Skip to main content
APann.3
APann.3
Visitor II
May 29, 2023
Question

Security Engine fails to pass tag authentication of the uploaded application image.

  • May 29, 2023
  • 3 replies
  • 1431 views

For some reason bootloader fails to pass image tag authentication. SE_AuthenticateFW_Finish(pSeStatus, fw_tag_output, (int32_t *)&fw_tag_len). returns SFU_SUCCESS status. However, compare to the tag retrived from image header located in MCU flash is failed:

if (MemoryCompare(fw_tag_output, fw_tag, SE_TAG_LEN) != SFU_SUCCESS)

Validated, that the tag compiled and incorporated into sfb image is exactly matching the one retrieved by SE mechanism from application image header located in MCU flash. Despite this, tag verification fails.

Also, all chanks of image are passing authentication correctly SE_AuthenticateFW_Append(pSeStatus, fw_image_chunk, (int32_t)fw_chunk_size,

                          fw_chunk, (int32_t *)&fw_chunk_size);

We are using CubeMX IDE environment Version: 1.10.1

Build: 12716_20220707_0928 (UTC)

    This topic has been closed for replies.

    3 replies

    Jocelyn RICARD
    Jocelyn RICARD
    ST Employee
    June 7, 2023

    Hello @APann.3​,

    we solved your issue through direct support with OLS.

    Up to you to share or not how this was solved.

    Best regards

    Jocelyn

    NAndreadakis
    NAndreadakis
    Associate II
    November 21, 2023

    Hello Jocelyn,

    I am experiencing a similar issue to APann with the SE_AuthenticateFW_Finish function. Specifically, after successfully writing the update SFB firmware to an external EEPROM and passing all other checks, I encounter a discrepancy during authentication. The SE_AuthenticateFW_Finish function returns a false key instead of the correct one obtained from the SFB.

    Interestingly, when using the full .bin firmware, everything functions as expected, and the SE_AuthenticateFW_Finish function returns the correct tag.

    I would greatly appreciate it if you could provide me with an explanation or any insights into this issue. Your expertise in this matter would be immensely helpful in resolving the authentication discrepancy.

    Best regards,

    Nikos

      Jocelyn RICARD
      Jocelyn RICARD
      ST Employee
      November 21, 2023

      Hello @NAndreadakis ,

      the previous issue was related to the way sfb image was created. Probably not the same issue on your side.

      I would suggest comparing the sfb binary content loaded into your external memory and the actual sfb to check if transfer was performed successfully. Then, you can check the output of decryption if it is the same of the original binary in clear. Checking first bytes and end bytes is enough.

      Best regards

      Jocelyn

      NAndreadakis
      NAndreadakis
      Associate II
      November 22, 2023

      Moved to new topic Re: Issue with SFBU and EEPROM Firmware Update - STMicroelectronics Community

      Terms & ConditionsAccessibility statement