/**
******************************************************************************
* @file app_sfu.h
* @author MCD Application Team
* @brief This file contains the configuration of SBSFU application.
******************************************************************************
* @attention
*
*
© Copyright (c) 2017 STMicroelectronics.
* All rights reserved.
*
* This software component is licensed by ST under Ultimate Liberty license
* SLA0044, the "License"; You may not use this file except in compliance with
* the License. You may obtain a copy of the License at:
* www.st.com/SLA0044
*
******************************************************************************
*/
/* Define to prevent recursive inclusion -------------------------------------*/
#ifndef APP_SFU_H
#define APP_SFU_H
#ifdef __cplusplus
extern "C" {
#endif
/* Includes ------------------------------------------------------------------*/
#include "se_crypto_config.h"
/* Exported constants --------------------------------------------------------*/
/**
* Use this define to choose the type of Firmware Image Programming you want to use.
* This version supports only 2 modes:
*
* SFU_ENCRYPTED_IMAGE: Encrypted Firmware Image
* The image is received in encrypted format.
* The image must be decrypted to be installed:
* this is done according to the selected crypto scheme,
* see @ref SECBOOT_CRYPTO_SCHEME in the SE_CoreBin part.
*
* SFU_CLEAR_IMAGE: Clear Firmware Image
* The image is received in clear format.
* No decrypt operation is needed before installing the image:
* the selected crypto scheme must be compatible with this choice,
* see @ref SECBOOT_CRYPTO_SCHEME in the SE_CoreBin part.
*
*
*/
#if SECBOOT_CRYPTO_SCHEME == SECBOOT_ECCDSA_WITHOUT_ENCRYPT_SHA256
#define SFU_IMAGE_PROGRAMMING_TYPE SFU_CLEAR_IMAGE
#else
#define SFU_IMAGE_PROGRAMMING_TYPE SFU_ENCRYPTED_IMAGE
#endif /* SECBOOT_CRYPTO_SCHEME */
#define SFU_ENCRYPTED_IMAGE (0U) /*!< The Firmware Image to be installed is downloaded in ENCRYPTED format */
#define SFU_CLEAR_IMAGE (1U) /*!< The Firmware Image to be installed is downloaded in CLEAR format */
#define SFU_DEBUG_MODE /*!< Comment this define to optimize memory footprint (debug mode removed)
No more print on terminal during SBSFU execution */
/*#define SFU_VERBOSE_DEBUG_MODE*/ /*!< Uncomment this define when in verbose Debug mode.
this switch activates more debug prints in the console (FSM state info...) */
/*#define SFU_FWIMG_BLOCK_ON_ABNORMAL_ERRORS_MODE*/ /*!< You may uncomment this define when running development tests.
When this switch is activated, the FWIMG part of SB_SFU will
block when an abnormal error is encountered */
#if defined(SFU_VERBOSE_DEBUG_MODE) && !defined(SFU_DEBUG_MODE)
#error You cannot activate SFU_VERBOSE_DEBUG_MODE without activating SFU_DEBUG_MODE too.
#endif /* SFU_VERBOSE_DEBUG_MODE && !SFU_DEBUG_MODE */
#if defined(SFU_FWIMG_BLOCK_ON_ABNORMAL_ERRORS_MODE) && !defined(SFU_DEBUG_MODE)
#error SFU_FWIMG_BLOCK_ON_ABNORMAL_ERRORS_MODE is meant to be used in DEBUG mode
#endif /* SFU_FWIMG_BLOCK_ON_ABNORMAL_ERRORS_MODE && !SFU_DEBUG_MODE */
/*#define SFU_TEST_PROTECTION*/ /*!< Auto-test of protections : WRP, PCROP, MPU, FWALL.
Automatically executed @startup */
#if defined(SFU_TEST_PROTECTION)
#undef SFU_DEBUG_MODE /*!< Remove definition to optimize memory footprint (debug mode removed) */
#endif /* SFU_TEST_PROTECTION */
/**
* SB_SFU status LED.
