How code in internal flash of STM32U5 can be protected from copying, if it is stored decrypted?

Forum|Forum|3 years ago
May 8, 2023
11 replies
6852 views

Flash writing procedure has just finished. The next step, anyone can assume, is verification, that code has been written correctly, which involves reading the flashed memory. At this stage, if I trace the API calls, which Cube tool does to perform flash reading. Does this mean I can copy the firmware without having vendor keys? Please point me at which step I'm wrong.

This topic has been closed for replies.

Show previous replies

Jocelyn RICARD

ST Employee

Hello @VTver.1 ,

Yes SFI can be performed only once when used for production.

SFI means Secure Firmware Install. Its purpose to secure the installation of the first version of your firmware in factory.

When you use such tool, this means that you want to make sure the content of your firmware will not leak. This means you will enable security features of the STM32 so that firmware content cannot be extracted on the field.

If you want to have update capability you need a secure boot and secure firmware update application running after reset that will take care of it.

You have lot of material available on this subject. Please check STM32Trust page on st.com.

Best regards

Jocelyn

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded