2020-04-22 03:06 AM
Hi,
I am testing SBSFU in p-nucleo-wb55. when i am flashing user_app.sfb it flash successfully at slot1 (Download Area) but can not decrypt and hang at below STATE can you please help me how to resolve this issue and also tell me how to enable debug log in 2_Images_SECoreBin.
= [SBOOT] System Security Check successfully passed. Starting...
= [FWIMG] Slot #0 @: 8012000 / Slot #1 @: 8047000 / Swap @: 807e000
======================================================================
= (C) COPYRIGHT 2017 STMicroelectronics =
= =
= Secure Boot and Secure Firmware Update =
======================================================================
= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
INFO: A Reboot has been triggered by a Software reset!
Consecutive Boot on error counter = 0
INFO: Last execution detected error was:No error. Success.
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: CHECK USER FW STATUS
New Fw Encrypted, to be decrypted
= [SBOOT] STATE: INSTALL NEW USER FIRMWARE
Note:- I have perform AES key provisioning steps successfully provided in readme.txt
STM32_Programmer_CLI.exe -c port=usb1 -wusrkey CKS_OEM_KEY_COMPANY1_key_AES_CBC.bin keytype=1
Thanks,
Arjun
2020-04-22 04:47 AM
Hello Asala,
when it hangs like this, this means that SBSFU is not able to access to the key in the Custome Key Storage.
Did you follow all the steps in readme file.
Are you sure RSS is in idle state and FUS version is the good one?
Best regards
Jocelyn
2020-04-22 04:58 AM
Hi,
Yes i have check my RSS is in idle and also upgrade FUS version because default it is 00050300 ==> FUSv0.5.3. Please find below log of my current FUS version (01000200 ==> 1.0.2) and also RSS state.
arjun@AHMCPU2299:bin$ sudo ./STM32_Programmer_CLI -c port=usb1 -fusgetstate
-------------------------------------------------------------------
STM32CubeProgrammer v2.3.0
-------------------------------------------------------------------
USB speed : Full Speed (12MBit/s)
Manuf. ID : STMicroelectronics
Product ID : DFU in FS Mode
SN : 207C317B554D
FW version : 0x011a
Device ID : 0x0495
Device name : STM32WBxx
Flash size : 1 MBytes
Device type : MCU
Device CPU : Cortex-M0+/M4
FUS state is FUS_IDLE
FUS status is FUS_NO_ERROR
getFUSstate command execution finished
FUS version
arjun@AHMCPU2299:bin$ sudo ./STM32_Programmer_CLI -c port=usb1 -r32 0x20030030 1
-------------------------------------------------------------------
STM32CubeProgrammer v2.3.0
-------------------------------------------------------------------
USB speed : Full Speed (12MBit/s)
Manuf. ID : STMicroelectronics
Product ID : DFU in FS Mode
SN : 207C317B554D
FW version : 0x011a
Device ID : 0x0495
Device name : STM32WBxx
Flash size : 1 MBytes
Device type : MCU
Device CPU : Cortex-M0+/M4
Reading 32-bit memory content
Size : 4 Bytes
Address: : 0x20030030
0x20030030 : 01000200
Is there any way we can read or verify that the key is properly store or not?
Thanks,
Arjun
2020-04-23 12:11 AM
Hi @Jocelyn RICARD
I have re-flash key by following command and it's return key index 0x3. Now i make change in code se_cks.h
-- #define SBSFU_AES_KEY_IDX 0x01U
++ #define SBSFU_AES_KEY_IDX 0x3U
rebuid all project loader, SECore, SBSFU, UserAPP and flash again.
It goes further but still not up and running the APP. it's fail to verify the signature(SIGNATURE CHECK FAILED!). find below logs.
arjun@AHMCPU2299:bin$ sudo ./STM32_Programmer_CLI -c port=usb1 -wusrkey /home/arjun/STM32CubeExpansion_SBSFU_V2.3.0/Projects/P-NUCLEO-WB55.Nucleo/Applications/2_Images/2_Images_SECoreBin/Binary/CKS_OEM_KEY_COMPANY1_key_AES_CBC.bin keytype=1
-------------------------------------------------------------------
STM32CubeProgrammer v2.3.0
-------------------------------------------------------------------
USB speed : Full Speed (12MBit/s)
Manuf. ID : STMicroelectronics
Product ID : DFU in FS Mode
SN : 207C317B554D
FW version : 0x011a
Device ID : 0x0495
Device name : STM32WBxx
Flash size : 1 MBytes
Device type : MCU
Device CPU : Cortex-M0+/M4
Key File path : /home/arjun/STM32CubeExpansion_SBSFU_V2.3.0/Projects/P-NUCLEO-WB55.Nucleo/Applications/2_Images/2_Images_SECoreBin/Binary/CKS_OEM_KEY_COMPANY1_key_AES_CBC.bin
Write user key in memory process started ...
