2021-09-27 07:20 PM
I am exploring the security feature of STM32WL55JC via Applications/BFU_1_Slot using latest firmware STM32Cube_FW_WL_V1.1.0
I am not sure what I am doing wrong and I have followed youtube and readme.txt. I was able to compile as below and upload STM32CubeProgrammer and RDP to 0 (AA).
Here is IDE output
07:28:47 **** Build of configuration Debug for project 1_Image_UserApp ****
make -j7 all
arm-none-eabi-size UserApp.elf
text data bss dec hex filename
25312 144 9928 35384 8a38 UserApp.elf
Finished building: default.size.stdout
"../../../1_Image_SECoreBin/STM32CubeIDE/postbuild.sh" ".." "./UserApp.elf" "./UserApp.bin" "1" "1"
prepareimage with python script
07:28:50 Build Finished. 0 errors, 0 warnings. (took 3s.330ms)
Below files are successfully created by postbuild.sh
-rw-r--r-- 1 username staff 25968 28 Sep 07:28 UserApp.sfb
-rw-r--r-- 1 username staff 89456 28 Sep 07:28 BFU_UserApp.bin
Below is minicom output from macOS and I could see same from TerraTerm too.
Welcome to minicom 2.8
OPTIONS:
Compiled on Jan 4 2021, 00:04:27.
Port /dev/tty.usbmodem1A124103, 07:39:35
Press Meta-Z for help on special keys
CCCCCC
Please advise.
2021-09-28 01:50 AM
Hello,
This C char looks like YMODEM protocol.
From the readme.txt in 1_Image_BFU project:
7. At startup (Power On or Reset button pushed) :
- Green LED blinks every 3 seconds when a local download is waited.
- Green LED blinks every 250 ms in case of error in option bytes configuration.
- 'C' is displayed when BFU is ready for a firmware image download. To be easily tailorable to 128 Kbytes footprint,
SFU_DEBUG_MODE compilation switch is disabled. As a consequence there is no print on terminal during BFU
execution.
So I guess it is expecting that you send a binary file from the binary folder using ymodem protocol.
2021-09-28 04:33 AM
@Mike_ST Thanks for guidance and I missed 7th section.
I have uploaded the file (BFU_1_Slot/1_Image_UserApp/Binary/UserApp.sfb) now via TerraTerm but I could not see below code working and suppose to display menu in the Serial Terminal.
BSP_LED_Init(LED_GREEN);
for (i = 0U; i < USER_APP_NBLINKS; i++)
{
BSP_LED_Toggle(LED_GREEN);
HAL_Delay(100U);
BSP_LED_Toggle(LED_GREEN);
HAL_Delay(100U);
BSP_LED_Toggle(LED_GREEN);
HAL_Delay(100U);
BSP_LED_Toggle(LED_GREEN);
HAL_Delay(100U);
}
/* If the SecureBoot configured the IWDG, UserApp must reload IWDG counter with value defined in the reload register*/
WRITE_REG(IWDG->KR, IWDG_KEY_RELOAD);
/* Configure Communication module */
COM_Init();
/* Configure button in EXTI mode */
BUTTON_INIT_EXTI();
printf("\r\n======================================================================");
printf("\r\n= (C) COPYRIGHT 2017 STMicroelectronics =");
printf("\r\n= =");
printf("\r\n= User App #%c =", *pUserAppId);
printf("\r\n======================================================================");
printf("\r\n\r\n");
/* User App firmware runs*/
FW_APP_Run();
while (1U)
{}
2021-09-28 07:14 PM
@Mike_ST I could see menu appears now only when I run the program from STM32CubeIDE but not from STM32CubeProgrammer by uploading the BFU_UserApp.bin. Looks like user application is not running at all
2021-09-30 07:03 PM
Any help would be great. As I could not see User App menu as per the given instructions in readme.txt. Is anyone else facing the same issue?
@par How to use it ?
Refer to BFU readme and follow steps by steps instructions.
Once executed, this user application gives access to a menu which allows:
1 - to download a new firmware : feature not supported in 1 firmware image example
2 - to test protections (WRP, IWDG, TAMPER)
3 - to demonstrate how to call user defined services running in Secure Engine
4 - to provide access to multiple images feature (not supported)
5 - to validate a firmware image at first start-up (not supported)
a - to demonstrate usage of key management services
1. Pressing 1 allows to download a new firmware.
Feature not supported in 1 firmware image example
2. Pressing 2 allows to test protections.
- CORRUPT IMAGE test (#1): causes a signature verification failure at next boot
- WRP test (#2): causes an error trying to erase write protected code
- IWDG test (#3): causes a reset simulating a deadlock by not refreshing the watchdog
- TAMPER test (#4): causes a reset if a tamper event is detected. In order to generate a tamper event,
user has to connect PC13 (CN7.23) to GND (It may be enough to put your finger close to PC13 (CN7.23)).
3. Pressing 3 allows to call user defined services running in Secure Engine.
As an example, after selecting the firmware image, SE_APP_GetActiveFwInfo service is called in order
to display the information located in the protected area such as version and size.
4. This menu is dedicated to multiple images feature.
Feature not available as there is no firmware download area.
5. This menu is dedicated to image validation.
Feature available under ENABLE_IMAGE_STATE_HANDLING compilation switch, not available in this example.
a. Pressing a allows to enter specific key management services test menu.
With this menu, you should be able to try encryption/decryption, signature/verification or key derivation mechanisms.
2021-09-30 09:23 PM
Build on macOS have some bug(s) as I could see all perfectly working fine on Windows 10. Basically, the issue is UserApp is not executing at all when you compile in macOS version of STM32CubeIDE.
2021-09-30 10:13 PM
Do you see the green LED blinking?
2021-10-01 01:48 AM
Yes. I see the green LED is flashing slowly.