Skip to main content
S
Surya S
Associate
January 12, 2024
Question

STM32U585 - Secure boot loader

  • January 12, 2024
  • 2 replies
  • 1650 views

Hello Everyone,

We are currently working with STM32U585 microcontroller for one of our IoT project.

In this project we are planning to implement secure boot.

In this regard we want some clarification on the below points,

1.  After doing secure firmware install(SFI) & setting the RDP to level 2, if the JTAG is compromised is it possible to load any hex file without following SFI process as RDP regression would have taken place and the microcontroller flash would have been mass erased  and RDP level = 0 which gives full access to the controller.

2.  How does the immutable boot loader in RSS checks the integrity of the software bootloader loaded in the flash?

3. Is it possible to add custom key checks to the immutable bootloader in the RSS section?

4. Is it possible to load custom bootloader or modify the immutable bootloader in the RSS section?

Thanks in Advance.

Surya S

This topic has been closed for replies.

2 replies

Bubbles
Bubbles
ST Employee
January 22, 2024

Hello @Surya S,

1) should someone manage to perform the regression then of course the MCU is fully open in RDP0. You need to guard your regression password well.

2) I believe we don't disclose full details, but SHA256 is widely used in similar applications.

3) No customization of the RSS is possible. For any customization needed, I recommend starting from one of the secure boot project examples included in the STM32Cube package. In combination with a boot lock it's a robust solution.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
    Jocelyn RICARD
    Jocelyn RICARD
    ST Employee
    January 22, 2024

    Hello,

    On top of @Bubbles answers I would like to make something clear.

    The SFI is not a bootloader. The SFI mechanism is only dedicated to secure firmware install in factory.

    Once the firmware is installed, I mean once the SFI process is finished, the STM32U5 boots directly on system flash at the secure address defined in option bytes. RSS is not involved in checking integrity of the firmware once it has been installed.

    This means STM32U5 does not provide a ROMed secure boot (as it is done on STM32H573 for instance)

    Now we provide a secure boot example in the CubeFW U5 here:

    STM32Cube_FW_U5_V1.4.0\Projects\B-U585I-IOT02A\Applications\SBSFU\

    It is based on mcuboot opensource solution.

    There you can set your authentication and encryption keys

    Best regards

    Jocelyn 

     

      Terms & ConditionsAccessibility statement