2024-09-27 05:18 AM - last edited on 2024-09-27 11:11 AM by Tesla DeLorean
Hello to all,
I was wondering if there was a way to implement a secure update via USB stick using X-CUBE-SBSFU software.
Moreover, the application software would be installed on external flash, custom bootloader immutable in internal flash.
Maybe installing the new application with my custom bootloader and then letting secure boot do all the security verifications after triggering a system reset?
Sorry if it sounds a silly question but I am quite new to this complex topic.
Thanks!
Solved! Go to Solution.
2024-09-27 08:53 AM
Hello @i2399 ,
the STM32H750 is a bit specific because it contains only one 128KB flash sector.
The code is executed in place in external flash, so code confidentiality is not possible.
Also, when executing your application it is not possible to write in the same external flash. This means that application cannot download itself a new firmware and write it in the flash.
The example is provided with a loader located after the SBSFU in the same 128KB sector.
You can update this loader to have a USB host mass storage implementation that is able to read a file in the USB stick and write it to the download slot in external flash.
Then once update file is completely transfered, you can reset the chip and SBSFU will securely install the new image in the execution slot.
The SBSFU will check the integrity and authenticity of the firmware. This means computing the hash of the firmware and also checking a signature with a public key.
Best regards
Jocelyn
2024-09-27 06:28 AM
Define secure. What does this mean for you?
2024-09-27 06:45 AM
Hello Pavel,
in my case it means that the new image should be encrypted and decryptable with a secret key, and that I can verify that the image is not corrupted, for example with a SHA256.
Thanks for your time.
2024-09-27 08:53 AM
Hello @i2399 ,
the STM32H750 is a bit specific because it contains only one 128KB flash sector.
The code is executed in place in external flash, so code confidentiality is not possible.
Also, when executing your application it is not possible to write in the same external flash. This means that application cannot download itself a new firmware and write it in the flash.
The example is provided with a loader located after the SBSFU in the same 128KB sector.
You can update this loader to have a USB host mass storage implementation that is able to read a file in the USB stick and write it to the download slot in external flash.
Then once update file is completely transfered, you can reset the chip and SBSFU will securely install the new image in the execution slot.
The SBSFU will check the integrity and authenticity of the firmware. This means computing the hash of the firmware and also checking a signature with a public key.
Best regards
Jocelyn
2024-09-27 09:13 AM
Jocelyn,
I think this is what I was looking for.
Thank you and have a great weekend!
Ivan
2024-09-27 10:43 AM
My preference is for elliptic curve signing on SHA256 / HASH, that way the private key doesn't need to live in the target.
Now while if you run from QSPI, that content will be recoverable, you could move your crypted image directly from USB to QSPI, and then decrypt portions to run from RAM.
There are other H7 series parts that support OSPI and on-the-fly decryption methods for XIP
2024-09-30 09:57 AM
Thanks Tesla DeLorean for your input, at the moment we are forced to stay with H750 but I will consider those options for future projects
Decrypting portions of code to run from RAM sound a bit complicated though.
Best regards,
Ivan