Skip to main content
Jocelyn RICARD
Jocelyn RICARD
ST Employee
March 9, 2022
Question

Issue building SBSFU with latest STM32CubeIDE 1.9.0 : here is the solution

  • March 9, 2022
  • 17 replies
  • 9158 views

Hello SBSFU users !

The latest release of STM32CubeIDE 1.9.0 is introducing GNU Tools version 10.3 as toolchain. This new toolchain creates an issue in the SBSFU final build.

A new release of X-CUBE-SBSFU is coming in around one month to fix this but, in the meanwhile, I would like to share with you the changes needed to be able to use this version of STM32CubeIDE.

First, the issue is related the the ability to call services in the secure engine. So, if you do not need this feature, just remove it.

Here is how to do this.

1- Open Properties of your user application

2- in C/C++ Build/Settings/MCU GCC Linker/Miscellaneous, remove the content of Additional objects. Something like "./../../2_Images_SBSFU/STM32CubeIDE/Debug/se_interface_app.o"

3- Also remove in your code any call to SE_*. The common service implemented is usually SE_APP_GetActiveFwInfo

That's it.

Now, if you use the SE service, here is what you need to do. The following is the description of the changes done in the SBSFU provided in the STM32WL firmware package. So, you can also get this package for reference.

Principle is to generate a specific .ld file containing the service name and associated address.

1) In SBSFU project, you need to create a postbuild.sh ...SBSSU/STM32CubeIDE/postbuild.sh containing the following

#!/bin/bash -
echo "Extract SE interface symbols"
arm-none-eabi-nm $1 > nm.txt
case "$(uname -s)" in
 Linux*|Darwin*)
 tr -d '\015' <../se_interface.txt >../se_interface_unix.txt
 grep -F -f ../se_interface_unix.txt nm.txt > symbol.list
 rm ../se_interface_unix.txt
 ;;
 *)
 grep -F -f ../se_interface.txt nm.txt > symbol.list
 ;;
esac
wc -l symbol.list
cat symbol.list | awk '{split($0,a,/[ \r]/); print a[3]" = 0x"a[1]";"}' > se_interface_app.ld
rm nm.txt
rm symbol.list

2) Add the call to this postbuild.

in Properties/C/C++ build/Settings/Build Steps/Post-built steps

Replace the old command by this new one:

"../postbuild.sh" "${BuildArtifactFileName}"

This will create the se_interface_app.ld in the debug directory

When building SBSFU you should see something like this in the build console. The 1 means only 1 symbol created. This is the number of services of Secure Engine you use. 

Extract SE interface symbols

1 symbol.list

3) Edit the .ld file of your application and just before the INCLUDE mapping_fwimg.ld add following line

INCLUDE se_interface_app.ld

4) Last point. You need to give to linker the directory where to find this ld file

in Properties/C build/Settings/MCU GCC Linker/Library/Library search path, add following line

 ../../../2_Images_SBSFU/STM32CubeIDE/Debug

You may need to adapt the path to your own project to find the path to SBSFU

Then your application should link.

I hope this will help

Best regards

Jocelyn

    This topic has been closed for replies.

    17 replies

    Vincent LEYNAERT
    Vincent LEYNAERT
    ST Employee
    March 10, 2022

    Thanks Jocelyn for this fast workaround solution. I tested second option with .sh file and se_interface.ld generation and this works perfectly. regards.

    Clark Sann
    Clark Sann
    Associate III
    April 4, 2022

    @Jocelyn RICARD​ I'm sorry but your procedure is not working for me. I made your changes in the ...2_Images_SBSFU demo app on a Mac. When I try to build 2_Images_SBSFU the linker fails to find se_interface_app.ld. This is because postbuild.sh has not been executed yet. I never see the echo of Extract SE interface symbols. I have apparently made an error somewhere but I can't find it.

    Jocelyn RICARD
    Jocelyn RICARDAuthor
    ST Employee
    April 4, 2022

    Hello @Clark Sann​ ,

    first did you set the postbuild.sh as executable?

    Did you get an error ?

    The postbuild.sh needs to be in the postbuild steps of SBSFU.

    Best regards

    Jocelyn

    Clark Sann
    Clark Sann
    Associate III
    April 4, 2022

    @Jocelyn RICARD​ 

    Thank you for your quick reply!

    Yes, I did set the script as executable so I did not get an error. And it is set as the post build script for the SBSFU app.

    The problem is that the post build script is not run. This is because the build process dies when the linker cannot find the se_interface_app.ld.

    The reason it can’t find that file is because it has not been created.

    And that is because the build process died before the post build script could be run.

    I’m not exactly sure when the post build script is to be ran but I think it is ran after compilation AND linking. Because the linker fails, the script which builds the new .ld file is not run.

    This is all pretty new to me and so I my conclusions may be wrong.

    Jocelyn RICARD
    Jocelyn RICARDAuthor
    ST Employee
    April 5, 2022

    Hello @Clark Sann​ 

    I suspect you added the line

    INCLUDE se_interface_app.ld

    in the wrong linker file. It needs to be added in the linker file of the application and not the one of SBSFU

    Best regards

    Jocelyn

    Clark Sann
    Clark Sann
    Associate III
    April 5, 2022

    You are correct. I will fix that when I get to the office.

