STM32H7 SBSFU function resetAndInitializeSecureAreas parameter mismatch

Zmerc.1 · ‎2021-06-29

In STM32H7 reference manual:

Prototype void resetAndInitializeSecureAreas(RSS_SecureArea_t area);

but in SBSFU library V2.4.0 file "sfu_low_level_security_rss.h"

Prototype void (*resetAndInitializeSecureAreas)(uint32_t nbAreas, SFU_LL_RSS_SecureArea_t *areas);

The parameter is apparently different. Which one is correct?

Another question is in reference manual the function exitSecureArea must be called before jump

to user application, but in SBSFU library, the function exitSecureArea has never been called. Is it correct?

Thanks

Jocelyn RICARD · ‎2021-06-30

Hello,

For first question, the good prototype is from SBSFU as this is working fine. Also in RM information is incomplete, and should be updated.

For second question, the exitSecureArea() function was called until SBSFU version 3.0

After this version this was replaced by some code loaded into RAM that is doing the same in more secure way.

Best regards

Jocelyn

Zmerc.1 · ‎2021-07-10

Thanks, RICARD. I can not find SBSFU version 3.0 package on ST website, latest version is v2.5.0.

There is a macro define in file sfu_low_level_security_rss.h

#define SFU_LL_RSS ((SFU_LL_RSS_API_Table_t*)0x1FF09514)

Is the address for all STM32H7 serials? I am using STM32H735G-DK and the chip is STM32H735IGK6,

and new STM32H7 value line STM32H730.

Thanks in advanced.

Jocelyn RICARD · ‎2021-07-16

Hello,

I'm sorry for late answer, I missed the notification in all my mails ...

Yes, old SBSFU are no more available but information for this specific STM32H7 is not present because it is not part of the examples.

I know there was some evolution between STM32H75x and STM32H7Bx. So, with STM32H73x I prefer to check.

I had a look and couldn't actually find the information in the documentation.

I will try to find out relevant information for STM32H73x and come back to you

Best regards

Jocelyn

Jocelyn RICARD · ‎2021-07-16

Hello,

you actually have an example of using secure memory in the STM32CubeFW H7 in

STM32Cube_FW_H7_V1.9.0\Projects\STM32H735G-DK\Applications\HDP\

The example is not programming the secure area because this action is left to the STM32CubeProgrammer.

But you have the API needed.

Best regards

Jocelyn

Zmerc.1 · ‎2021-08-06

Thank you. Because exitSecureArea is not called in example project, if I set security memory, MCU will remain in security memory state and can not be accessed

by STM32CubeProgrammer. I have locked 2 pcs MCU.

I hope SBSFU 3.0 release ASAP.

Jocelyn RICARD · ‎2021-08-09

Hello,

I'm not sure what you did exactly. If you are talking about HDP example, exitSecureArea is called in HDP_Boot application. HDP_Appli should have previously been flashed.

Anyway, when security bit is set, you can only connect through JTAG in HOTPLUG mode. Connect under reset does not work anymore.

Best regards

Jocelyn

Zmerc.1 · ‎2021-08-09

I set secure memory in SBSFU example project, not in HDP example.

I debug function exitSecureArea and found GPIOA, GPIOB are reinitialised in the function.

I think it is a bug. In external flash loader project, GPIOA or GPIOB is configured as OSPI PINs,

if exitSecureArea reinitialse GPIOA GPIOB, OSPI will not work anymore.

Jocelyn RICARD · ‎2021-08-10

Hello,

this is maybe one of the reasons why SBSFU development team is not using this function anymore and is implementing the exit secure area feature through a RAM function call.

So, I would advice using latest SBSFU implementation.

Best regards

Jocelyn