St Stm32cube Quick setup guide

December 2021 AN5056 Rev 8 1/49

AN5056

Application note

Integration guide for the X-CUBE-SBSFU

STM32Cube Expansion Package

Introduction

The X-CUBE-SBSFU Secure Boot and Secure Firmware Update solution allows the update of the

STM32 microcontroller built-in program with new firmware versions, adding new features and

correcting potential issues. The update process is performed in a secure way to prevent unauthorized

updates and access to confidential on-device data.

The Secure Boot (Root of Trust services) is an immutable code, always executed after a system reset.

It checks STM32 static protections, activates STM32 runtime protections, and then verifies the

authenticity and integrity of user application code before every execution to make sure that invalid or

malicious code cannot be run.

The Secure Firmware Update application receives the firmware image via a UART interface with the

Ymodem protocol. It checks its authenticity, and the integrity of the code before installing it. The

firmware update is done on the complete firmware image, or only on a portion of the firmware image.

Examples can be configured to use asymmetric or symmetric cryptographic schemes with or without

firmware encryption. They are provided:

•for single-slot configuration to maximize firmware image size

•for dual-slot configuration to ensure safe image installation and enable over-the-air firmware

update capability commonly used in IoT devices.

For a complex system with multiple firmware such as protocol stack, middleware, and user application,

the firmware image configuration can be extended up to three firmware images.

The secure key management services provide cryptographic services to the user application through

the PKCS #11 APIs (KEY ID-based APIs) that are executed inside a protected and isolated

environment. User application keys are stored in the protected and isolated environment for their

secured update: authenticity check, data decryption, and data integrity check.

STSAFE-A110 is a tamper-resistant secure element (Hardware Common Criteria EAL5+ certified)

used to host X509 certificates and keys and perform verifications used for firmware image

authentication during Secure Boot and Secure Firmware Update procedures.

The X-CUBE-SBSFU user manual (UM2262) explains how to get started with

X-CUBE-SBSFU and details SBSFU functionalities. This application note describes how to adapt X-

CUBE-SBSFU and integrate it with the user’s application; It answers such questions as:

•How to port X-CUBE-SBSFU onto another board?

•How to tune the X-CUBE-SBSFU configuration to fit the user’s needs?

•How to generate a new firmware encryption key?

•How to debug X-CUBE-SBSFU?

•How to adapt to SBSFU?

•How to adapt the user’s application?

Note: Throughout this application note, the IAR Embedded Workbench®IDE is used as an example to

provide guidelines for project configuration. Secure Boot and Secure Firmware Update applications

are referred to as SBSFU.

Note: The single-slot configuration is demonstrated in examples named 1_Image.

The dual-slot configuration is demonstrated in examples named 2_Images.

www.st.com

Contents AN5056

2/49 AN5056 Rev 8

Contents

1 General information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 Related documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

3 Porting X-CUBE-SBSFU onto another board . . . . . . . . . . . . . . . . . . . . . 9

3.1 Hardware adaptation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.2 Memory mapping definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.2.1 SBSFU region definition parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3.2.2 Firmware image slot definition parameters . . . . . . . . . . . . . . . . . . . . . . 14

3.2.3 Project-specific linker files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

3.2.4 Multiple image configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3.3 Dual-core adaptation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

4 SBSFU configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

4.1 Features to be configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

4.2 Cryptographic scheme selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

4.3 Security configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4.4 Development or production mode configuration . . . . . . . . . . . . . . . . . . . . 25

