FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SBSFU with Trust Zone on U575STM32 ?

Nicholas Parker
Associate II

‎2026-02-01 2:57 PM - last edited on ‎2026-02-02 3:17 AM by

Hello,

I'm looking for some advice on how to progress, beginning from a fairly novice position, with a secure bootloader.  I'm beginning a project where at least a secure update process (where the existing application does the update) is desired.  Ideally I'd have an encrypted and signed application updates being delivered to my target application and put that away in flash, then reset the MCU and have a bootloader validate / process the update.

I've found Zephyr and had a small play with the MCUBoot -- its seem pretty cool,  though I also found that some combinations of options created interesting build failures that were confusing.  I've just stumbled across the SBSFU project - which appears to utilise some of MCUBoot, but I'm having a slow time making sense of it, with its half a dozens projects and plethora of source files. 

If there is not a STM project that can be configured and directly used on the U575 -- I'm hoping there is at least an overview / walk through of this project somewhere (potentially with diagrams) explaining what role each project has and how its works, how to port it (whats needed), how build it etc?  And maybe a walk through of producing an update and deploying it.

Its not clear to me if this project can be used on a non-crypto MCU as the example appears to be for the 585 and it looked like HW crypto was involved.

Kind regards, Nick

Labels:
0 Kudos
1 REPLY 1
Nicholas Parker
Associate II

‎2026-02-01 7:41 PM

On the subject of trying to build SBSFU projects, and while I still dont know how to use the files that get built yet...I seem to have a couple of issues with building.   I'd like to understand the corrrect solution for this :-

(I know I can uncheck the option in project/Miscellaneous, but I dont understand why the GCC that ships with cube IDE doesnt seem to support the '-fcyclomatic-complexity' option thats configured in the CubeU5 projects -- am I ovelooking something ?  Have I installed something incorrectly? )

 

arm-none-eabi-gcc: error: unrecognized command-line option '-fcyclomatic-complexity

make[1]: *** [Middlewares/mcuboot/subdir.mk:73: Middlewares/mcuboot/bl2_main.o] Error 1

make[1]: *** Waiting for unfinished jobs....

make[1]: *** [Middlewares/mcuboot/subdir.mk:75: Middlewares/mcuboot/bootutil_misc.o] Error 1

arm-none-eabi-gcc: error: unrecognized command-line option '-fcyclomatic-complexity'

 

 

So if I run 'where arm-none-eabi-gcc' I get this -- it seems correct?
C:\ST\STM32CubeIDE_2.0.0\STM32CubeIDE\plugins\com.st.stm32cube.ide.mcu.externaltools.gnu-tools-for-stm32.13.3.rel1.win32_1.0.100.202509120712\tools\bin\arm-none-eabi-gcc.exe

If I turn the cyclomatic complexity option off -- files compile nicely....but things fall over again at the the post build
step.

 

18424 160 3224 21808 5530 SBSFU_Loader_NonSecure.elf

"../../postbuild.sh" "." "nonsecure"

HOST OS : Windows detected

C:/__nick/ST/STM32CubeU5/Projects/B-U585I-IOT02A/Applications/SBSFU/SBSFU_Loader/STM32CubeIDE/NonSecure/Release

HOST OS : Windows detected

Usage: imgtool.exe ass [OPTIONS] INFILE OUTFILE

Try 'imgtool.exe ass -h' for help.

 

Error: Invalid value for '-o' / '--optional-size': -i is not a valid integer. prefixed with 0b/0B, 0o/0O, or 0x/0X as necessary.

postbuild.sh failed

 

0 Kudos
Top