Skip to main content
N
Niramas
Explorer
April 24, 2025
Solved

STM32 Bootloader: FAA DO-178 Certification?

  • April 24, 2025
  • 5 replies
  • 1927 views

Is the internal bootloader on the STM32H723 DO-178 certified?   It just dawned on me that the whole line of CPUs might be disqualified for aircraft use because the bootloader code "flies" with the aircraft and all such code must be certified to the level declared by the system (DAL levels A-D).   Do you have avionics customers that use these?  Can the bootloader be erased?

Regards,

Mark

    This topic has been closed for replies.
    Best answer by Roger SHIVELY

    Hello @Niramas 

     

    This post has been escalated to the ST Online Support Team for additional assistance.

    Regards.

    Roger

    5 replies

    P
    Pavel A.
    Super User
    April 25, 2025

    For unmanned avionics (aka drones) be assured that people use STM32H7's and have no complaints about the internal bootloader.

    > Can the bootloader be erased?

    No, unfortunately.

     

    N
    NiramasAuthor
    Explorer
    April 25, 2025

    The question has to do with FAA certification, not whether it works.

    A
    Amel NASRI
    Technical Moderator
    April 25, 2025

    Hi @Niramas ,

    Our current STM32 MCUs are general purpose ones and not qualified for aircraft usage.

    This post has been escalated to the ST Online Support Team for additional assistance. They may contact you directly in case they have some farther information to add.

    -Amel

    N
    NiramasAuthor
    Explorer
    April 25, 2025

    Thank you for the response.   Can you verify that the BL area cannot be erased?  Can it come unprogrammed by special order?   This question matters in that we have product that would be OK at low verification levels (e.g. controlling seat positions)  but would be disqualified at higher safety levels (e.g. controlling landing gear).

    A
    Amel NASRI
    Technical Moderator
    April 25, 2025

    As already answered by Pavel, the BL area cannot be erased.

    Special orders should be discussed with Sales, better to submit your complete request in OLS in this case.

    -Amel

    P
    Pavel A.
    Super User
    April 25, 2025

    Would it help to know that STM32H7 can be programmed so that the internal bootloader is never activated?  (both boot addresses are set to the user app) 

    N
    NiramasAuthor
    Explorer
    April 28, 2025

    The FAA expects all code that flies with the plane be certified to the safety level of the system.  

    P
    Pavel A.
    Super User
    April 28, 2025

    Well then if I fly with a laptop full of Windows and other stuff, do I have to certify it? If the answer is no because it is not connected to the systems, then the passive part of STM32 firmware is not connected too.

     

    R
    Roger SHIVELYAnswer
    ST Employee
    April 25, 2025

    Hello @Niramas 

     

    This post has been escalated to the ST Online Support Team for additional assistance.

    Regards.

    Roger

    P
    Pavel A.
    Super User
    April 29, 2025

    Then, pity. The STM32 is removed from flight ((

     

    Terms & ConditionsAccessibility statement