FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secure Firmware update

Go to solution
Rajendra_2002
Associate

‎2026-01-01 9:30 PM - last edited on ‎2026-01-02 5:43 AM by

I am working with the STM32U585RIT6 and need to implement a secure firmware update. In my application code, I don’t want to handle flash management or low-level update logic. I only want to generate a secure binary file and perform the update.
I reviewed the SBSFU and X-CUBE-SFI examples. The X-CUBE-SFI solution requires a license and an HSM card, which I do not want to use. The SBSFU example available under B-U585I-IOT02A/Projects/Application/SBSFU involves multiple procedures and is somewhat difficult to understand.
Given these constraints, how should I approach implementing a secure firmware update?

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
TDK
Super User

‎2026-01-02 6:43 AM

If you don't want to write your own library, you're going to be limited to the available solutions. I would suggest spending more time trying to understand those.

Doing a "secure" update is going to be more complicated that just uploading a firmware binary file to the chip.

If you feel a post has answered your question, please click "Accept as Solution".

View solution in original post

2 REPLIES 2
Go to solution
TDK
Super User

‎2026-01-02 6:43 AM

If you don't want to write your own library, you're going to be limited to the available solutions. I would suggest spending more time trying to understand those.

Doing a "secure" update is going to be more complicated that just uploading a firmware binary file to the chip.

If you feel a post has answered your question, please click "Accept as Solution".
Go to solution
Bubbles
ST Employee

‎2026-01-05 2:28 AM - edited ‎2026-01-05 2:30 AM

Hi @Rajendra_2002 ,

the SFI is secure firmware install, not update. It's intended to secure manufacturing when outsourcing production. I'm not sure if you need this.

The SBSFU example in the Cube package is really a relatively easy one. It's complete with secure boot, which is a really important if you are serious about the overall product security.

The question you need to ask yourself is about the purpose of the security. What is the cost of your security countermeasures breached, firmware exposed and device hijacked? Knowing this, you can determine how much time, effort and money you need to spend on securing the product.

Maybe your customer or boss simply needs to meet a certification criteria. Then you have to look for solution that matches the criteria.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Top