FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secure Firmware (Re)Install by the end user on STM32U5 - how to?

Go to solution
TDJ
Senior III

‎2023-12-28 06:46 PM - edited ‎2023-12-29 01:07 AM

ST undoubtedly put lots of effort in building a complete and coherent solution supporting secure firmware install (SFI), even done by contract manufacturer (CM) independent from the original equipment manufacturer (OEM). See AN5054 and AN4992.

However, how can I use this solution, or even part of it, to allow the end user to update STM32U5 firmware once a new version becomes available, preferably using firmware image downloaded from my website and stored on USB pendrive? I imagine that such image could be generated based on the actual device "license" provided (uploaded) by the end user, but it is not a must.

Are there any examples, application notes, or presentations available on this subject?

Reading firmware file from the pendrive is not a problem, but what needs to happen next is.

Please advise.

Labels:
0 Kudos
25 REPLIES 25
Go to solution
TDJ
Senior III
In response to Jocelyn RICARD

‎2024-01-10 07:37 AM

@Jocelyn RICARD STM32U5 TFM App is no longer available on GitHub for this reason.
I am looking into the original, ARM-maintained TF-M.

0 Kudos
Go to solution
Jocelyn RICARD
ST Employee

‎2024-01-10 10:50 AM

Hi @TDJ,

if this is for evaluation, I would suggest using TFM and SBSFU provided as example in the CubeU5:

STM32Cube_FW_U5_V1.4.0\Projects\B-U585I-IOT02A\Applications\TFM\

STM32Cube_FW_U5_V1.4.0\Projects\B-U585I-IOT02A\Applications\SBSFU\

And if you want to use STM32CubeIDE, please use version 1.13.2. (The 1.14.0 has an issue when launching shell scripts containing pwd command ...)

Best regards,

Jocelyn

0 Kudos
Go to solution
TDJ
Senior III
In response to Jocelyn RICARD

‎2024-01-10 03:13 PM - edited ‎2024-01-11 01:06 AM

@Jocelyn RICARD I am not in evaluation mode. As quickly and effectively as possible I want to build a robust boot loader for a commercial solution. A boot loader has to meet my requirements and time to market counts a lot. For this reason I also evaluate the original Arm TF-M solution since it is and will be actively maintained, there is community supporting it and tech forum while ST, in general, currently does not seem to have enough corporate will and motivation to provide adequate maintenance of its free software. Even obvious syntax errors in HAL source code are not being immediately fixed - see here, point 1. Ofc, this is just a result of a lack of sufficient corporate-level sponsorship. By no means I blame the engineers.
ST makes great hardware, but in my view ST is a company which is yet to realize that these days great software matters just as much as great hardware.

Go to solution
Pavel A.
Evangelist III

‎2024-01-10 04:09 PM - edited ‎2024-01-10 04:23 PM

This is why we software consultants love ST so much. They keep our job security ))

 

I am looking into the original, ARM-maintained TF-M

 https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/

 

Go to solution
Jocelyn RICARD
ST Employee
In response to TDJ

‎2024-01-11 01:34 AM

Hello @TDJ,

I'm sorry, I misunderstood your "time to try".

Again, TF-M is not a secure boot solution, it uses a secure boot solution based on MCUBoot.

Best regards

Jocelyn

Go to solution
TDJ
Senior III
In response to Jocelyn RICARD

‎2024-01-11 03:16 AM - edited ‎2024-01-11 03:57 AM

@Jocelyn RICARD 
"TF-M consists of:
* Secure Boot to authenticate NSPE and SPE images"

source:
Introduction — Trusted Firmware-M

Top