Skip to main content
J
Jakub Standarski
Associate III
September 26, 2023
Solved

SBSFU | 1 Image Download and Decryption

  • September 26, 2023
  • 1 reply
  • 1319 views

Hello all.
Another question regarding SBSFU, this time 1 image version.
When we download new image via YMODEM, when does decryption process happen?

1. Is new image first downloaded into active image slot and then decrypted?

2. Is new image downloaded and decrypted at the same time, which is basically decryption on the fly, but that requires special hardware accelerator?

 

Thanks in advance!

This topic has been closed for replies.
Best answer by Jocelyn RICARD

Hello @Jakub Standarski ,

In 1 image setup, if the update is done by the SBSFU loader, you can follow what is done in file

1_Image\1_Image_SBSFU\SBSFU\App\sfu_loader.c

in function 

SFU_ErrorStatus SFU_COM_YMODEM_DataPktRxCpltCallback(uint8_t *pData, uint32_t uSize)
 
This function is called when Ymodem protocol receives a new packet.
The first packet containing .sfb file will contain the header.
This signature of the header is immediately checked, reason why you can see a little delay after first pack transmission.
Then if signature is OK, the rest is decrypted "on the fly" but with software crypto, and written into flash.
Once all transfer is done, SBSFU computes the hash of the whole firmware and compares is with the one provided in the authenticated header.
If the check fails, firmware is erased and SBSFU waits for a new download.
I hope it answers your question.
Best regards
Jocelyn

1 reply

Jocelyn RICARD
Jocelyn RICARDBest answer
ST Employee
September 26, 2023

Hello @Jakub Standarski ,

In 1 image setup, if the update is done by the SBSFU loader, you can follow what is done in file

1_Image\1_Image_SBSFU\SBSFU\App\sfu_loader.c

in function 

SFU_ErrorStatus SFU_COM_YMODEM_DataPktRxCpltCallback(uint8_t *pData, uint32_t uSize)
 
This function is called when Ymodem protocol receives a new packet.
The first packet containing .sfb file will contain the header.
This signature of the header is immediately checked, reason why you can see a little delay after first pack transmission.
Then if signature is OK, the rest is decrypted "on the fly" but with software crypto, and written into flash.
Once all transfer is done, SBSFU computes the hash of the whole firmware and compares is with the one provided in the authenticated header.
If the check fails, firmware is erased and SBSFU waits for a new download.
I hope it answers your question.
Best regards
Jocelyn
    J
    Jakub StandarskiAuthor
    Associate III
    September 26, 2023

    Awesome! That's what I needed, thanks!

    Terms & ConditionsAccessibility statement