FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

YMODEM for SBSFU safe enough?

Go to solution
STsch.1
Associate III

‎2022-01-21 01:49 AM

Hi,

I have seen, that for the bootloader with just one image, it is only possible to use the YMODEM with UART for updating the firmware with the SBSFU. Now what I'm am concerned about is, that the YMODEM seems not to be very error tolerant.

So, what further mechanisms does the SBSFU use, to verify that the firmware is not corrupted anywhere (in case the checksum of the SBSFU fails somewhere, since it is only 16bit, right)? Will the whole firmware be checked with a checksum after reception to see, if it is valid?

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Jocelyn RICARD
ST Employee

‎2022-01-21 02:16 AM

Hello @STsch.1​ ,

To complete Arno's answer, Ymodem is provided as example and you can implement whatever protocol you want.

Ymodem is already checking the integrity of each frame.

Then even if something happen, what is important to know is that once full firmware is downloaded, and before doing anything else, SBSFU will check the integrity of the firmware using SHA256.

If it does not match the value provided in the authenticated header, then firmware is erased.

Best regards

Jocelyn

View solution in original post

0 Kudos
4 REPLIES 4
Go to solution
Arno1
Senior

‎2022-01-21 02:08 AM

Hi,

From my understanding:

The SFU header contains the field

' uint8_t HeaderSignature[SE_HEADER_SIGN_LEN]; /*!< Signature of the full header message */' (SE_HEADER_SIGN_LEN = 64)

On each boot -if a firmware is detected in the active image area- that signature is checked. (see SFU_BOOT_SM_VerifyUserFwSignature())

If after transmission and installation the device reboots, it will refuse to boot if there is any corruption

Hope that helps

KR, Arno

0 Kudos
Go to solution
STsch.1
Associate III

‎2022-01-21 02:13 AM

Hi Arno, thank you for your response.

Yes it checks the firmware header, but what if the CRC is correct of one of the packages from the YMODEM protocol and there are still some corrupt bits somewhere in this package (since it is only CRC16). Can the bootloader somehow detect that? The installation might be correct this way, since the header is not corrupted, but then a corrupted firmware is running.

Kind Regards

0 Kudos
Go to solution
Jocelyn RICARD
ST Employee

‎2022-01-21 02:16 AM

Hello @STsch.1​ ,

To complete Arno's answer, Ymodem is provided as example and you can implement whatever protocol you want.

Ymodem is already checking the integrity of each frame.

Then even if something happen, what is important to know is that once full firmware is downloaded, and before doing anything else, SBSFU will check the integrity of the firmware using SHA256.

If it does not match the value provided in the authenticated header, then firmware is erased.

Best regards

Jocelyn

0 Kudos
Go to solution
STsch.1
Associate III

‎2022-01-21 02:31 AM

Ok, thank you jocelyn, that is exactly what I wanted to know. So this is fully safe then.

0 Kudos
Top