5 Generating a cryptographic key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

5.1 Generating a new firmware AES encryption key . . . . . . . . . . . . . . . . . . . 27

5.2 Generating a new public/private ECDSA pair of keys

for firmware verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

5.3 STM32WB Series specificities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

5.4 KMS specificities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

5.5 STSAFE-A110 specificities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

6 Tips for debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

6.1 Compiler optimizations level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

6.2 Memory mapping adaptation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

6.3 Debugging SECoreBin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

7 Adapting SBSFU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

AN5056 Rev 8 3/49

AN5056 Contents

7.1 Implementing a new cryptographic scheme for SBSFU . . . . . . . . . . . . . . 34

7.2 Optimizing memory mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

7.3 How to activate interruption management inside the firewall isolated

environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

7.4 How to improve boot time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

8 Adapting the user application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

8.1 How to make an application SBSFU compatible . . . . . . . . . . . . . . . . . . . 40

8.2 Use of Flash memory to store user data . . . . . . . . . . . . . . . . . . . . . . . . . 43

8.3 Changing the firmware download function in the user application . . . . . . 44

8.4 How to change the firmware version . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

8.5 How to validate a firmware image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

9 Revision history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

List of tables AN5056

4/4 AN5056 Rev 8

List of tables

Table 1. List of acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Table 2. List of terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Table 3. SBSFU code-size reduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Table 4. Document revision history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

AN5056 Rev 8 5/5

AN5056 List of figures

List of figures

Figure 1. SBSFU project structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Figure 2. Memory mapping example (NUCLEO-L476RG). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Figure 3. Linker file architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Figure 4. Mapping constraints with MPU isolation (NUCLEO-G071RB example) . . . . . . . . . . . . . . . 12

Figure 5. Mapping constraints for user application execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Figure 6. SBSFU regions (NUCLEO-L476RG mapping_sbsfu.icf) . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Figure 7. Firmware image slot definitions (NUCLEO-L476RG mapping_fwimg.icf). . . . . . . . . . . . . . 14

Figure 8. Firewall configuration constraint on dual bank products . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Figure 9. Firewall configuration after bank swap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Figure 10. SECoreBin specific linker file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Figure 11. SBSFU specific linker file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Figure 12. UserApp specific linker file (NUCLEO-L476RG example) . . . . . . . . . . . . . . . . . . . . . . . . . 17

Figure 13. Multiple image configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Figure 14. STM32H7 Series dual-core adaptation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Figure 15. SBSFU configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Figure 16. Switching the cryptographic scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Figure 17. STM32L4 Series and STM32L0 Series security configuration (app_sfu.h) . . . . . . . . . . . . 23

Figure 18. STM32F4 Series, STM32F7 Series and STM32L1

Series security configuration (app_sfu.h) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Figure 19. STM32G0 Series, STM32G4 Series, and STM32H7 Series

security configuration (app_sfu.h). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Figure 20. STM32WB Series security configuration (app_sfu.h) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Figure 21. Option Bytes management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Figure 22. New firmware encryption-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Figure 23. New private/public keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Figure 24. Key provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Figure 25. KMS specificities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Figure 26. STSAFE-A110 pairing keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Figure 27. Compiler optimizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Figure 28. Memory mapping adaptations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Figure 29. Checking the WRP protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Figure 30. Debugging inside SECoreBin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Figure 31. User’s cryptographic scheme implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Figure 32. Example of memory mapping optimization on NUCLEO-G071RB – 2 images . . . . . . . . . 37

Figure 33. IDE adaptations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Figure 34. Boot time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Figure 35. Vector table position update (NUCLEO-L476RG example) . . . . . . . . . . . . . . . . . . . . . . . . 40

Figure 36. User application binary file length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Figure 37. IDE adaptations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Figure 38. Free Flash pages (NUCLEO-L476RG example) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Figure 39. UserApp firmware download overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Figure 40. Firmware version change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Figure 41. Validation menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

General information AN5056

6/49 AN5056 Rev 8

1 General information

Table 1 and Table 2 present the definitions of acronyms and terms that are relevant for a

better understanding of this document.

Table 1. List of acronyms

Acronym Description

AES Advanced encryption standard

DAP Debug access port

ECDSA Elliptic curve digital signature algorithm

GCM AES Galois/counter mode

HAL Hardware abstraction layer

IDE Integrated development environment

FWALL Firewall

MPU Memory protection unit

OTFDEC On-the-fly decryption

PEM Privacy enhanced mail

PCROP Proprietary code readout protection

RDP Readout device protection

SB Secure Boot

SE Secure Engine

SFU Secure Firmware Update

SBSFU Secure Boot and Secure Firmware Update

UART Universal asynchronous receiver/transmitter

WRP Write protection

Table 2. List of terms

Term Description

Firmware image An executable binary image run by the device as a user application.

