cancel
Showing results for 
Search instead for 
Did you mean: 

Protecting IP while Flashing with STM32_Programmer_CLI - how?

beartronics
Associate II

Hi all,

Please let me know if this post belongs into the STM32 Security forum.

I'm developing a Windows GUI for flashing STM32H5 with my IP Software. The user of this GUI (customer) and the PC it's running on should NEVER be able to get a hold of the STM32 Software (.bin).

Caling STM32_Programmer_CLI from my GUI App (with -d or -w), it is only possible to provide the binary as a file.
I haven't tried using -w32, but I assume it will be rather slow for a ~megabyte-sized binary.
What I would love to do, is pipe the data into STM32_Programmer_CLI, but I don't think this is possible yet.

What is the best approach for hiding the binary and obk from theft, other than "securing by obscuring"?
Goal is to prevent the customer from flashing other MCUs without using my GUI (which contacts the license server).

Also, after Provisioning/Closing the device, the GUI would need to perform regression in order to reflash it, which again, could expose the password because the CLI only takes it as a file input...

Thanks in advance and best regards,
Stefan

1 ACCEPTED SOLUTION

Accepted Solutions
Pavel A.
Evangelist III

Please see: https://community.st.com/t5/stm32-mcus-security/sbsfu-for-stm32h5/td-p/674511

 

Also, you can use the Programmer API, since you already write a custom application. The API documentation and binaries are installed with the Programmer.

 

View solution in original post

4 REPLIES 4
Pavel A.
Evangelist III

Please see: https://community.st.com/t5/stm32-mcus-security/sbsfu-for-stm32h5/td-p/674511

 

Also, you can use the Programmer API, since you already write a custom application. The API documentation and binaries are installed with the Programmer.

 

Hello @Pavel A. ,

I was looking for this, but didn't realise I needed a standalone installation of CubeProgrammer in order to get the API and documentation. I had a quick look in CubeProgrammer_API.h, and it seems that there are some functions missing regarding the provisioning and regression Routine. Is there an API for that, too?

Thank you and best regards,
Stefan

 provisioning and regression 

I don't think so. The Programmer app has some internal logic for that. but I can be wrong.

 

Hi @Pavel A. 

I linked the CubeProgrammer_API.lib file to my executable, but to my surprise it only has 14kB. After checking the contents, I could see the function names and locations, but the implementation is only a CubeProgramer_API.dll with 56 bytes... Something must have gone wrong here when packing this library I guess.

Is there any STMCubeProg version that has this library/API packed correctly? I'm on latest (2.17.0) at the moment.

I also would love to see a compiled linux library for this API, as I'd like to test this on Linux too (work is primarily on Ubuntu, but this App needs to run on Windows, too).

Maybe something for a future version.... But for now I need to be able to use the read/writeMemory API at least... which is apparently not contained in the .dll/.lib.

Thanks and best regards,
Stefan