STM32L562 sbsfu queries

Question

Hello,I want to use sbsfu for STM32L562 controller with STM32Cube IDE version 1.5.AS per primary research i am using below package and project .I am using STM32SecuWS package.Under that project I am using is STM32SecuWS\TFM\STM32Cube_FW_L5_V1.3.0\Projects\NUCLEO-L552ZE-Q\Applications\SBSFU.I have gone through the document.overview-of-secure-boot-and-secure-firmware-update-solution-on-arm-trustzone-stm32l5-series-microcontrollers-stmicroelectronics.pdfAnd I want to use STM32CubeL5 SBSFU on page 10.non secure image primary slot(single slot 1 image).1) For single slot do i required SBSFU_Loader project?2) I only want to upload non secure image(my user application) do i need to run SBSFU\SBSFU_Appli\Secure project? 3) Postbuild.bat process remains same as x cube sbsfu right?4) project example is with L552ZE , i have to use STM32L562 what configuration or settings i need to change in cubeIDE?5) Example project already using mbedTLS library right?6) getting-started-with-stm32cubel5-tfm-application-stmicroelectronics.pdfis not useful as i required SBSFU on stm32l562 and not TFM right?Regards,Vrund

Jocelyn RICARD · Accepted Answer

Hi Vrund,I'm not sure the reason why you want to use STM32L5.You can use the L5 without activating TZEN, but you loose the HDP feature in that case.Using this chip in non secure only, you can port the SBSFU or do your own secureboot.You have other bootloader examples available: the mcuboot provided in L5 and also the wolf secureboot.Also, we provide some very basic secureboot to show how things work in the MOOC security part 3.So, many possible solutions.Best regardsJocelyn

Jocelyn RICARD · Answer

Hello Vrund,First, there is a 1.3.1 release of the firmware already available.Only change compared to 1.3.0 is that mcu boot related exe files used for signature operations are now digitally signed by ST avoiding issues with automatic removal.Answers to your questions:1) For single slot do i required SBSFU_Loader project?A: Yes, you need a loader outside your application in this case.2) I only want to upload non secure image(my user application) do i need to run SBSFU\SBSFU_Appli\Secure project?A: Yes, the secure boot is checking authenticity of both secure and non secure images, and then jumps to secure.The secure image is important to setup the security configuration of your platform.3) Postbuild.bat process remains same as x cube sbsfu right?A: No, in TFM we use a different implementation of SBSFU that is based on open source mcu boot.So, scripts are different.4) project example is with L552ZE , i have to use STM32L562 what configuration or settings i need to change in cubeIDE?A: You need to adapt the target if you want to use HW accelerated crypto. Also, you will need to adapt the interfaces used by SBSFU: UART, LED and button.But you can copy this from the TFM implementation on the STM32L5625) Example project already using mbedTLS library right?A: Yes, we don't use the ST S-CUBE-CRYPTOLIB here.6) getting-started-with-stm32cubel5-tfm-application-stmicroelectronics.pdfis not useful as i required SBSFU on stm32l562 and not TFM right?A: You can have a look to the AN5447 that shows the differences between the 2.Basically, TFM uses the same secure boot (based on mcuboot). You can also have a look to the presentation made in the security MOOC part 6.Best regardsJocelyn

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded