Skip to main content
Grogu
Grogu
Associate III
February 1, 2022
Solved

STM32 Secure Engine adding additional API in se_crypto_bootloader.c.

  • February 1, 2022
  • 4 replies
  • 2323 views

Is there a an option to implement  SE_<FOO> in se_crypto_bootloader.c. I tried implementing a SE_FOO but the system reset as mentioned in document .

"Protected code and data are accessible through a single entry point (call gate mechanism) and it is therefore not possible to run or access any SE code or data without passing through it, otherwise a system reset is generated."

I want to have flexibility for Boot loader to decrypt/encrypt blob of data and also verify signature of blob of data. Which is separate from app image .sfb

This topic has been closed for replies.
Best answer by Fred

Hi Grogu,

the first thing you need to decide is:

  1. do you want the bootloader to do this check, so update the bootloader ?
  2. or do you want your application do do this check when starting (so leaving the bootloader untouched)

The latter option has the benefit of making sure you do not alter the bootloader nominal processing.

In any case, yes, you can extend the Secure Engine services.

I will take the example of option #2.

The idea is this one:

0693W00000JO4WKQA1.png 

Then, you will have to tune the memory mapping probably:

0693W00000JO4XSQA1.pngThis can also impact the slots, you may have to resize them.

But, please, remember that when you add more code in the Secure Engine, you add more code in the secure enclave and this code can access your secrets.

Thanks & Regards,

Fred

4 replies

Fred
FredBest answer
ST Employee
February 1, 2022

Hi Grogu,

the first thing you need to decide is:

  1. do you want the bootloader to do this check, so update the bootloader ?
  2. or do you want your application do do this check when starting (so leaving the bootloader untouched)

The latter option has the benefit of making sure you do not alter the bootloader nominal processing.

In any case, yes, you can extend the Secure Engine services.

I will take the example of option #2.

The idea is this one:

0693W00000JO4WKQA1.png 

Then, you will have to tune the memory mapping probably:

0693W00000JO4XSQA1.pngThis can also impact the slots, you may have to resize them.

But, please, remember that when you add more code in the Secure Engine, you add more code in the secure enclave and this code can access your secrets.

Thanks & Regards,

Fred

Fred
Fred
ST Employee
February 1, 2022

If this can help, please find an "exercise" you can do:

Objective:

•Write some isolated code running in Secure Engine

•This code must be available for the user application (runtime)

•Objective #1: implement a basic copy of data (memcpy)

•Objective #2: try using the AES GCM encrypt/decrypt services

Fred
Fred
ST Employee
February 1, 2022

But, please be careful when adding your own code in Secure Engine:

  • this code runs in the secure enclave
  • this code has access to all the secrets protected by Secure Engine
  • this code can endanger the bootloader services

So you have to be very careful, this code must be "trusted".

Fred
Fred
ST Employee
February 1, 2022

If you really want to do it in the bootloader, the strategy is similar.

You will update:

  • se_crypto_bootloader.c
  • se_interface_bootloader.c/h

And you won't need to propagate the API to the UserApp so no se_interface.txt to be updated.

Only SBSFU will call the new services.

But, be careful, by invoking these services you will change the bootloader flow.

Grogu
GroguAuthor
Associate III
February 2, 2022

@Fred​ implemented a simple service SE_FOO in Secure Engine from instruction provided above and its working as expected.

Jocelyn RICARD
Jocelyn RICARD
ST Employee
February 2, 2022

Hello @Grogu,

Good to see things working fine!

I would like to raise just 2 points, relative a previous post you did.

You are apparently using the STM32H7B3.

If you add functions inside secure engine, you need to know the following

1) the code you put in the secure engine cannot be updated. This constraint is common to all STM32 series.

2) you will not be able to use the secure memory capability of the STM32H7 that isolates the SBSFU from the rest of the application.

Best regards

Jocelyn

Terms & ConditionsAccessibility statement