Showing results for 
Search instead for 
Did you mean: 

Security Engine fails to pass tag authentication of the uploaded application image.


For some reason bootloader fails to pass image tag authentication. SE_AuthenticateFW_Finish(pSeStatus, fw_tag_output, (int32_t *)&fw_tag_len). returns SFU_SUCCESS status. However, compare to the tag retrived from image header located in MCU flash is failed:

if (MemoryCompare(fw_tag_output, fw_tag, SE_TAG_LEN) != SFU_SUCCESS)

Validated, that the tag compiled and incorporated into sfb image is exactly matching the one retrieved by SE mechanism from application image header located in MCU flash. Despite this, tag verification fails.

Also, all chanks of image are passing authentication correctly SE_AuthenticateFW_Append(pSeStatus, fw_image_chunk, (int32_t)fw_chunk_size,

                          fw_chunk, (int32_t *)&fw_chunk_size);

We are using CubeMX IDE environment Version: 1.10.1

Build: 12716_20220707_0928 (UTC)

Jocelyn RICARD
ST Employee

Hello @APann.3​,

we solved your issue through direct support with OLS.

Up to you to share or not how this was solved.

Best regards


Hello Jocelyn,

I am experiencing a similar issue to APann with the SE_AuthenticateFW_Finish function. Specifically, after successfully writing the update SFB firmware to an external EEPROM and passing all other checks, I encounter a discrepancy during authentication. The SE_AuthenticateFW_Finish function returns a false key instead of the correct one obtained from the SFB.

Interestingly, when using the full .bin firmware, everything functions as expected, and the SE_AuthenticateFW_Finish function returns the correct tag.

I would greatly appreciate it if you could provide me with an explanation or any insights into this issue. Your expertise in this matter would be immensely helpful in resolving the authentication discrepancy.

Best regards,


Jocelyn RICARD
ST Employee

Hello @NAndreadakis ,

the previous issue was related to the way sfb image was created. Probably not the same issue on your side.

I would suggest comparing the sfb binary content loaded into your external memory and the actual sfb to check if transfer was performed successfully. Then, you can check the output of decryption if it is the same of the original binary in clear. Checking first bytes and end bytes is enough.

Best regards


Associate III