I'm migrating from an F4. So this is all new to me. Need help getting started.
I currently have:
- A primary bootloader. It checks the application flash for a stored signature every boot
- An application flash. It's up to 896KB.
- 2MB Flash, two banks for flash. When I update I alternate the banks. This is mainly done manually and not using an bank selection.
- All sectors are 128KB which wastes a lot of flash because my bootloader is near 20KB.
- My firmware updates OTA/FOTA over Wifi. Because I don't have external flash, I need to download blocks to the alternate bank, collect all, and check them for completeness. The bootloader will check them next boot.
I've been studying the iROT, uROT, RSS, SFU, Product State, Debug Authentication.
- SFU is not for me. I don't need strong security at a contract manufacturer. Not yet. We program in house
- I think there might be a way for me to get rid of the flash authenticity of the primary bootloader. I feel like this is part of what iROT or uROT does?
- I need Readout Debug Protection and to shut SWD down for typical use. So, CLOSED seems like what I might want.
Questions or help needed:
- RSS seems to be factory bootloader+ ? Or at least some services like build or get cert, then you can boot into the loader?
- Where do i/uROT come in to play?
- If I have neither bank with a valid flash, I'd like to use my bootloader to set the wifi up into a tunnel mode with my app, then reboot the micro into factory bootloader so the app can help program over USART... However... I don't want to lose my bootloader when I do this. But if I'm in CLOSED, I think all I can do is erase all memory in a regression? Is there a way to keep specific sectors?
- What I really need is RDP and locking SWD down. Can I get those features with an OPEN config and just ignore all the trustzone options?
- Is there a getting started tutorial on this stuff anywhere? I feel like this topic spans at least 5 sections of different features.