2025-04-01 9:21 AM
Hello,
Thanks for all of the help so far. Another question, this one regarding SFI process for the STM32U5 series. In AN4992 section 3.3.1 for STM32L/U/W series, it describes a secure bootloader that is split into 2 parts, one of which is responsible for executing the SFI process.
Solved! Go to Solution.
2025-04-01 9:35 AM
Hello @aerosysdev ,
Part I yes, this is the secure code in system flash (RSS) executing when you enable the bootloader.
Part II the the RSSe: It is downloaded during SFI procedure. RSSe binary is coming now in the X-CUBE-RSSE
2. If yes, is the code for this secure bootloader available to ST Micro customers for analysis?
No. You don't need this. This is only used for SFI.
3. When we install our own SBSFU to be used for future OTA updates, does that overwrite and/or disable the SFI capability?
Yes it should. When using secure boot you should enable the unique boot entry option byte (BOOT_LOCK) and also RDP Level 1 at least, that will ensure that only your secure boot in user flash is executed.
Best regards
Jocelyn
2025-04-01 9:35 AM
Hello @aerosysdev ,
Part I yes, this is the secure code in system flash (RSS) executing when you enable the bootloader.
Part II the the RSSe: It is downloaded during SFI procedure. RSSe binary is coming now in the X-CUBE-RSSE
2. If yes, is the code for this secure bootloader available to ST Micro customers for analysis?
No. You don't need this. This is only used for SFI.
3. When we install our own SBSFU to be used for future OTA updates, does that overwrite and/or disable the SFI capability?
Yes it should. When using secure boot you should enable the unique boot entry option byte (BOOT_LOCK) and also RDP Level 1 at least, that will ensure that only your secure boot in user flash is executed.
Best regards
Jocelyn