cancel
Showing results for 
Search instead for 
Did you mean: 

STM32U5 SFI Function

aerosysdev
Associate

Hello,

Thanks for all of the help so far.  Another question, this one regarding SFI process for the STM32U5 series. In AN4992 section 3.3.1 for STM32L/U/W series, it describes a secure bootloader that is split into 2 parts, one of which is responsible for executing the SFI process. 

  1. Are these secure bootloader parts pre-installed in system memory by ST as part of your manufacturing & provisioning process?
  2. If yes, is the code for this secure bootloader available to ST Micro customers for analysis?
  3. When we install our own SBSFU to be used for future OTA updates, does that overwrite and/or disable the SFI capability?

 

1 ACCEPTED SOLUTION

Accepted Solutions
Jocelyn RICARD
ST Employee

Hello @aerosysdev ,

  1. Are these secure bootloader parts pre-installed in system memory by ST as part of your manufacturing & provisioning process?

Part I yes, this is the secure code in system flash (RSS) executing when you enable the bootloader.

Part II the the RSSe: It is downloaded during SFI procedure. RSSe binary is coming now in the X-CUBE-RSSE

 

      2. If yes, is the code for this secure bootloader available to ST Micro customers for analysis?

No. You don't need this. This is only used for SFI.

 

     3. When we install our own SBSFU to be used for future OTA updates, does that overwrite and/or disable the SFI capability?

Yes it should. When using secure boot you should enable the unique boot entry option byte (BOOT_LOCK) and also RDP Level 1 at least, that will ensure that only your secure boot in user flash is executed.

Best regards

Jocelyn

View solution in original post

1 REPLY 1
Jocelyn RICARD
ST Employee

Hello @aerosysdev ,

  1. Are these secure bootloader parts pre-installed in system memory by ST as part of your manufacturing & provisioning process?

Part I yes, this is the secure code in system flash (RSS) executing when you enable the bootloader.

Part II the the RSSe: It is downloaded during SFI procedure. RSSe binary is coming now in the X-CUBE-RSSE

 

      2. If yes, is the code for this secure bootloader available to ST Micro customers for analysis?

No. You don't need this. This is only used for SFI.

 

     3. When we install our own SBSFU to be used for future OTA updates, does that overwrite and/or disable the SFI capability?

Yes it should. When using secure boot you should enable the unique boot entry option byte (BOOT_LOCK) and also RDP Level 1 at least, that will ensure that only your secure boot in user flash is executed.

Best regards

Jocelyn