Firmware header Bundle of meta-data describing the firmware image to be installed. It contains

firmware information and cryptographic information.

mbedTLS mbed implementation of the TLS and SSL protocols and the respective

cryptographic algorithms.

sfb file Binary file packing the firmware header and the firmware image.

AN5056 Rev 8 7/49

AN5056 General information

The X-CUBE-SBSFU Secure Boot and Secure Firmware Update Expansion Package runs

on STM32 32-bit microcontrollers based on the Arm®(a) Cortex®-M processor.

a. Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and or elsewhere.

Related documents AN5056

8/49 AN5056 Rev 8

2 Related documents

1. User manual Getting started with STM32CubeH7 for STM32H7 Series (UM2204)

2. User manual Getting started with STM32CubeG4 for STM32G4 Series (UM2492)

3. User manual Getting started with STM32CubeL0 for STM32L0 Series (UM1754)

4. User manual Getting started with STM32CubeL1 MCU Package for STM32L1 Series

(UM1802)

5. User manual Getting started with STM32CubeWB for STM32WB Series (UM2550)

6. User manual Getting started with STM32CubeL4 for STM32L4 Series and STM32L4+

Series (UM1860)

7. User manual Getting started with STM32CubeF4 MCU Package for STM32F4 Series

(UM1730)

8. User manual Getting started with STM32CubeF7 MCU Package for STM32F7 Series

(UM1891)

9. User manual Getting started with STM32CubeG0 for STM32G0 Series (UM2303)

10. User manual Getting started with the X-CUBE-SBSFU STM32Cube Expansion

Package (UM2262)

11. User manual Development guidelines for STM32Cube Expansion Packages (UM2285)

12. User manual Development checklist for STM32Cube Expansion Packages (UM2312)

13. User manual STM32CubeProgrammer software description (UM2237)

14. STM32 Cortex®-M4 MCUs and MPUs programming manual (PM0214)

15. STM32F7 Series and STM32H7 Series Cortex®-M7 processor programming manual

(PM0253)

16. Cortex®-M0+ programming manual for STM32L0, STM32G0, STM32WL and

STM32WB Series (PM0223)

17. Datasheet for STSAFE-A110 Authentication, state-of-the-art security for peripherals

and IoT devices (DS12911)

AN5056 Rev 8 9/49

AN5056 Porting X-CUBE-SBSFU onto another board

3 Porting X-CUBE-SBSFU onto another board

X-CUBE-SBSFU supplements the STM32Cube™ software technology, making portability

across different STM32 microcontrollers easy. It comes with a set of examples implemented

on given STM32 boards that are useful starting points to port the X-CUBE-SBSFU onto

another STM32 board. The NUCLEO-L476RG and NUCLEO-L432KC boards are used as

examples in this document.

3.1 Hardware adaptation

A few changes are needed to adapt X-CUBE-SBSFU to another board:

1. GPIO configuration for UART communication with the host PC (In sfu_low_level.h file)

2. Flash configuration: NUCLEO-L432KC gives an example of a single-bank Flash

interface whereas NUCLEO-L476RG is dual-bank based (In sfu_low_level.c file)

3. Button configuration: NUCLEO-L476RG gives an example based on the push button

whereas NUCLEO-L432KC simulates a virtual button with a GPIO (In app_hw.h file)

4. Tamper GPIO pin configuration (In sfu_low_level_security.h file)

5. DAP - Debug port configuration (In sfu_low_level_security.h file)

6. I2C bus configuration for communication with STSAFE-A110

(In stsafea_service_interface.c file of

B-L4S5I-IOT01A\Applications\2_Images_STSAFE\2_Images_SECoreBin).

Figure 1 presents the SBSFU project structure together with the location of the files where

porting changes are expected.