    Thank you for excellent support!

    clark

    Geoff1
    Geoff1
    Associate
    April 6, 2022

    Hello Jocelyn

    Is there a pre-release of the IDE which fixes the problem with the secure engine/compiler problem? It is important for our project that the STM32Cube AWS Cloud function pack for STWINKT1B AWSdemo example does build with the IDE release tools. Our goal is to enhance this example project. Alternatively, could you provide the example modified to build without the secure boot (like the serial_datalog example which I do have running) so that I have a working Wi-Fi example?

    A third option would be if there is a Cellular + FreeRTOS + AWS MQTT example that does not fall fowl of the secure engine/compiler problem?

    Best Regards

    Geoff

    Jocelyn RICARD
    Jocelyn RICARDAuthor
    ST Employee
    April 6, 2022

    Hello @Geoff​ ,

    There will not be any change in the IDE to fix this.

    The packages themselves will be updated progressively.

    Now, you can use this method for any package using SBSFU. It will work.

    You may need to adapt one or 2 path because directory structure is not the same, but solution is same for all.

    If you don't manage to do it, please provide link to exact package you need use on st.com and I'll provide the files to change

    Best regards

    Jocelyn

    Geoff1
    Geoff1
    Associate
    April 6, 2022

    I have successfully re-built  fp-cld-aws1 using STM32CubeIDE 1.8.0.

    I have run STEVAL-STWINKT1/Applications/BootLoader_STSAFE/STSAFE_Provisioning/Binary/Provisioning.bin, but I have not seen the following:

     -------------------------------------------------------------------------------

     Start provisionning of STSAFE

     Force STSAFE-A110 Perso

     Launching STSAFE-A110 Perso

     Check if Pairing Host keys available

     Perso OK

     Erase Data : OK

     Now Store Certificate STM_POC_SBSFU_ROOT_TEST_CA_00 inside STSAFE

     Certificate STM_POC_SBSFU_ROOT_TEST_CA_00 successfully written inside STSAFE

     Now Store Data using HAL_Store_Data

     Now Store Certificate STM_POC_SBSFU_OEM_TEST_CA_00 inside STSAFE

     Certificate STM_POC_SBSFU_OEM_TEST_CA_00 successfully written inside STSAFE

     End provisionning of STSAFE

    I only see the first two lines.

    When I run the cloud application I get the following:

    = [SBOOT] System Security Check successfully passed. Starting...

    = [FWIMG] Slot #0 @: 8105000 / Slot #1 @: 8036000 / Swap @: 81d5000

    ======================================================================

    =       (C) COPYRIGHT 2017 STMicroelectronics         =

    =                                  =

    =       Secure Boot and Secure Firmware Update        =

    ======================================================================

    = [SBOOT] STATE: WARNING: SECURE ENGINE INITIALIZATION WITH FACTORY DEFAULT VALUES!

    = [SBOOT] STATE: CHECK STATUS ON RESET

         INFO: A Reboot has been triggered by a Software reset!

         Consecutive Boot on error counter = 0

         INFO: Last execution detected error was:No error. Success.

    = [SBOOT] STATE: CHECK KMS BLOB TO INSTALL

    = [SBOOT] STATE: CHECK USER FW STATUS

    = [SBOOT] LOADING CERTS FROM SECURE ENGINE

    and nothing more.

    Is there a way to detect if provisioning has ever been successful? Am I supposed to execute STSAFE_PAIRING_keys.bin at some point?

    The ST-LINKV3mini has been loaded with Firmware V3J9M3.

    I'm following instructions from UM2186, but I find them confusing and ambiguous.

    Regards,

    Geoff

    Geoff1
    Geoff1
    Associate
    April 6, 2022

    Thanks for explaining further Jocelyn. Got it.

    I'm looking to build fp-cld-aws1 using STM32CubeIDE on Windows 10.

    Regards

    Geoff

    Geoff1
    Geoff1
    Associate
    April 6, 2022

    Jocelyn

    To narrow things down further, the target platform is STEVAL-STWINKT1B with STEVAL-STWINFV1. We also have STEVAL-STMODLTE.

    Thanks for your help,

    Geoff

    klang.1
    klang.1
    Associate
    April 19, 2022

    I added postbuild.sh to SBSFU,

    Extract SE interface symbols

    1 symbol.list

    But for user app, after I added INCLUDE se_interface_app.ld to STM32L476RGTx.ld

    ...

    INCLUDE se_interface_app.ld

    INCLUDE mapping_fwimg.ld

    INCLUDE mapping_sbsfu.ld

    ...

    and changes in Properties/C build/Settings/MCU GCC Linker/Library/Library search path, add following line

    I still got the same issue

    ... bin\ld.exe: cannot use executable file '../../../2_Images_SBSFU/STM32CubeIDE/Debug/se_interface_app.o' as input to a link

    collect2.exe: error: ld returned 1 exit status

    klang.1
    klang.1
    Associate
    April 19, 2022

    sorry, my mistake. It works fine after I deletes the old setting in Properties/C build/Settings/MCU GCC Linker/Miscellaneous\Additional object files,

    Show more replies
    Terms & ConditionsAccessibility statement