SBSFU project structure and setup?

DHard.2 · ‎2021-10-27

Hi,

My question is about project structure.

To implement SBSFU what is the best or correct approach if I have a project that I would like to flash to a target incorporating SBSFU?

Import four project folders (SBSFU, SECoreBin, UserApp and MyProject) into a workspace in SMM32CubeIDE / Eclipse, compile individually to confirm clean builds then copy the source and header files into the UserApp project folder, then alter my project code and edit the makefile to blend the projects?

Or

Setup SBSFU for serial comms only (as detailed in - MOOC - Security Part6: STM32 security ecosystem)

and use Y-modem to flash MyProject.bin to the target (having signed MyProject.bin) using external tools.

Also

In the tutorial, batch scripts are used for post build processing which fail to run if the project folder setup is incorrect and requires a lot of editing. Is it best to start with the SBSFU folder structure and import MyProject into the “2_Images�? folder (presuming a 2 image bootloader is required)?

Any help/advice would be really appreciated.

Thanks

Frantz LEFRERE · ‎2021-10-27

Hello,

I would definitely advise to build the SECorebin and the SBSFU as it is.

Sorry but, I don't catch :

"Setup SBSFU for serial comms only (as detailed in - MOOC - Security Part6: STM32 security ecosystem)

and use Y-modem to flash MyProject.bin to the target (having signed MyProject.bin) using external tools."

Regarding your application, you have the complete process to adapt it to SBSFU context and some example script

MOOC - Security Part6: STM32 security ecosystem

Security Part6 - STM32 security ecosystem - 04 Experience SBSFU benefits

the associated material could be downloaded on this page !

https://www.st.com/content/st_com/en/support/learning/stm32-education/stm32-moocs/STM32_security_ecosystem.html

-> the script : 02_01_Postbuild_SimpleAppV1.bat generate a full image to be flashed (.bin) and the update file (.sfb).

The full image contains the SBSFU + the application while the update file is the application with metadata.

Doing this way, will bring you a better understanding of the overall mechanism and dependencies.

DHard.2 · ‎2021-10-28

Hi Frantz,

Thank you for your help.

Appologies for the confusion - 'Sorry but, I don't catch'.

It was a confusing way of saying flash the full image to the target using Tera Term.

I understand better now you suggested using the 02_01_Postbuild_SimpleAppV1.bat script.

DHard.2 · ‎2021-11-23

Hi Frantz,

I purchased an STMicro L4 board and successfully followed the tutorials “1 – 10 Security Part6 - STM32 security ecosystem without any problems.�?

I have a large bare metal project (50+ source and header files which compiles without errors) that I would like to secure using SBSFU and flash to a “STM32F769I-Discovery�? target using a 2_Images approach.

I am able to run “00_StartTeraTermM7.bat�?, “00_ResetM7Target.bat�? and “01_Flash_SBSFU_UserApp.bat�? and can navigate through the numbered options in Tera Term without any problems.

I have been editing the paths in the 02_01_Postbuild_SimpleAppV1.bat to fit my directory structure and also altering my directory structure to try to match the required paths in the script as you previously suggested but this does not currently produce a *.bin or *.sfb output as the script fails to find my *.elf file.

Importing the project using STM32CubeMX to produce the correct directory structure is not possible because we have HAL files that we can’t risk being overwritten.

This is our project directory structure.

I am unsure of the best way to alter / setup the project to work with SBSFU.

I have downloaded “STM32CubeExpansion_SBSFU_V2.5.0�?.

Is it best to place this folder in the project directory?

Is it best to edit the ‘postbuild’ script to point to the relevant directories (e.g. SBSFUBootLoader) or place the required directories in a specific location, or a mix of both strategies?

The SimpleApp project does not appear to reference ‘2_Images_SBSFU’, ‘2_Images_SECoreBin’ or ‘2_Images_UserApp.

Are the binaries created in ‘2_Images_UserApp’ concatenated with the new firmware build using the Postbuild script?

How would you setup the project?

Any help will be very much appreciated.

Thanks

DHard.2 · ‎2021-11-23

ranganath_b_rangaramu · ‎2024-03-08

Hi Dhard.2 and Frantz

Can you share me the above mentioned bat scripts. I tried downloading but could not get it anywhere.

Thanks

Frantz LEFRERE · ‎2024-03-08

Hi @ranganath_b_rangaramu ,

the associated material could be downloaded on this page

https://www.st.com/content/st_com/en/support/learning/stm32-education/stm32-moocs/STM32_security_ecosystem.html

Training materials

Training materials (slides, hands-on projects) can be downloaded from this link.

Then follow the installation pdf.

Best regards,

Frantz

ranganath_b_rangaramu · ‎2024-03-08

Hi @Frantz LEFRERE ,

Thank you for quick reply. I am not able to download it. Can you please attach here.

Regards,

Mikey

Frantz LEFRERE · ‎2024-03-08

Hi @ranganath_b_rangaramu

this is a simple google drive but you may have some restriction access.

I've sent it to you thanks our file transfer tool, please check your mail.

Br,

Frantz

ranganath_b_rangaramu · ‎2024-03-10

Hi @Frantz LEFRERE ,

Thank you. I got it. I have one more question regarding SBSFU.

I am trying to add a custom bootloader in SBSFU. But not able to figure it out how to do it. I changed memory for active slot area and used the same area for custom bootloader in both linker file of both SBSFU and custom bootloader application. But does not work as expected. Can you please guide me through this?

I need to add a Custom bootloader and trigger user application from it. What are the modification that I need to do for this. I am using STM32H753 board.