NUCLEO-H753ZI

The code disabling the SWAP is always ran except if you uncomment this line in app_sfu.h file #define SECBOOT_DISABLE_SECURITY_IPS

I commented the protections which you have shown and flash my SBFU code and the SWAP BANK is showing disabled after I started it with it enabled. This is right as code goes into the SFU_LL_SECU_SetFlashConfiguration which disables the SWAP BANK

starmour_0-1737556861122.png

starmour_1-1737556926432.png

My understanding is that when we change the SWAP_BANK bit, the board must be reset otherwise everything is done with previous configuration. In my example setup, the code is flashed on BANK 2 as I started with SWAP_BANK enabled. As soon as we reboot, no code runs as it is looking at BANK1. I know all this because when I go back in stm32cubeprogrammer and enable back the SWAP_BANK, the code runs again.

starmour_2-1737557274201.png

starmour_3-1737557309443.png

Can you replicate what I explained please?

 

0 Kudos
Go to solution
STea
ST Employee
In response to starmour

‎2025-01-22 07:11 AM

Hello @starmour ,

"My understanding is that when we change the SWAP_BANK bit, the board must be reset otherwise everything is done with previous configuration. In my example setup, the code is flashed on BANK 2 as I started with SWAP_BANK enabled. As soon as we reboot, no code runs as it is looking at BANK1. I know all this because when I go back in stm32cubeprogrammer and enable back the SWAP_BANK, the code runs again."
this is correct and expected I think as the first installation of SBSFU is done on bank2 so if you want to work with swap bank enabled and without the need to reset the swap bank bit this OB reprogramming form SBSFU side shouldn't be done.

is this what you are expecting?
Regards

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
0 Kudos
Go to solution
starmour
Associate II
In response to STea

‎2025-01-22 07:16 AM - edited ‎2025-01-22 07:19 AM

Enabling the SWAP BANK in stm32cubeprogrammer was part of my test as I don't think every boards will have the default as unchecked. I just think it is a flaw currently with your example as it means we need to flash every boards twice to be 100% sure we are in BANK 1. I was hoping that there will be a solution to this issue apart from hoping that SWAP BANK is unchecked on all boards that will be flashed.

0 Kudos
Go to solution
STea
ST Employee
In response to starmour

‎2025-01-22 08:26 AM

Hello @starmour ,

The default optionbyte configuration is the same across new parts so the swap bank option byte will be disabled by default if that's your concern so you will be by default on bank 1.
Regards

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
0 Kudos
Go to solution
starmour
Associate II
In response to STea

‎2025-01-22 09:02 AM

My point is that we are relying that all new parts will be like you said and old parts would not have been changed. In summary, there is no solution when by any accident SWAP BANK is enabled before flashing the bootloader. The code in SFU_LL_SECU_SetFlashConfiguration is practically useless as we are relying on hardware to have SWAPO BANK disabled already.

0 Kudos
Top