Figure 1. SBSFU project structure

Porting X-CUBE-SBSFU onto another board AN5056

10/49 AN5056 Rev 8

3.2 Memory mapping definition

As already highlighted in the X-CUBE-SBSFU user manual (Refer to [10]), a key aspect is

the placement of all elements inside the Flash memory of the device:

•Secure Engine: protected environment to manage all critical data and operations.

•SBSFU: Secure Boot and Secure Firmware Update

•Active slot: this slot contains active firmware (Firmware header with firmware)

•Download slot: this slot stores downloaded firmware (Firmware header with encrypted

firmware) to be installed at the next reboot

•Swap area: Flash memory area used to swap the content of active and download slots

during the installation process

Figure 2 presents the Flash memory mapping illustrated by the NUCLEO-L476RG example.

Figure 2. Memory mapping example (NUCLEO-L476RG)

AN5056 Rev 8 11/49

AN5056 Porting X-CUBE-SBSFU onto another board

The linker file definitions shared between the three projects (SECoreBin, SBSFU, UserApp)

are grouped in the Linker_Common folder as presented in Figure 3:

•mapping_fwimg.icf: contains firmware image definitions such as active slots, download

slots, and swap area

•mapping_sbsfu.icf: contains SBSFU definitions such as SE_Code_region,

SE_Key_region, and SE_IF_region

•mapping_export.h: export the symbols from mapping_sbsfu.icf and mapping_fwimg.icf

to the SBSFU applications

Each region can be extended when adding more code is needed or shifted to another

address as long as the resulting security settings satisfy security requirements.

Figure 3. Linker file architecture

The security peripheral configuration (RDP, WRP, PCROP, FWALL, secure user memory if

available for the series) is automatically computed based on the SBSFU linker symbols

except for MPU configuration due to the following constraints:

•each MPU region base address must be a multiple of the MPU region size.

•each MPU region can be divided into 8 sub-regions to adjust the size.

The mapping constraints with MPU isolation are illustrated in Figure 4.

Porting X-CUBE-SBSFU onto another board AN5056

12/49 AN5056 Rev 8

Figure 4. Mapping constraints with MPU isolation (NUCLEO-G071RB example)

Another typical use case is the MPU configuration of the active-slot region to authorize user

application execution. Figure 5 shows how to respect the MPU constraints on NUCLEO-

L073RZ.

Figure 5. Mapping constraints for user application execution

AN5056 Rev 8 13/49

AN5056 Porting X-CUBE-SBSFU onto another board

3.2.1 SBSFU region definition parameters

Figure 6 presents the parameters in file mapping_sbsfu.icf that are used for the

configuration of the SBSFU regions.

Figure 6. SBSFU regions (NUCLEO-L476RG mapping_sbsfu.icf)

Porting X-CUBE-SBSFU onto another board AN5056

14/49 AN5056 Rev 8

3.2.2 Firmware image slot definition parameters

Figure 7 presents the parameters in file mapping_fwimg.icf that are used for the

configuration of the image regions.

Figure 7. Firmware image slot definitions (NUCLEO-L476RG mapping_fwimg.icf)

Compliance with SBSFU constraints requires that the following conditions are met:

•Slots areas must be aligned on the Flash sector size, which is 2048 bytes (0x800) for

devices in the STM32L4 Series.

•The minimum size of SWAP is 4 Kbytes and at least equal to the size of the largest

sector.

•The size of active and download slots must be multiple of the SWAP size.

•The sizes of active and download slots must be equal, except when using the partial

update feature.

In some configurations (External Flash with OTFDEC, multiple image configuration) the

header must be located outside the active slot in its own Flash memory sector to remain

protected inside the isolated environment.

For STM32L4 dual-bank Flash memory devices, firewall specific constraints are:

•Firewall code segment must be in bank1, firewall non-volatile data (Including the

header of the active slot) segment must be in bank2.

•The non-volatile data segment must overlap the firewall code segment to ensure that

secrets are always protected even if the banks are swapped.

Figure 8: Firewall configuration constraint on dual bank products and Figure 9: Firewall

configuration after bank swap illustrate the firewall configuration on the NUCLEO-

L476RG and the consequences when banks are swapped.

