Hello ST Community,
I’m working on a custom board based on STM32WB55 and need to implement secure OTA firmware updates (signed and encrypted images).
Here’s what I’ve done so far:
I successfully tested SBSFU in local loader mode (YMODEM over UART).
→ Pushing a *.sfb image works perfectly (signature + AES encryption validated at boot).
Next, I tried integrating SBSFU + BLE_OTA (both on a Nucleo board and on my custom board).
→ BLE OTA works for transferring a raw .bin, but that binary is neither signed nor encrypted, which defeats the purpose of SBSFU security.
→ I expected to be able to push a *.sfb file from the ST BLE Sensor app, but that’s not supported.
My question:
What is the correct way to perform a secure OTA update (with signed and encrypted image) on STM32WB55?
Is there an official workflow or example for using BLE OTA as a transport for SBSFU .sfb images (instead of raw .bin)?
Any guidance or references (sample projects) would be greatly appreciated.
Thanks in advance!
— Guilhem
