FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secure H743 firnware programming GUI tools

Robmar
Senior III

‎2025-01-03 04:23 AM

I've read the X-CUBE-SBSFU Secure Boot and Secure Firmware documents and it doesn't explain if these are tools, with GUI, or just an API, which should really be explained at the start.

If you know all about it I am sure these documents are just great, but for those entering the topic, its too much details and not enough simple overview at the start.

Ideally, Cube Programmer would have the option to output an encrypted .elf file that could be sent to our clients to program their devices.  Yes, that simple, like a zip utility, with a text key.

So my question to those that have trodden this weary road, or any STM employee that cares to help us poor devs, what is the easiest solution ideally without have to write code either for the Windows PC or our H743 MCUs.

Labels:
0 Kudos
4 REPLIES 4
Jocelyn RICARD
ST Employee

‎2025-01-03 06:37 AM

Hello @Robmar,

The X-CUBE-SBSFU is a secure boot and secure firmware update implementation example.

It needs to be adapted to your needs. For this you must understand how things work.

We have created a workshop on this X-CUBE-SBSFU quite long ago now.

It give you an overview of what this package provides and how to use it. It is using STM32L476 as target board but principles are most of the time applicable to all STM32.

This workshop was recorded into a MOOC available here.

Another good entry point to STM32 microcontrollers security is the AN5156.

The SBSFU provides a Ymodem interface to download the signed encrypted update binary.

The generation of this binary is done using python scripts (also compiled as windows executable to avoid installing python and make things simple)

Best regards

Jocelyn

Robmar
Senior III

‎2025-01-03 09:21 AM

What a waste of time, a badly thought-out "service".

Most of STM's clients probably just want a secure programming tool, just add encryption to Cube Programmer, we certainly aren't going to invest in going through all that junk documentation.

STM is absolutely lost IMHO.

0 Kudos
Tesla DeLorean
Guru
In response to Robmar

‎2025-01-03 11:18 AM

Isn't part of the point of the security that the firmware is signed and encrypted such that the plain-text is never visible out side of the secure device? So the image data furnished to the customer is secure-at-reset, and the attack vector is not to run debuggers/disassemblers on the host side PC?

Most of ST's clients in this space are sufficiently sophisticated enough to code their own tools on their own platforms to deliver the desired end-user experience.

Delivery of a signed and encrypted image via Y-Modem seems like a relatively low hurdle, being something achievable via a Terminal application with support for standard/common protocols.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
0 Kudos
Robmar
Senior III
In response to Tesla DeLorean

‎2025-01-04 01:57 AM

You missed the point totally.

Does Visual Studio or Web applications force users to write the same code, all of them, to install a security certificate? No. 

Why not, they can right?! Well, because it would force tens of thousands of developers to write exactly the same code, a massive waste of time resources.

Don't you think developers are busy people, such that you waste their time re-inventing the wheel just to have encryption that STM left out of Cube Programmer?!

The idea is to make like easier for STM clients, not force them to invest time coding missing services like basic encryption.

0 Kudos
Top