AN5056 Rev 8 15/49

AN5056 Porting X-CUBE-SBSFU onto another board

Figure 8. Firewall configuration constraint on dual bank products

Figure 9. Firewall configuration after bank swap

For the STM32G0 Series, STM32G4 Series, and STM32H7 Series, one constraint exists:

the header of the active slot must be mapped just after the SBSFU code to be protected by

the secured memory.

The SFU_IMAGE_OFFSET value depends on the STM32 microcontroller series:

•For the STM32L4 Series, STM32L0 Series, STM32L1 Series, STM32WB Series, and

STM32F4 Series, the default value is used: 512 bytes.

•For the STM32F7 Series and STM32H7 Series: 1024 bytes.

(With the Cortex®-M7, the vector table must be aligned on 1024 bytes).

•For the STM32G0 Series: 2048 bytes.

The secure user memory end address is aligned on the Flash sector size.

•For the STM32G4 Series: 4096 bytes.

The secure user memory end address is aligned on the Flash sector size.

•For the STSAFE-A variant: 2048 bytes.

The image header has a 2048-byte length to include X509 certificates.

Porting X-CUBE-SBSFU onto another board AN5056

16/49 AN5056 Rev 8

Note: For series with MPU-based isolation or firewall-based isolation, the MPU constraint on the

active-slot configuration must be verified as illustrated in Figure 5.

3.2.3 Project-specific linker files

SECoreBin places critical code and data such as secrets, as illustrated in Figure 10.

Figure 10. SECoreBin specific linker file

The SBSFU linker file is in charge of SBSFU application placement that includes SECoreBin

binary as shown in Figure 11.

Figure 11. SBSFU specific linker file

AN5056 Rev 8 17/49

AN5056 Porting X-CUBE-SBSFU onto another board

UserApp must be configured to run in the active slot (Slot active start address with

SFU_IMG_IMAGE_OFFSET) as illustrated in Figure 12 where SFU_IMG_IMAGE_OFFSET is

512 bytes for the STM32L4 Series.

Figure 12. UserApp specific linker file (NUCLEO-L476RG example)

1. Depends on the STM32 microcontroller Series.

3.2.4 Multiple image configuration

Up to three active slots (SFU_NB_MAX_ACTIVE_IMAGE) and three download slots

(SFU_NB_MAX_DWL_AREA) can be configured.

During the installation process, the active slot is identified with the SFU magic tag inside the

firmware image header (SFU1, SFU2, or SFU3). Depending on firmware compatibility

constraints, if the simultaneous firmware installation is not required, a single download slot

can be configured for the three active slots to optimize the memory footprint.

At boot, after verification of the authenticity and integrity of all firmware images, SBSFU

jumps into the active firmware image located inside the MASTER_SLOT in priority.

As a constraint, all the headers must be grouped in a single area to be protected inside the

isolated environment. Each header must be located in its own Flash memory sector.

Figure 13 shows the example of the multiple-image configuration provided in

2_Images_ExtFlash of the B-L475E-IOT01A board.

Porting X-CUBE-SBSFU onto another board AN5056

18/49 AN5056 Rev 8

Figure 13. Multiple image configuration

3.3 Dual-core adaptation

For the STM32H7 Series dual-core products, it is mandatory to disable the CM4 boot while

the SBSFU is running (On CM7).

Thus, once the authentication and the integrity of all firmware images are verified by the

SBSFU, the user application starting on CM7 can trigger the boot of CM4.

As an example, to port applications provided for NUCLEO-H753ZI on NUCLEO-H755ZI-Q,

the following modifications are needed as shown in Figure 14:

1. Modify the IDE configuration by adding STM32H755xx and CORE_CM7 defined

symbols.

2. Change the supply configuration from LDO to SMPS in SystemClock_Config() function.

3. Disable the Cortex M4 boot: BCM4 bit from option byte must be unchecked.

4. Add in SFU_LL_SECU_CheckFlashConfiguration() function the control of the BCM4 bit

state.