FUS state is FUS_IDLE
FUS status is FUS_NO_ERROR
Writing key in memory ...
write user key in memory returned the following key index 0x3
write key in memory process finished
Write user key in memory command execution finished
Requesting FUS state ...
FUS state is FUS_IDLE
FUS status is FUS_NO_ERROR
= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
INFO: A Reboot has been triggered by a Software reset!
Consecutive Boot on error counter = 0
INFO: Last execution detected error was:No error. Success.
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: CHECK USER FW STATUS
New Fw Encrypted, to be decrypted
= [SBOOT] STATE: INSTALL NEW USER FIRMWARE
= [SBOOT] STATE: HANDLE CRITICAL FAILURE
= [EXCPT] SIGNATURE CHECK FAILED!
= [SBOOT] STATE: REBOOT STATE MACHINE
Can you please tell me how i can resolve this issues.
Note: In development mode i am disable all Scurity IPs by enabling below macro
#define SECBOOT_DISABLE_SECURITY_IPS
Thanks in Advance.
Regards,
Arjun
2020-04-24 05:09 AM
Hi @Jocelyn RICARD ,
Is there any suggestion how to resolve this issue?
i have enable verbose please find below log.
= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL
= [SBOOT] STATE: CHECK STATUS ON RESET
INFO: A Reboot has been triggered by a Software reset!
Consecutive Boot on error counter reset
Consecutive Boot on error counter = 0
Consecutive Boot on error counter updated
INFO: Last execution status before Reboot was:Verifying Fw Image signa ture.
INFO: Last execution detected error was:No error. Success.
= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD
= [SBOOT] STATE: CHECK USER FW STATUS
New Fw Encrypted, to be decrypted
= [SBOOT] STATE: INSTALL NEW USER FIRMWARE
= [SBOOT] RuntimeProtections: 0
18928 bytes of ciphertext decrypted.
= [FWIMG] The decrypted image is incorrect!
= [FWIMG] FW installation failed!
= [SBOOT] STATE: HANDLE CRITICAL FAILURE
= [EXCPT] SIGNATURE CHECK FAILED!
= [SBOOT] STATE: REBOOT STATE MACHINE
========= End of Execution ==========
Note:- i am using AC6 IDE and work on Linux Ubuntu platform.
Thanks,
Arjun
2020-04-24 07:27 AM
Hello Asala,
I don't catch why you changed the key index from 0x01 to 0x03.
Anyway, in that case, the SBSFU will read the decryption key in slot 3 of the CKS instead of slot 1
As a consequence, you need to provision your key in this slot 3.
To achieve this, you need to change the CKS header of the key file binary
CKS header is made of 2 bytes: the first byte is the slot, and second is the key size.
So, if you want to use Index 3 of CKS, you need to have
0x03 0x10 as CKS header in CKS_OEM_KEY_COMPANY1_key_AES_CBC.bin
You can do this thanks to a binary editor for instance, but I would suggest you have your own tool to generate the key.
It is important that for production you generate your own key and not reuse the one provided as example !
I hope this will help
Best regards
Jocelyn
2020-04-30 12:29 AM
Hi,
i revert back my changes and now #define SBSFU_AES_KEY_IDX 0x01U .But still it fail at SIGNATURE CHECK FAILED! . i am also try with windows platform and stcubeide but still not any success.
below are the step which i have follow.
Please suggest me what actually i have missing.
Thanks,
Arjun
2020-05-04 08:57 AM
Hello Arjun,
I'm sorry for late answer.
I think the issue comes from STM32CubeProgrammer 2.3 relative to the key provisioning.
There was a change between version 2.1 and 2.4. Apparently 2.3 is not working fine fore this purpose.
The SBSFU 3.0 was released when STM32CubeProgrammer 2.1 was available.
The SBSFU 3.1 was released when STM32CubeProgrammer 2.4 was avaialble.
The difference resides in the key format.
With version 2.1 you had to provision with a key file containing the CKS header (CKS_...)
With version 2.4 you just provision the key. No more CKS header.
And each time you will request the key provisioning with this version 2.4 it will use the next available slot.
So, you need to adapt the slot used in SBSFU with SBSFU_AES_KEY_IDX in se_cks.h.
I hope this will you solving your issue.
Best regards
Jocelyn
2020-05-04 11:38 PM
Hi,
Thank you so much for support its version issue and CKS header issue.
I have resolve this issue with st programmer 2.4.0. I can successfully load OEM_KEY_COMPANY1_key_AES_CBC.bin(without CKS header) it return key index which i have replace with SBSFU_AES_KEY_IDX default one and now i can perform firmware upgrade successfully.
Thank you once again.
Regards,
Arjun