Skip to main content
Brajp.1
Brajp.1
Associate III
May 11, 2022
Solved

How to disable SRAM1 firewall protection?

  • May 11, 2022
  • 5 replies
  • 2568 views

I am using the SBSFU project for OTA.

I have linked my UserApp successfully with SBSFU projects and firmware up-gradation is working fine when FIREWALL protection is disabled.

I am using the STM32L4 series controller and am aware of L4 series firewall-related issues.

So I want to know how I can use firewall protection only for Flash by disabling firewall protection for SRAM1.

The datasheet mentioned that if we pass length 0 of Volatile data segment (SRAM1) and VDS = 1 then protection is disabled for SRAM1 but I am still getting firewall reset.

How can I bypass SRAM1 firewall protection?

This topic has been closed for replies.
Best answer by Jocelyn RICARD

Hi @Brajp.1​ 

OK, this part is impacted by the limitation of the firewall.

SBSFU provides a working setup with L5S5 chip.

Reason why you want to disable firewall on SRAM is because you need SRAM1 for your application I guess.

As far as I remember when investigating this issue, removing SRAM but keeping RO area (which protects header), didn't solve the issue but I can't be 100% sure. At least you can try also removing this RO part. This will reduce the security level again but only from remote attack.

Best regards

Jocelyn

5 replies

Bubbles
Bubbles
ST Employee
May 12, 2022

Hi @Brajp.1​ ,

once the firewall was set up, you cannot disable it. What you can try to do is to modify the initialization code to not involve SRAM in protection.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
Brajp.1
Brajp.1Author
Associate III
May 13, 2022

I have tried that before enabling the firewall, I have passed size 0 of SRAM1 and also configured VDS as 1 (EXECUTABLE) and VDE as 1 (SHARED) but still, I am getting firewall reset.

Can you tell me is there any other parameter I have to set or reset?

Jocelyn RICARD
Jocelyn RICARD
ST Employee
May 13, 2022

Hello @Brajp.1​ ,

which L4 part are you using ?

Best regards

Jocelyn

Brajp.1
Brajp.1Author
Associate III
May 13, 2022

STM32L4S7VIT6

Jocelyn RICARD
Jocelyn RICARDBest answer
ST Employee
May 13, 2022

Hi @Brajp.1​ 

OK, this part is impacted by the limitation of the firewall.

SBSFU provides a working setup with L5S5 chip.

Reason why you want to disable firewall on SRAM is because you need SRAM1 for your application I guess.

As far as I remember when investigating this issue, removing SRAM but keeping RO area (which protects header), didn't solve the issue but I can't be 100% sure. At least you can try also removing this RO part. This will reduce the security level again but only from remote attack.

Best regards

Jocelyn

Brajp.1
Brajp.1Author
Associate III
May 16, 2022

Thanks for the answer.

I have tried what you suggested and removed the RO part too, but I am still getting firewall reset.

Jocelyn RICARD
Jocelyn RICARD
ST Employee
May 17, 2022

Hello @Brajp.1​ ,

OK. Did you start from L4S5 example ?

Basically, from what point did you start and what did you change ?

Also, could you locate at which point this reset occurs?

It the SBSFU working when you deactivate firewall?

Best regards

Jocelyn

Brajp.1
Brajp.1Author
Associate III
May 18, 2022

@Jocelyn RICARD​ 

Yes, I have started from L4S5.

SBSFU is working fine without enabling firewall protection.

So after enabling firewall protection I have tried to disable SRAM1 protection but I am getting firewall reset when SBSFU is trying to check User application status.

I am getting reset from here:

SFU_IMG_CheckPendingInstallation -> CheckTrailerValid -> CheckTrailerMagic

Jocelyn RICARD
Jocelyn RICARD
ST Employee
May 20, 2022

Hello @Benjamin Rainey​ ,

I made a test with SBSFU\V2.6.0\Projects\B-L475E-IOT01A\Applications\2_Images\

Making only following change:

 FWALL_InitStruct.VDataSegmentStartAddress  = 0; // SFU_PROTECT_FWALL_VDATA_ADDR_START;

 FWALL_InitStruct.VDataSegmentLength     = 0; // SFU_PROTECT_FWALL_VDATA_SIZE;

(and removing the following check just to make test easier).

I don't get any reset. I made a firmware update without issue.

Best regards

Jocelyn

Terms & ConditionsAccessibility statement