What is the correct procedure to replace the example UserApp in SBSFU with a different existing project in STM32CubeIDE (generated with CubeMX)?

BaxEDM · ‎2022-01-20

I have attempted the following:

-Build and tested a simple app, called TestApp with STM32CubeIDE/CubeMX, runs fine on itself (without SBSFU)

-Build and tested the SBSFU 2_images example, works fine.

-The TestApp runs on the same hardware as the SBSFU example and I want to replace the example SBSFU UserApp with the TestApp.

-To achieve this I copied all project settings from UserApp to TestApp.

-Modified postbuild.sh call to use the TestApp.bin instead

-Managed to build the SBSFU_TestApp.bin without errors

-Flashed SBSFU_TestApp.bin according to the SBSFU UserApp instructions

-SBSFU boots correctly and signals that the TestApp is started, but the TestApp does not run.

I suspect the problem lies in the STM32L475VGTx_FLASH.ld file. These differ quite a bit in the UserApp and in the TestApp. In the TestApp, CubeMX has generated it. I tried to replace that file in the TestApp with the one from UserApp, but then the TestApp also does not run anymore, even on itself, without SBSFU. What complicates things is that I also do not know how to debug an app that is running inside of SBSFU.

The TestApp is very small and does not use FreeRTOS, it only prints "Hello World" to the uart. If I can get this to work the next step is to change to my large app (FreeRTOS + OTA).

For now I'm lost. Already spent a few days on this without any luck, hope anyone here knows the best way to do this.

Frantz LEFRERE · ‎2022-01-20

Hello @Community member ,

Regarding the adaptation for your application you just need to properly relocate the code to the execution slot address and to insure the vector table is properly relocated.

This process is describe in this MOOC

https://www.st.com/content/st_com/en/support/learning/stm32-education/stm32-moocs/STM32_security_ecosystem.html

https://www.youtube.com/watch?v=MDgstQdtf9A&list=PLnMKNibPkDnGd7J7fV7tr-4xIBwkNfD--&index=4&t=447s

For debugging the SBSFU and the application, remove all the security protection :

in app_sfu.h, uncomment "#define SECBOOT_DISABLE_SECURITY_IPS"

After compilation flash the full image and then create a debug configuration without download of the binaries and with the loading of SBSFU and Application symbol.

I hope this helps !

MBax.2 · ‎2022-01-21

Thank you for the information. I followed the instructions meticulously. I do run into problems however.

When I change the system system_stm32l4xx.c file and the STML475VGTX_FLASH.ld file according to the instructions, I can see in the debugger that my application now starts at the right offset, yet my application now hangs, it cannot get out of the HAL_Delay() function.

Frantz LEFRERE · ‎2022-01-21

Hello @Community member

" it cannot get out of the HAL_Delay()", probably issue with the systick interrupt.

You can set a break point in SysTick interrupt ( if you are using systick as timebase)

void SysTick_Handler(void)

{

HAL_IncTick();

}

If not called, double check the SCB->VTOR assignment with debugger to insure Vector table is properly relocated to the execution slot.

MBax.2 · ‎2022-01-21

The HAL_IncTick() is never reached. When I halt the code in the debugger and check the value of SCB->VTOR it is 0. This should probably contain the offset instead, so that is wrong. Now I need to figure out why it contains the wrong value, as I made the modifications to the files that affect this according to the instructions.

MBax.2 · ‎2022-01-21

Fixed it, a define was missing which blocked the SCB-VTOR assignment:

#define USER_VECT_TAB_ADDRESS

Now I will continue with the all the next steps to get SBSFU running. I'll come back here if I run into any other problems.

MBax.2 · ‎2022-01-21

I managed to take the postbuild script from the MOOC and to modify it for all the paths I am using for my TestUserApp. The resulting output.txt looks good:

block size =16

Magic: b'SFU1'!!

number of segment :4

0x8089204

0x8089210

0x8089220

number of segment :6

0x8000188

0x8005010

0x80059ee

0x800e4e8

0x800e598

Merging

SBSFU Base = 0x8000000

Writing header = 0x8086000

APPLI Base = 0x8086200

Writing to .\\Binary\\\SBSFU_TestUserAppV1.bin 561696

When I flash the whole stack my Application does not seem to start, I only get

======================================================================

= =

= Secure Boot and Secure Firmware Update =

======================================================================

= [SBOOT] SECURE ENGINE INITIALIZATION SUCCESSFUL

= [SBOOT] STATE: CHECK STATUS ON RESET

WARNING: A Reboot has been triggered by a Watchdog reset!

= [SBOOT] STATE: CHECK NEW FIRMWARE TO DOWNLOAD

= [SBOOT] STATE: CHECK USER FW STATUS

A FW is detected in the slot SLOT_ACTIVE_1

= [SBOOT] STATE: VERIFY USER FW SIGNATURE

= [SBOOT] STATE: EXECUTE USER FIRMWARE

but then the watchdog triggers and this keeps cycling.

When I run the unencrypted bin of the application, it runs without problems. What to do now?

Frantz LEFRERE · ‎2022-01-21

@Community member

Do you refresh the watchdog in your application as describe in the MOOC ?

Or you can try to deactivate this protection if you don't want to handle this.

just comment

#define SFU_IWDG_PROTECT_ENABLE

in the app_sfu.h.

MBax.2 · ‎2022-01-21

I have defined SECBOOT_DISABLE_SECURITY_IPS just for testing, so the watchdog is not running. I have been able to debug and my application hangs in a error handler. Just prior to jumping into the error handler the SystemClock_Config() returns an error because "PLL is already used as System core clock". I have not seen that before, so I don't know why having the PLL as a core clock is a problem.

Frantz LEFRERE · ‎2022-01-21

@Community member

Please in you application unconfigure the RCC before the call to SystemClock_Config :

something like this :

HAL_Init();

/* De-configure previous configuration done during SBSFU execution */

HAL_RCC_DeInit();