Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- STMicroelectronics Community
- STM32 MCUs
- STM32 MCUs Security
- SBSFU STM32U585 series with CMake toolchain
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SBSFU STM32U585 series with CMake toolchain
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2025-09-12 1:00 AM
Hi everyone,
I'm working on integrating the SBSFU (Secure Boot and Secure Firmware Update) into an existing project for a custom board using an STM32U585 microcontroller.
At this stage of the project, I am trying to include the SBSFU_Boot (https://github.com/STMicroelectronics/STM32CubeU5/tree/main/Projects/B-U585I-IOT02A/Applications/SBSFU) to my firmware, in order to be able to create a more secure and upgradable environment.
My goal is to successfully build and run the SBSFU_Boot bootloader from the ST example using my CMake toolchain, so it can eventually load my existing Secure/Non-Secure application.
I have successfully configured CMake to compile the SBSFU_Boot project without any errors. However, after flashing the compiled binary to the microcontroller, the device fails to boot. The bootloader doesn't seem to execute at all.
This issue appears to be related to migrating the build configuration from the provided CubeIDE project to my CMake environment, as the original example works on the ST development kit.
Could anyone who has experience with SBSFU on CMake toolchain offer some advice? Specifically, I'm looking for guidance on:
The essential steps to replicate the CubeIDE build process for SBSFU in CMake.
Any common pitfalls or required compiler flags for building the STM32U585 SBSFU bootloader outside of CubeIDE.
Thank you in advance for your support,
Eros
Labels:
- Labels:
-
SBSFU
-
STM32 Security
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2025-09-12 1:50 AM
Hello @erosghignoni ,
I made the same adaptation for a customer some time ago.
When secure boot has finished its execution, it first closes the HDP (Hide Protection)
This is the purpose of first line of this code
void LL_SECU_UpdateRunTimeProtections(void)
{
/* Enable HDP protection to hide sensible boot material */
enable_hdp_protection();
/* Set MPU to enable execution of Secure and Non Secure active slots */
mpu_appli_cfg();
}After the first call, the whole flash area of mcuboot is made inaccessible... except for the code running in ".BL2_NoHdp_Area"
This is where the issue comes from: We have a linker region defined like following in stm32u5xx_bl2.ld
.BL2_NoHdp_Area :
{
KEEP(*(.BL2_NoHdp_Data))
KEEP(*(.BL2_NoHdp_Code))
*mpu_armv8m_drv.o (.text* .rodata*)
KEEP(*(.BL2_Error_Code))
__hdp_end__ = .;
} > FLASH_NOHDP
Issue is that cmake is creating object files like mpu_armv8m_drv.c.obj
So, the line with mpu_armv8m_drv.o does not match.
Just changing it with
*mpu_armv8m_drv* (.text* .rodata*)Will solve the issue.
Be careful that you need to launch a prebuild command to generate a output.ld file that is the one actually used for linking.
After the change and rebuild, you can check in the map file that mpu_armv8m_drv.c related functions are put at the right location:
*(.BL2_NoHdp_Code)
.BL2_NoHdp_Code
0x0c018130 0x22c CMakeFiles/SBSFU_Boot.dir/Src/boot_hal.c.obj
0x0c018130 boot_jump_to_next_image
0x0c018156 boot_jump_to_ns_image
0x0c01817c boot_clear_bl2_ram_area
0x0c018194 boot_clean_ns_ram_area
0x0c0181dc execute_loader
0x0c018270 boot_platform_quit
.BL2_NoHdp_Code
0x0c01835c 0x318 CMakeFiles/SBSFU_Boot.dir/Src/low_level_security.c.obj
0x0c018394 LL_SECU_UpdateLoaderRunTimeProtections
0x0c018570 LL_SECU_UpdateRunTimeProtections
0x0c018650 TAMP_IRQHandler
*mpu_armv8m_drv*(.text* .rodata*)
.text.mpu_armv8m_enable
0x0c018674 0x34 CMakeFiles/SBSFU_Boot.dir/Src/mpu_armv8m_drv.c.obj
0x0c018674 mpu_armv8m_enable
.text.mpu_armv8m_check
0x0c0186a8 0x34 CMakeFiles/SBSFU_Boot.dir/Src/mpu_armv8m_drv.c.obj
0x0c0186a8 mpu_armv8m_check
.text.mpu_armv8m_region_enable
0x0c0186dc 0x5e CMakeFiles/SBSFU_Boot.dir/Src/mpu_armv8m_drv.c.obj
0x0c0186dc mpu_armv8m_region_enable
.text.mpu_armv8m_region_enable_check
0x0c01873a 0x56 CMakeFiles/SBSFU_Boot.dir/Src/mpu_armv8m_drv.c.obj
0x0c01873a mpu_armv8m_region_enable_checkWith this change your setup should work like with STM32CubeIDE
Best regards
Jocelyn
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2025-09-12 6:10 AM
Hi, thank you so much for your quick response.
I tried your suggestion but I am not able to start the bootloader.
Here the map file section (I've just disabled the tamper
#define TFM_TAMPER_ENABLE NO_TAMPER)
.BL2_NoHdp_Area
0x0c018000 0x7d4
*(.BL2_NoHdp_Data)
.BL2_NoHdp_Data
0x0c018000 0x130 CMakeFiles/SBSFU_Boot.dir/SBSFU_Boot/Src/low_level_security.c.obj
0x0c018000 sau_load_cfg
0x0c0180a0 region_cfg_appli_ns
0x0c01810c region_cfg_appli_s
*(.BL2_NoHdp_Code)
.BL2_NoHdp_Code
0x0c018130 0x22c CMakeFiles/SBSFU_Boot.dir/SBSFU_Boot/Src/boot_hal.c.obj
0x0c018130 boot_jump_to_next_image
0x0c018156 boot_jump_to_ns_image
0x0c01817c boot_clear_bl2_ram_area
0x0c018194 boot_clean_ns_ram_area
0x0c0181dc execute_loader
0x0c018270 boot_platform_quit
.BL2_NoHdp_Code
0x0c01835c 0x2f4 CMakeFiles/SBSFU_Boot.dir/SBSFU_Boot/Src/low_level_security.c.obj
0x0c018394 LL_SECU_UpdateLoaderRunTimeProtections
0x0c018570 LL_SECU_UpdateRunTimeProtections
*mpu_armv8m_drv*(.text* .rodata*)
.text.mpu_armv8m_enable
0x0c018650 0x34 CMakeFiles/SBSFU_Boot.dir/SBSFU_Boot/Src/mpu_armv8m_drv.c.obj
0x0c018650 mpu_armv8m_enable
.text.mpu_armv8m_check
0x0c018684 0x34 CMakeFiles/SBSFU_Boot.dir/SBSFU_Boot/Src/mpu_armv8m_drv.c.obj
0x0c018684 mpu_armv8m_check
.text.mpu_armv8m_region_enable
0x0c0186b8 0x5e CMakeFiles/SBSFU_Boot.dir/SBSFU_Boot/Src/mpu_armv8m_drv.c.obj
0x0c0186b8 mpu_armv8m_region_enable
.text.mpu_armv8m_region_enable_check
0x0c018716 0x56 CMakeFiles/SBSFU_Boot.dir/SBSFU_Boot/Src/mpu_armv8m_drv.c.obj
0x0c018716 mpu_armv8m_region_enable_check
*(.BL2_Error_Code)
.BL2_Error_Code
0x0c01876c 0x68 CMakeFiles/SBSFU_Boot.dir/SBSFU_Boot/Src/boot_hal.c.obj
0x0c01876c Error_Handler
0x0c0187d4 __hdp_end__ = . The SECBOOTADD0 OptionByte is set at Value 0x1800c0 and Address 0x0c006000 (as suggested by the example).
Trying with the debugger, it seems that the microcontroller is stuck at instruction address 0x0c01876c (Error_Handler).
I would like to ask you if you have some suggestions or if you have some CMake file template that you can provide me.
Thank you so much for your time and best regards
Eros
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2025-09-12 9:28 AM
Hello @erosghignoni ,
It looks like you didn't launch the installation scripts (regression.sh and SBSFU_Update.sh) that setup the option bytes properly. I would guess that secure watermarks are not setup correctly.
I would suggest being first familiar with the SBSFU through STM32CubeIDE, make it work so that you have a working setup that you can use for comparison.
Best regards
Jocelyn
Related Content
- OSPI_NOR_MemoryMapped example on STM32U5x9J-DK returns garbage on read in STM32 MCUs Embedded software
- Same code for CubeIDE and Keil uVision in STM32 MCUs Embedded software
- Counting Six External Pulse Inputs Using Timers on STM32U575ZIT6Q in STM32 MCUs Products
- Generated uVision Project File is corrupted in STM32CubeMX (MCUs)