How to integrate SBSFU in STM32U585 series

ST Employee

Hello Hiren,

the only secure boot solution we provide on STM32U5 is based on MCUBoot.

This is something different from X-CUBE-SBSFU package.

We provide the integration of MCUBoot that is open source secure boot in the STM32CubeU5.

You can find it here;

STM32Cube_FW_U5_V1.2.0\Projects\B-U585I-IOT02A\Applications\SBSFU\

This solution does not fulfill your dual bank requirement. The update is managed in similar way as on X-CUBE-SBSFU by copying or swaping firmware from download slot to active slot.

Besides the information provided with the SBSFU project in the STM32CubeU5, you can refer to 2 documents:

AN5447: Overview of Secure Boot and Secure Firmware Update solution on Arm® TrustZone® STM32 microcontrollers

UM2851: Getting started with STM32CubeU5 TFM application that provides many details on the secure boot solution (apart from TFM)

Best regards

Jocelyn

Graduate

Hi, Jocelyn

I am trying to understand how works the example of SBSFU for STM32U5 (that one STM32Cube_FW_U5_V1.2.0\Projects\B-U585I-IOT02A\Applications\SBSFU). Could you answer, how generates files ns_data.bin and s_data.bin, those will be signed and encrypted in a script named dataimg.sh. I don't see from where occurs those files and what they sense.

Best regards
Lancelot

HirenThumar2702Author

Associate III

Hello Jocelyn,

Thanks for your replay,

I have checked repo of stm32u5 "en.stm32cubeu5-v1-2-0"

it has an SBSFU example so can I use this example?

Below we mention my project requirement

1. Firmware should upgrade through URAT port(Through TERATERM or any serial loader) and support secure boot features like sign image upgrade.

so can you give guidance on which is better SBSFU or TFM for the STM32U585ZIT6 controller?

Jocelyn RICARDBest answer

ST Employee

Hello @HirenThumar2702,

The SBSFU project will fulfil your requirement.

The TFM example provides also a secure boot (based on the same MCUboot as SBSFU example) but instead of providing a simple secure application as example, provides the TFM porting on STM32U5. It provides secure services such as crypto and secure storage.

Best regards

Jocelyn

HirenThumar2702Author

Associate III

Hello Jocelyn,

Have a nice day.

I am working on B-U585I-IOT02A development kit and i tried merge our application with SBSFU_Boot and SBSFU_Loader

I've included the steps I take to integrate my own application below.

1. Create Project Name: Application[Enable TrustZone]
2. Change .ld file of secure and non secure project[output.ld - added prebuild file in secure and non secure project properties]
3. Change linker path in secure and non secure project properties
4. Added Postbuild.sh in own application repo
5. Update NS address in secure-> main.c "#define VTOR_TABLE_NS_START_ADDR NS_CODE_START"
6. Added postbuild.sh path in secure and non secure project properties
7. Successful compile code
8. Generate sign with encrypted .bin file in Binary folder
9. Go to local bootloader with reset
10. Upload encrypted sign .bin through SBSFU_Loader
11. Reset trigger
12.We are getting log in SBSFU_Boot

LOG:

[INF] signature OK
[INF] Bootloader chainload address offset: 0x1a000
[INF] Jumping to the first image slot

After this Log it is not run our application

i attached my project in this thread so please provide a suggestion for resolving the issue

Thanks

Hiren R. Thumar

flash_layout-(1).h

region_defs-(1).h

ST Employee

Hello Lancelot,

These files are simple binary files with dummy content.

The point here is to provide data files that can be updated using the same mechanism as the firmware update; meaning using encryption and authentication.

Best regards

Jocelyn

Graduate

Jocelyn,
Thank you for your answer!

Do you have any document with notes about the correct way for porting the SBSFU example for STM32U5 from the Trust Zone application to a solution without Trust Zone use for application code? Or some example?

Best regards

Lancelot

ST Employee

Hello Lancelot,

There is no such document.

Reason for this is that if you disable TrustZone, you also lose the temporal isolation (Hide protect memory) that is used to isolate the secure boot from the rest of the application.

Now, I can understand you want a simple secure boot.

If I had to do such porting, I would just remove the TrustZone related configurations (SAU and GTZC configurations mainly), but it may not be that straightforward.

We have a porting of MCU boot on STM32 device without TrustZone on STM32H503. It is called OEMiROT_Boot in the STM32H5Cube. It may help.

Best regards

Jocelyn

Graduate

Hello Jocelyn, thank you for your attention to my message.

Yes. I also decided to continue my development on the base OEMiROT_Boot example. It could be a good way. You have confirmed it for me.

Graduate

@Jocelyn RICARD
Hello Jocelyn, how are you?

I have almost implemented my secure bootloader thanking your link to the OEMiROT_Boot example. Thank you for that. And I have one more little question about it. Could you explain how you set up the including header file in the linker file and the using #defines into? In my project it does not work, so I am just using number values in the linker.

Best regards,

Lancelot

ST Employee

Hello Lancelot,

if you check how SBSFU example is built, you will see that the linker file is generated in the prebuild step using the precompiler:

Here is example of secure application prebuild command.

arm-none-eabi-gcc -E -P -xc -DSTM32U585xx -DBL2 -DTFM_PSA_API -I../../../../Linker -o./output.ld ../STM32U585AIIX_FLASH.ld

So, output.ld is becomes your actual linker file.

Best regards

Jocelyn

Graduate

Have a good day, Jocelyn!

Could you answer one more question for me? In the readme file for the SBSFU example about the Image upgrade strategy it says: "In swap-based image upgrade mode, images in primary and secondary slots are swapped. After swap, new image in primary slot has to be confirmed by user application, else at next boot the images will be swapped back."

How to execute confirmation of a new image in the user application? I can find it in "Appli" project example.

Best regards, Lancelot