* The constants below define the LED to be used and the LED blinking frequency to identify some situations.
* This is useful when no log is enabled.
*
* \li The LED blinks every see @ref SFU_COM_YMODEM_DOWNLOAD_TIMEOUT seconds when a local download is waited.
* \li For the other situations, please check the other defines below.
*/
#define SFU_STATUS_LED (LED_GREEN) /*!< LED to be used to provide the SB_SFU status to the end-user */
#define SFU_STOP_NO_FW_BLINK_DELAY (100U) /*!< Blinks every 100ms when no valid firmware is available and the local
loader feature is disabled - see @ref SECBOOT_USE_LOCAL_LOADER */
#define SFU_INCORRECT_OB_BLINK_DELAY (250U) /*!< Blinks every 250ms when an Option Bytes issue is detected */
/**
* Optional Features Software Configuration
*/
#if !defined(SFU_TEST_PROTECTION)
#define SECBOOT_LOADER SECBOOT_USE_LOCAL_LOADER /*!< Loader selection inside SBSFU : local/standalone/none */
#else
#define SECBOOT_LOADER SECBOOT_USE_NO_LOADER /*!< No loader usage forced when SFU_TEST_PROTECTION is set */
#endif /* SFU_TEST_PROTECTION */
#define SECBOOT_USE_LOCAL_LOADER (1U) /*!< local loader feature integrated into SBSFU (YMODEM over UART) */
#define SECBOOT_USE_STANDALONE_LOADER (2U) /*!< standalone loader : see specific loader project */
#define SECBOOT_USE_NO_LOADER (3U) /*!< no loader capability at SBSFU stage */
/* Uncomment the define below if you want to use minicom with Linux */
/* #define MINICOM_YMODEM */ /*!< YMODEM protocol handled by MINICOM (Linux): 128 bytes packets */
#if defined(MINICOM_YMODEM)
/* Minicom does not accept the debug prints during the YMODEM session */
#undef SFU_X509_VERBOSE_DEBUG_MODE
#undef SFU_VERBOSE_DEBUG_MODE
#endif /* MINICOM_YMODEM */
/* Uncomment the define below if you want to remove the swap area
==> partial update is not supported in this configuration */
/*#define SFU_NO_SWAP*/ /*!< FW upgrade installation process without swap area */
/* Multi-images configuration :
- Max : 3 Active images and 3 Download area
- Not necessary same configuration between SFU_NB_MAX_ACTIVE_IMAGE and SFU_NB_MAX_DWL_AREA
- Active slot identified with SFU magic (1,2,3) information from header
- Do not forget to add keys for each image in SE_Corebin/Binary folder
- Master slot : image started in priority if valid
- FW image valide all feature authorized from master slot
*/
#define SFU_NB_MAX_ACTIVE_IMAGE 1U /*!< 1 active image managed */
#define SFU_NB_MAX_DWL_AREA 1U /*!< 1 dwl area managed */
#define MASTER_SLOT SLOT_ACTIVE_1 /*!< SLOT_ACTIVE_1 identified as master slot */
/* The define below allows disabling all security IPs at once.
*
* Enabled: all security IPs (WRP, watchdog...) are disabled.
* Disabled: the security IPs can be used (if their specific compiler switches are enabled too).
*
*/
// #define SECBOOT_DISABLE_SECURITY_IPS /*!< Disable all security IPs at once when activated */
#if !defined(SECBOOT_DISABLE_SECURITY_IPS)
/* Uncomment the following defines when in Release mode.
In debug mode it can be better to disable some of the following protection
for a better Debug experience (WRP, RDP, IWDG, DAP, etc.) */
#define SFU_WRP_PROTECT_ENABLE
#define SFU_RDP_PROTECT_ENABLE
#define SFU_PCROP_PROTECT_ENABLE
#define SFU_FWALL_PROTECT_ENABLE
// #define SFU_TAMPER_PROTECT_ENABLE
#define SFU_DAP_PROTECT_ENABLE /*!< WARNING: Be Careful if enabling this protection. Debugger will be disconnected.
