2024-11-29 01:05 AM
Hello,
I am programming with the STM32U575ZIT6 microcontroller, and I am trying to update the firmware in the secure zone. However, when I try to update the firmware in the secure zone, the function ret_arm=LOADER_FLASH_DEV_NAME.EraseSector(sector_address) in FW_UPDATE_DownloadNewFirmware(&fw_image_dwl_area) returns a value less than 0, which causes the update to fail. Performing the update in the non-secure zone works without any issues. I suspect the problem might be that LOADER_FLASH_DEV_NAME does not work properly in the secure zone, or that the firmware image area cannot be read correctly in the secure zone. Is there anything specific that needs to be enabled or configured for the secure firmware update to work?
2024-11-29 02:18 AM
Hello @Istillaga ,
if you are in a single slot configuration, you need to use the secure part of the loader to be able to write in secure area. If you use the example provided you will see that in such case the loader non secure will call a service of the loader secure.
Best regards
Jocelyn
2024-11-29 03:16 AM
Hello @Jocelyn RICARD,
I suppose you are referring to this part of the code in the loader:
#if defined(MCUBOOT_PRIMARY_ONLY)
if (sector_address < NS_IMAGE_PRIMARY_PARTITION_OFFSET)
{
ret_arm = SECURE_Flash_EraseSector(sector_address);
}
else
{
ret_arm = LOADER_FLASH_DEV_NAME.EraseSector(sector_address);
}
#else
ret_arm = LOADER_FLASH_DEV_NAME.EraseSector(sector_address);
#endif
Where SECURE_Flash_EraseSector is defined as:
CMSE_NS_ENTRY int32_t SECURE_Flash_EraseSector(uint32_t addr)
{
return LOADER_FLASH_DEV_NAME.EraseSector(addr);
}
As you can see, the same function is used in both cases. So I don't know what I should change.
However, I am not trying to implement this in the loader project. I am trying to update the application firmware in the secure application project using the firmware configurations with the overwrite method and using both the primary and secondary image slots.
2024-11-29 11:08 AM
Hell @Istillaga ,
if you have 2 slots configuration, I mean MCUBOOT_PRIMARY_ONLY is commented out, you will see the menu in user example to update from application.
In that case, both secure and non secure download slots are non secure and can be written by non secure application.
Best regards
Jocelyn
2024-11-29 11:17 AM
Hello @Jocelyn RICARD,
So yo cannot modify the two slots to be written by the secure application?If it were possible to write via the secure application, what would need to be modified?