Skip to main content
B
beartronics
Associate II
October 4, 2024
Solved

Protecting IP while Flashing with STM32_Programmer_CLI - how?

  • October 4, 2024
  • 1 reply
  • 2381 views

Hi all,

Please let me know if this post belongs into the STM32 Security forum.

I'm developing a Windows GUI for flashing STM32H5 with my IP Software. The user of this GUI (customer) and the PC it's running on should NEVER be able to get a hold of the STM32 Software (.bin).

Caling STM32_Programmer_CLI from my GUI App (with -d or -w), it is only possible to provide the binary as a file.
I haven't tried using -w32, but I assume it will be rather slow for a ~megabyte-sized binary.
What I would love to do, is pipe the data into STM32_Programmer_CLI, but I don't think this is possible yet.

What is the best approach for hiding the binary and obk from theft, other than "securing by obscuring"?
Goal is to prevent the customer from flashing other MCUs without using my GUI (which contacts the license server).

Also, after Provisioning/Closing the device, the GUI would need to perform regression in order to reflash it, which again, could expose the password because the CLI only takes it as a file input...

Thanks in advance and best regards,
Stefan

Best answer by Pavel A.

Please see: https://community.st.com/t5/stm32-mcus-security/sbsfu-for-stm32h5/td-p/674511

 

Also, you can use the Programmer API, since you already write a custom application. The API documentation and binaries are installed with the Programmer.

 

1 reply

Pavel A.
Pavel A.Best answer
Super User
October 4, 2024

Please see: https://community.st.com/t5/stm32-mcus-security/sbsfu-for-stm32h5/td-p/674511

 

Also, you can use the Programmer API, since you already write a custom application. The API documentation and binaries are installed with the Programmer.

 

    B
    beartronicsAuthor
    Associate II
    October 7, 2024

    Hello @Pavel A. ,

    I was looking for this, but didn't realise I needed a standalone installation of CubeProgrammer in order to get the API and documentation. I had a quick look in CubeProgrammer_API.h, and it seems that there are some functions missing regarding the provisioning and regression Routine. Is there an API for that, too?

    Thank you and best regards,
    Stefan

    Pavel A.
    Pavel A.
    Super User
    October 7, 2024

     provisioning and regression 

    I don't think so. The Programmer app has some internal logic for that. but I can be wrong.

     

    Terms & ConditionsAccessibility statement