// It might be difficult to reconnect the Debugger.*/
#define SFU_DMA_PROTECT_ENABLE
// #define SFU_IWDG_PROTECT_ENABLE /*!< WARNING:
// 1. Be Careful if enabling this protection. IWDG will be active also after
// switching to UserApp: a refresh is needed.
// 2. The IWDG reload in the SB_SFU code will have to be tuned depending on your
// platform (flash size...)*/
#define SFU_MPU_PROTECT_ENABLE /*!< MPU protection:
// Enables/Disables the MPU protection.
// If Secure Engine isolation is ensured by MPU (see SFU_ISOLATE_SE_WITH_MPU in
// SE_CoreBin\Inc\se_low_level.h), then this switch also enables/disables it, in
// addition to the overall MPU protection. */
#define SFU_MPU_USERAPP_ACTIVATION /*!< MPU protection during UserApp execution : Only active slot(s) considered as an
// executable area */
/*#define SFU_FINAL_SECURE_LOCK_ENABLE */ /*!< WARNING: Should be enabled at the end of product development and test
// steps.
// When enabling this lock, Static protections cannot be modified any more
// and Debug is finally disabled. */
#if defined(SFU_FINAL_SECURE_LOCK_ENABLE)
#define SFU_PROTECT_RDP_LEVEL (OB_RDP_LEVEL_2) /*!< RDP level2 for product on the field. Final OB lock, Debug
completely disabled, OB update no more possible */
#else
#define SFU_PROTECT_RDP_LEVEL (OB_RDP_LEVEL_1) /*!< RDP level is set as 1 for debugging purposes. A product on the
field should set it as Level2 */
#endif /* SFU_FINAL_SECURE_LOCK_ENABLE */
#endif /* !SECBOOT_DISABLE_SECURITY_IPS */
/**
* The define below (SECBOOT_OB_DEV_MODE) determines if the OPTION BYTES should be handled in Development mode or not.
* This define is taken into account only if RDP level 2 is not set.
* If RDP level 2 is set no modification can be done anyway.
*
* Enabled: Option Bytes Development Mode enabled.
* SB_SFU uses a "check and apply" strategy when checking the Option Bytes configuration.
* If an OB is not set though it should be then this setting is automatically corrected.
* This applies only as long as RDP level 2 is not set.
*
* Disabled: Option Bytes Development Mode disabled.
* In this mode the Option Bytes are supposed to be already configured properly when the software starts for
the first time.
* SB_SFU checks the Option Bytes configuration but does not correct it.
* If a problem is detected an error message is reported and the execution stops.
*/
#define SECBOOT_OB_DEV_MODE
#define SFU_IWDG_TIMEOUT ((uint32_t) 6) /*!< IWDG timeout in seconds (the max. value that can be set here depends on
the prescaler settings: IWDG_PRESCALER_XXX. ) */
/**
* Application Configuration
*
*/
#define SFU_FW_VERSION_START_NUM (1U) /*!< The very first version number a Firmware can have
You can also define an upper bound here if you plan to use it */
#define SFU_FW_VERSION_INIT_NUM (1U) /*!< The version number accepted when the header is not valid (either because
no FW installed or due to an attack attempt). Could be different from
SFU_FW_VERSION_START_NUM */
/**
* Features compatibility control
*/
#if defined(SFU_NO_SWAP) && defined(ENABLE_IMAGE_STATE_HANDLING)
#warning "ENABLE_IMAGE_STATE_HANDLING not compatible with SFU_NO_SWAP process"
#endif
#if defined(SFU_SECURE_USER_PROTECT_ENABLE) && defined(ENABLE_IMAGE_STATE_HANDLING)
#warning "ENABLE_IMAGE_STATE_HANDLING not compatible with SFU_SECURE_USER_PROTECT_ENABLE process"
#endif
#ifdef __cplusplus
}
#endif
#endif /* APP_SFU_H */
/************************ (C) COPYRIGHT STMicroelectronics *****END OF FILE****/