5. Add in the UserApplication project, the trigger of CM4 boot.

AN5056 Rev 8 19/49

AN5056 Porting X-CUBE-SBSFU onto another board

Figure 14. STM32H7 Series dual-core adaptation

Slots configuration may be adapted to manage two firmware images, one dedicated to CM7

and the other one dedicated to CM4. Refer to 3.2.4 Multiple image configuration for more

details.

SBSFU configuration AN5056

20/49 AN5056 Rev 8

4 SBSFU configuration

4.1 Features to be configured

X-CUBE-SBSFU supports:

•2 modes of operation: dual and single slot configurations

•3 cryptographic schemes using symmetric and asymmetric cryptographic operations

•2 cryptographic middleware:

– STMicroelectronics middleware: X-CUBE-CRYPTOLIB library integrated into the

1_Image and 2_Images variants.

– Third-party middleware: mbedTLS (Open-source code) cryptographic services.

Examples are provided for the 32L496GDISCOVERY, B-L475E-IOT01A,

32F413HDISCOVERY, 32F769IDISCOVERY, P-NUCLEO-WB55, and NUCLEO-

H753ZI Nucleo boards in the 2_Images_OSC variant.

•STSAFE-A110 secure element used to host X509 certificates and keys. An example is

provided for the B-L4S5I-IOT01A board in the 2_Images_STSAFE variant.

•KMS middleware. An example is provided for the B-L475E-IOT01A and B-L4S5I-

IOT01A boards in the 2_Images_KMS variant.

•External Flash memory with on-the-fly decryption (OTFDEC). An example is provided

for the STM32H7B3I-DK board in the 2_Images_ExtFlash variant using a specific

cryptographic scheme with AES-CTR firmware encryption.

•External Flash memory without on-the-fly decryption (OTFDEC). An example is

provided for the STM32H750B-DK board in the 2_Images_ExtFlash variant. Active

slot, as well as download slot, are mapped in an external Flash memory, thus firmware

confidentiality cannot be ensured.

•External Flash memory without on-the-fly decryption (OTFDEC). An example is

provided for the B-L475E-IOT01A board in the 2_Images_ExtFlash variant. A specific

installation process without swap is selected SFU_NO_SWAP to ensure confidentiality

by keeping the download slot always encrypted.

•External Flash memory without on-the-fly decryption (OTFDEC). An example is

provided for the STM32WB5MM-DK board in the 2_Images_ExtFlash variant.

Download slot, as well as backup slot, is mapped in an external Flash memory. A

specific installation process without swap is selected SFU_NO_SWAP to ensure

confidentiality by keeping both slots always encrypted. More details are provided in the

Appendix H of the user manual Getting started with the X-CUBE-SBSFU STM32Cube

Expansion Package (UM2262).

Other manuals for STM32Cube

Table of contents

Popular Computer Hardware manuals by other brands

Mircom

Mircom QX-5000 Series user guide

Toshiba

Toshiba TOSVERT VF-MB1 Function manual

HighPoint

HighPoint Rocket 1108A Quick installation guide

Altera

Altera Stratix IV GX manual

Electro-Voice

Electro-Voice Dx34A Brochure & specs

Texas Instruments

Texas Instruments TRIS TMS37122 reference guide

KEYBOARDPARTNER

KEYBOARDPARTNER HX3.5 WiFi Module manual

Thermalright

Thermalright TRUE Spirit 90 Direct manual

Bosch

Bosch AC-EXP installation instructions

3Com

3Com OfficeConnect 3CRWE154A72 Installation Steps

Hynix Semiconductor

Hynix Semiconductor GMS81508A user manual

Yampp

Yampp 3U Reference manual

Simonds

Simonds CLP-274 Owners & safety manual

Seagate

Seagate Nytro 5350S NVMe SSD product manual

Avalue Technology

Avalue Technology ECM-TGUC user manual

PS Audio

PS Audio MultiWave II Installation and operation instructions

ekwb

ekwb EK-Quantum Vector FE RTX 3070 user guide

Cypress

Cypress CY62167DV18 Specification sheet

ST STM32Cube Quick setup guide

Popular Computer Hardware manuals by other brands